AWS IAM Roles Anywhere

A couple years back I wrote a post to share how to create AWS instance profile for on-premise servers. That was to use SSM agent and Lambda function to manage the IAM credentials for the on-premise servers. Starting early this month, the AWS native solution for such use cases are available - AWS IAM Role … Continue reading AWS IAM Roles Anywhere →

Diagram as Code Example

I came cross a nice Diagram as Code tool, it allows me to draw Cloud system architecture in Python code. To use it, you need to install Graphviz and diagrams python module. brew install graphviz pip install diagrams Here is a sample code of using the tool to create the diagram of AWS transit gateway … Continue reading Diagram as Code Example →

Concierge – AWS CloudFormation Compliance Check Tool (using CloudConformity API)

Here we Go - my first side project (Concierge) that is written in Go 😅 . It is a AWS CloudFormation compliance check tool which uses CloudConformity API to evaluate the CloudFormation stack compliance status. The compiled binaries can run on Windows/Linux/MacOs, so it can be easily integrated into any CICD pipeline to improve the … Continue reading Concierge – AWS CloudFormation Compliance Check Tool (using CloudConformity API) →

AWS Config service role is not authorized to perform: iam:CreateServiceLinkedRole for Global Accelerator

We recently noticed an interesting error in CloudTrail across multiple accounts: "errorMessage": "User: arn:aws:sts::123456789012:assumed-role/AwsConfigServiceRole/ConfigResourceCompositionSession is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::123456789012:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator because no identity-based policy allows the iam:CreateServiceLinkedRole action" According the above message, it looks like the AWS Config service role was trying to create the service linked role for Global Accelerator. The … Continue reading AWS Config service role is not authorized to perform: iam:CreateServiceLinkedRole for Global Accelerator →

Why QuickSight increases CloudTrail cost so much?

Does QuickSight increase CloudTrail cost? In short, it does. But it could be either minor or major. It really depends on your use case. As mentioned in another post AWS Cost Anomaly Detection, we noticed a dramatic CloudTrail cost in one of our AWS accounts. After some diggings, it turns out it was caused by … Continue reading Why QuickSight increases CloudTrail cost so much? →

	Serverless Ingress S… on Two Examples of using AWS Netw…
	Automate VPN failove… on Automate VPN connection and it…
	AWS IAM Roles Anywhe… on Setup AWS “Instance Prof…
	AWS Cost Anomaly Det… on Why QuickSight increases Cloud…
	Why QuickSight incre… on AWS Cost Anomaly Detectio…
	Eric Kimminau on PowerShell: Using Credential F…
	tsm login example -… on TSM 6.3: Create Schedule
	Vladislav on User Directory Setting Trick i…
	Vladislav on User Directory Setting Trick i…
	Cavit on AWS DataSync vs S3 Sync