Alestic.com | A Personal AWS Blog by Eric Hammond
1,550 FOLLOWERS
Alestic.com is a technical blog published by Eric Hammond. It covers personal experience and thoughts about Amazon AWS.
Alestic.com | A Personal AWS Blog by Eric Hammond
1y ago
Original article and comments: https://alestic.com/post ..read more
Alestic.com | A Personal AWS Blog by Eric Hammond
4y ago
Amazon recently announced the AWS IAM Access Analyzer,
a useful tool to help discover if you have granted unintended access
to specific types of resources in your AWS account.
At the moment, an Access Analyzer needs to be created in each region
of each account where you want to run it.
Since this manual requirement can be a lot of work, it is a common
complaint from customers. Given that Amazon listens to customer
feedback and since we currently have to specify a “type” of “ACCOUNT”,
I expect at some point Amazon may make it easier to run Access
Analyzer across all regions and maybe in all a ..read more
Alestic.com | A Personal AWS Blog by Eric Hammond
4y ago
by generating a temporary IAM STS session with MFA then assuming
cross-account IAM roles
I recently had the need to run some AWS commands across all AWS
accounts in my AWS Organization. This was a bit more difficult to
accomplish cleanly than I had assumed it might be, so I present the
steps here for me to find when I search the Internet for it in the
future.
You are also welcome to try out this approach, though if your account
structure doesn’t match mine, it might require some tweaking.
Assumptions And Background
(Almost) all of my AWS accounts are in a single AWS Organization. This
all ..read more
Alestic.com | A Personal AWS Blog by Eric Hammond
4y ago
A guest post authored by Jennine Townsend, expert sysadmin
and cloud intelligence analyst
Most of these AWS workshops seem to be from – or updated for – AWS re:Invent 2019:
DOP306 - Building a Serverless Application with the AWS Cloud Development Kit (AWS CDK) https://github.com/aws-samples/aws-modern-application-workshop/tree/python-cdk
Service Catalog Tools https://service-catalog-tools-workshop.com/reinvent2019/
SEC404 - Building Secure APIs in the Cloud https://workshop.reinvent.awsdemo.me
Slides:
http://files.reinvent.awsdemo.me/building_secure_apis_in_the_cloud.pdf
SVS203 - Wild ..read more
Alestic.com | A Personal AWS Blog by Eric Hammond
5y ago
with no AWS Lambda function required
A co-worker at Archer asked if there was a way to schedule messages
published to an Amazon SNS topic.
I know that scheduling messages to SQS queues is possible to some
extent using the DelaySeconds message timer, which
allows postponing visibility in the queue up to 15 minutes, but SNS
does not currently have native support for delays.
However, since AWS Step Functions has built-in integration with SNS,
and since it also has a Wait state that can schedule or delay
execution, we can implement a fairly simple Step Functions state
machine that puts a delay ..read more