#aws - April 2023 | Slack Archive

aws

21 messages

Discussion related to Amazon Web Services (AWS)
Archive: https://archive.sweetops.com/aws/

Mar 2023

April 2023

May 2023

Kirupa Karanalmost 3 years ago

Any nginx experts here ??

michael sewalmost 3 years ago

re: Customer managed KMS Keys -- i know they cost $1/key/month. If i rotate a key every year or ## of months, am i charged $1/month for every prior version? assuming yearly rotation:
• year 1 = 1 key = $12
• year 2 = 2 keys = $24
• year 3 = 3 keys = $36
• year 4 = 4 keys = $48
• etc. ?

Philalmost 3 years ago

Hi everyone! I’m using parameter store for storing secret, but I found that adding each secret to the policy for each role is quite tiring, so I wonder how does everyone setup their ACL? Do you recommend using ABAC https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html?

venkataalmost 3 years ago

TIL about document history in the AWS Docs.

Examples below. Hope it helps!

https://docs.aws.amazon.com/AmazonS3/latest/userguide/WhatsNew.html
https://docs.aws.amazon.com/eks/latest/userguide/doc-history.html

Kirupa Karanalmost 3 years ago

Hi all,
We are facing some authentication issue while login the linux server, we are using AD credentials to login, I'm able to login other server without any issues but i having only issue with one server, while checking the logs i could see the account is expired, since the server integrated with AD , I'm not able to modify the user password and all. If i change the password in the server , does it change entire AD password?? Or can anyone give some suggestions about activating the expired account !!

Dhamodharanalmost 3 years ago

Hello,
Instances are not communicating with elasticbeanstalk, i have the same setup which is working good for other application, for new deployment its not.. getting the below error. expecting help on this.

The EC2 instances failed to communicate with AWS Elastic Beanstalk, either because of configuration problems with the VPC or a failed EC2 instance. Check your VPC configuration and try launching the environment again.

but i verified the network configurations are good, as the same is working for another deployment. there is no change in that..

Alencar Junioralmost 3 years ago

Hi folks, dealing with some permission issues with AWS Organizations. I wonder if someone could share some insights.
My current organizational structure:
root (r-123) / sandbox_ou (ou_123abc) / developer_ou (ou_321abc) / dev_aws_account
I'm getting permission errors when I try to create OUs or accounts within the developer_ou from the dev_aws_account. In terms of policies, I only have "FullAWSAccess" in "Service control policies" which is attached to Root.
Any input would be appreciated. Thanks!

Omer Senalmost 3 years ago

Hi is there a way to see raw Prometheus metrics on AWS managed Prometheus?

Omer Senalmost 3 years ago

i want to access AMP's dashboard but i can't

Omer Senalmost 3 years ago

but i want to have access to Raw metrics

Omer Senalmost 3 years ago

I am not sure about AWS Managed Grafana

Paulaalmost 3 years ago(edited)

Hi! im trying to create somre rds with this module cloudposse/rds/aws from a snapshot, this snapshot was replicated from another region. The problem is the original snapshot contains backup_retention_period = 1 (for replicate the snapshot in the terraform-test region). I dont need backups in the terraform-test region (expensive) If i try to put backup_retention_period to 0 terraform tries to set the retention period to 1 again, i want to ignore changes in backup_retention_period... so i tryied to modify the module and making a PR but "dynamic lifecycle ignore_chances" is not way posible, any ideas to work around this?

Curtisalmost 3 years ago(edited)

Hello! I’d love to get feedback from the channel on our open source launch. We're launching IAMbic (IAM, but in code), it's a multi-cloud control plane that simplifies IAM management in a GitOps workflow. It’s like Terraform for Cloud IAM, but designed to be way easier and support cool features like delegated temporary access/permissions, dynamic AWS permissions for a multi-account AWS role depending on the account, and other features. Right now we're supporting AWS IAM, Identity Center, Okta, Azure AD, and Google Workspace. Here's the GitHub. Would you use it?

jonjitsualmost 3 years ago

Anyone have any opinions they care to share about AWS' Black Belt program?

deniz gökçinalmost 3 years ago

Hi all!

