Original article and comments: https://alestic.com/post ..read more

Amazon recently announced the AWS IAM Access Analyzer, a useful tool to help discover if you have granted unintended access to specific types of resources in your AWS account. At the moment, an Access Analyzer needs to be created in each region of each account where you want to run it. Since this manual requirement can be a lot of work, it is a common complaint from customers. Given that Amazon listens to customer feedback and since we currently have to specify a “type” of “ACCOUNT”, I expect at some point Amazon may make it easier to run Access Analyzer across all regions and maybe in all a ..read more

by generating a temporary IAM STS session with MFA then assuming cross-account IAM roles I recently had the need to run some AWS commands across all AWS accounts in my AWS Organization. This was a bit more difficult to accomplish cleanly than I had assumed it might be, so I present the steps here for me to find when I search the Internet for it in the future. You are also welcome to try out this approach, though if your account structure doesn’t match mine, it might require some tweaking. Assumptions And Background (Almost) all of my AWS accounts are in a single AWS Organization. This all ..read more

A guest post authored by Jennine Townsend, expert sysadmin and cloud intelligence analyst Most of these AWS workshops seem to be from – or updated for – AWS re:Invent 2019: DOP306 - Building a Serverless Application with the AWS Cloud Development Kit (AWS CDK) https://github.com/aws-samples/aws-modern-application-workshop/tree/python-cdk Service Catalog Tools https://service-catalog-tools-workshop.com/reinvent2019/ SEC404 - Building Secure APIs in the Cloud https://workshop.reinvent.awsdemo.me Slides: http://files.reinvent.awsdemo.me/building_secure_apis_in_the_cloud.pdf SVS203 - Wild ..read more

with no AWS Lambda function required A co-worker at Archer asked if there was a way to schedule messages published to an Amazon SNS topic. I know that scheduling messages to SQS queues is possible to some extent using the DelaySeconds message timer, which allows postponing visibility in the queue up to 15 minutes, but SNS does not currently have native support for delays. However, since AWS Step Functions has built-in integration with SNS, and since it also has a Wait state that can schedule or delay execution, we can implement a fairly simple Step Functions state machine that puts a delay ..read more