Concierge – AWS CloudFormation Compliance Check Tool (using CloudConformity API)


Here we Go - my first side project (Concierge) that is written in Go 😅 . It is a AWS CloudFormation compliance check tool which uses  CloudConformity API to evaluate the CloudFormation stack compliance status. The compiled binaries can run on Windows/Linux/MacOs, so it can be easily integrated into any CICD pipeline to improve the … Continue reading Concierge – AWS CloudFormation Compliance Check Tool (using CloudConformity API)

AWS Config service role is not authorized to perform: iam:CreateServiceLinkedRole for Global Accelerator


We recently noticed an interesting error in CloudTrail across multiple accounts: "errorMessage": "User: arn:aws:sts::123456789012:assumed-role/AwsConfigServiceRole/ConfigResourceCompositionSession is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::123456789012:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator because no identity-based policy allows the iam:CreateServiceLinkedRole action" According the above message, it looks like the AWS Config service role was trying to create the service linked role for Global Accelerator. The … Continue reading AWS Config service role is not authorized to perform: iam:CreateServiceLinkedRole for Global Accelerator

Updates to Exposed Access Keys check in Trusted Advisor


Since April 25, 2002, Trusted Advisor refreshes Exposed Access Keys (check ID: 12Fnkpl8Y5) check automatically. This check can't be refreshed manually from the Trusted Advisor console or the AWS Support API (you will get the response saying the check is not refreshable). If you created your AWS account after April 25, 2022, the check results … Continue reading Updates to Exposed Access Keys check in Trusted Advisor