Automate VPN connection and its TGW attachment


If you use the CloudFormation resource AWS::EC2::VPNConnection to create the VPN connection and attach it to the Transit Gateway (TGW), you may notice that it does not return the TGW attachment ID. So it is a bit annoying if you would like to tag the attachment and associate the attachment to a non-default TGW route table. … Continue reading Automate VPN connection and its TGW attachment

Advertisement

Concierge – AWS CloudFormation Compliance Check Tool (using CloudConformity API)


Here we Go - my first side project (Concierge) that is written in Go 😅 . It is a AWS CloudFormation compliance check tool which uses  CloudConformity API to evaluate the CloudFormation stack compliance status. The compiled binaries can run on Windows/Linux/MacOs, so it can be easily integrated into any CICD pipeline to improve the … Continue reading Concierge – AWS CloudFormation Compliance Check Tool (using CloudConformity API)

AWS Config service role is not authorized to perform: iam:CreateServiceLinkedRole for Global Accelerator


We recently noticed an interesting error in CloudTrail across multiple accounts: "errorMessage": "User: arn:aws:sts::123456789012:assumed-role/AwsConfigServiceRole/ConfigResourceCompositionSession is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::123456789012:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator because no identity-based policy allows the iam:CreateServiceLinkedRole action" According the above message, it looks like the AWS Config service role was trying to create the service linked role for Global Accelerator. The … Continue reading AWS Config service role is not authorized to perform: iam:CreateServiceLinkedRole for Global Accelerator