Sometimes we want to give users the ability to create pretty much anything with CloudFormation but at the same time prevent them from doing the same through the console or aws-cli. Perhaps it's a company policy that everything must be managed using CloudFormation. Or on the other hand you may have Admin privileges but want [...]
You may argue that interactive login to EC2 instances should never be needed. Everything is dynamic, automated, self healing, centrally logged, and so on and there is no place for human interaction, right? But lets be honest - the world isn't perfect and we all sometimes need to jump into bash to do stuff for [...]
Easily deploy complex CloudFormation templates with external resources such as Lambdas or nested stacks.
If you are a CloudFormation user you have probably come across a situation where an ID of a resource created in one stack (e.g. Subnet ID from VPC-Stack) is needed in another, independent stack, for example to create an EC2 instance in EC2-Stack. The traditional approach is to pass Outputs from one template to Parameters [...]
In the previous post I explained how to Use Cross-account access through AWS Console. Today I'll show you how to do the same in the command line using aws-cli. We've got Access and Secret keys for the Login account and want to use aws-cli to create and manage resources in the Dev account above. [...]
Short post to demonstrate how to use AWS Cross-account access from AWS Console. To re-iterate this is what we what we have set up in our previous post: First step is to login to the aws-nz-login account as an non-privileged IAM user, e.g. as michael.ludvig in my case. In the top-right menu under [...]
In bigger organisations it is common to have one central AWS account with IAM User accounts and a whole lot of independent per-project or per-team accounts that are only through cross-account access from this central account. The benefits is obvious - company has a single place where they manage user accounts, credentials, passwords, permissions, etc. [...]
Current Linux distributions can seamlessly work as members of Active Directory domains which gives them access to the AD authentication system. However it requires the Linux hosts to "join" the AD domain, for which one has to posses some special AD privileges. In many cases this is not viable and we may only want a [...]
Let's Encrypt certbot-auto support for Amazon Linux is still marked as experimental and as such we occasionally encounter unexpected problems. The most recent one was introduced with certbot-auto 0.19.0. During install or upgrade from previous versions you may get an error like this: Upgrading certbot-auto 0.18.2 to 0.19.0... Replacing certbot-auto... Creating virtual environment... Installing Python [...]
If you are of around my age or younger you probably didn't have much exposure to tape backup technologies. Tapes are sooo 90's right?! I definitely didn't expect that as an AWS Consultant I will have to learn about tapes. But I did! One of our customers wanted to use AWS Storage Gateway (SGW) in [...]