Category: Cloud

Avoid Elastic Beanstalk to create security group for ELB


Just found out that there is a Elastic Beanstalk option named 'ManagedSecurityGroup' to allow you to use an exisiting security group for the ELB. Note the security group must be in the aws:elb:loadbalancer SecurityGroups list. Here is a sample: { "Namespace": "aws:elb:loadbalancer", "OptionName": "SecurityGroups", "Value": "sg-1111111,sg-222222" }, } "Namespace": "aws:elb:loadbalancer", "OptionName": "ManagedSecurityGroup", "Value": "sg-1111111" } … Continue reading Avoid Elastic Beanstalk to create security group for ELB

Deselect ‘Custom Availability Zones’ in Elastic Beanstalk


It is frustrated that Elastic Beanstalk console does not allow you deselect the custom availability zone once you selected and applied . I guess AWS just missed that function in the javascript. Here is a example. There is no way for me to deselect ap-southeast-2a in the custom availability zone in the Elastic Beanstalk console. The … Continue reading Deselect ‘Custom Availability Zones’ in Elastic Beanstalk

keyWatcher scan exposed AWS key


AWS Trusted Advisor recently added a new check 'Exposed Access Key' in Security category. This to checks popular code repositories for access keys that have been exposed to the public and for irregular Amazon Elastic Compute Cloud (Amazon EC2) usage that could be the result of a compromised access key. By default Trusted Advisor run … Continue reading keyWatcher scan exposed AWS key

‘aws support describe-trusted-advisor-checks’ is us-east-1 only?


Just found this out -  you have to hard code '--region us-east-1` when run aws support trusted advisor relevant commands. I guess this is caused by the same reason that I explained in my previous blog IAM dependency. Here is my conclusion: whenever AWS says the service is global which does not require a region … Continue reading ‘aws support describe-trusted-advisor-checks’ is us-east-1 only?