Best Practice

/Best Practice
­

CloudFormation Exports

If you are a CloudFormation user you have probably come across a situation where an ID of a resource created in one stack (e.g. Subnet ID from VPC-Stack) is needed in another, independent stack, for example to create an EC2 instance in EC2-Stack. The traditional approach is to pass Outputs from one template to Parameters [...]

By |September 17th, 2018|Best Practice|0 Comments

Cross-account access with aws-cli

In the previous post I explained how to Use Cross-account access through AWS Console. Today I'll show you how to do the same in the command line using aws-cli. We've got Access and Secret keys for the Login account and want to use aws-cli to create and manage resources in the Dev account above. [...]

By |January 10th, 2018|Best Practice|0 Comments

Using Cross-account access (AWS Console)

Short post to demonstrate how to use AWS Cross-account access from AWS Console. To re-iterate this is what we what we have set up in our previous post: First step is to login to the aws-nz-login account as an non-privileged IAM user, e.g. as michael.ludvig in my case. In the top-right menu under [...]

By |December 10th, 2017|Best Practice|0 Comments

Cross-account access

In bigger organisations it is common to have one central AWS account with IAM User accounts and a whole lot of independent per-project or per-team accounts that are only through cross-account access from this central account. The benefits is obvious - company has a single place where they manage user accounts, credentials, passwords, permissions, etc. [...]

By |December 6th, 2017|Best Practice|1 Comment

Linux user authentication with SSSD / LDAP

Current Linux distributions can seamlessly work as members of Active Directory domains which gives them access to the AD authentication system. However it requires the Linux hosts to "join" the AD domain, for which one has to posses some special AD privileges. In many cases this is not viable and we may only want a [...]

By |October 17th, 2017|Best Practice|2 Comments

Let’s Encrypt certbot-auto problems on Amazon Linux

Let's Encrypt certbot-auto support for Amazon Linux is still marked as experimental and as such we occasionally encounter unexpected problems. The most recent one was introduced with certbot-auto 0.19.0. During install or upgrade from previous versions you may get an error like this: Upgrading certbot-auto 0.18.2 to 0.19.0... Replacing certbot-auto... Creating virtual environment... Installing Python [...]

By |October 8th, 2017|Best Practice|1 Comment

Using AWS Storage Gateway Virtual Tape Library in Linux

If you are of around my age or younger you probably didn't have much exposure to tape backup technologies. Tapes are sooo 90's right?! I definitely didn't expect that as an AWS Consultant I will have to learn about tapes. But I did! One of our customers wanted to use AWS Storage Gateway (SGW) in [...]

By |September 20th, 2017|Best Practice|0 Comments

Joining a Linux EC2 instance to Active Directory realm

This post is not too AWS-specific, in fact the steps below should work not only on Amazon Linux but also on RedHat Linux, CentOS and Oracle Linux and posibly on Debian and Ubuntu based distros as well. There is a number of prerequisities for a successful completion of this task. At least the following records should be [...]

By |June 6th, 2017|Best Practice|0 Comments

S3 Pre-signed URL example

S3 Pre-signed URLs can be used to provide a temporary 3rd party access to private objects in S3 buckets. For example non-public files on a file sharing site can only be made available to the approved users with one-off URLs that expire after 10 minutes. Here we offer a simple demo for testing the concept. The demo consists of [...]

By |January 25th, 2017|Best Practice|4 Comments

Re-using EC2 Key Pair in multiple regions

One of the parameters required for launching an EC2 instance is a Key Pair which is effectively an SSH Key used for interactive logging into the default user account - on Amazon Linux it's the ec-user account - or for decrypting the Windows Administrator's password. It is easy to create a new Key Pair / [...]

By |July 4th, 2016|Best Practice|1 Comment