I’m currently working on integrating Amazon Cognito with my application and I’m attempting to send custom emails after specific user events occur. However, I have run into an issue while trying to trigger the CustomEmailSender function after using the adminCreateUser API call in the pre-signup lambda. The lambda never executes and I am trying to figure out why. Note that the same lambda is executed and the confirmation code is sent successfully if I fire an forgot password event with the following aws-cli command: aws cognito-idp forgot-password --client-id myClientId --username <mailto:example@gmail.com|example@gmail.com>

This is the block I use in the pre signup lambda to create a user:

    const cognitoIdp = new CognitoIdentityServiceProvider();
    return cognitoIdp.adminCreateUser(params).promise();

Sharing my CustomEmailSender lambda code below:

const base64 = require('base64-js');
const sendgrid = require('@sendgrid/mail');
const encryptionSDK = require('@aws-crypto/client-node');
const { getSecretValue, getParameterValue } = require('./helpers');

const { decrypt } = encryptionSDK.buildClient(
  encryptionSDK.CommitmentPolicy.REQUIRE_ENCRYPT_ALLOW_DECRYPT
);

const generatorKeyId = process.env.KEY_ALIAS;
const keyIds = [process.env.KEY_ARN];
const keyring = new encryptionSDK.KmsKeyringNode({ generatorKeyId, keyIds });


const sendEmail = async (to, code, SendGridAPIKey, locale) => {
  // Other locales should come here.
  let parameterStorePath;
  if (locale === 'he') {
    parameterStorePath = process.env.SENDGRID_FORGOT_PASSWORD_HE_TEMPLATE_ID_PARAMETER_PATH;
  } else {
    parameterStorePath = process.env.SENDGRID_FORGOT_PASSWORD_EN_TEMPLATE_ID_PARAMETER_PATH;
  }

  const templateName = encodeURIComponent(parameterStorePath);
  const templateId = await getParameterValue(templateName);

  const email = {
    to: to,
    from: '<mailto:info@bringist.com|info@bringist.com>',
    templateId: templateId,
    dynamicTemplateData: {
      password_reset_link: code,
    },
    subject: 'Cognito Identity Provider registration completed',
  };
  try {
    sendgrid.setApiKey(SendGridAPIKey);
    await sendgrid.send(email);
    console.log(`Email sent to ${to}`);
  } catch (err) {
    console.error(`Error sending email to ${to}: ${err}`);
    throw err;
  }
};


exports.lambdaHandler = async (event) => {
  <http://console.info|console.info>(`userPoolId: ${event.userPoolId}`)
  <http://console.info|console.info>(`triggerSource: ${event.triggerSource}`)
  <http://console.info|console.info>(`event: ${JSON.stringify(event)}`)
  <http://console.info|console.info>(`request: ${JSON.stringify(event.request)}`)

  if (event.triggerSource === 'CustomEmailSender_ForgotPassword') {
      await handleForgotPassword(event.request)
  } else {
      console.error(`Unsupported triggerSource: ${event.triggerSource}`)
  }

  return event;
};

  const handleForgotPassword = async (request) => {
    const sendGridSecretName = process.env.SENDGRID_API_KEY_SECRET_NAME
    const sendGridApiKey = await getSecretValue(sendGridSecretName);

    // decrypt confirmation code
    let confirmationCode
    if (request.code) {
        const { plaintext } = await decrypt(
            keyring,
            base64.toByteArray(request.code)
        )
        confirmationCode = plaintext
    }
    if (!confirmationCode) {
        console.error('failed to decrypt confirmation code')
        return
    }

    // send email by SendGrid
    await sendEmail(
        request.userAttributes.email,
        Buffer.from(confirmationCode).toString('utf-8'),
        sendGridApiKey,
        request.userAttributes.locale
    )
}

Isaacalmost 3 years ago

anyone use twingate to grant access to AWS resources?

Kirupa Karanalmost 3 years ago

Hi all, is there any lampda available for deleting the old snapshots in our repo??

Balazs Vargaalmost 3 years ago

hello all, for aws site to site vpn do I still need static IP or can I set it with dynamic ?

Balazs Vargaalmost 3 years ago

we had 8 mins outage on rds aurora serverless v1. I see only this in log:

Your Aurora Serverless DB cluster has automatically recovered.

any advice to prevent this in future?

Diego Maiaalmost 3 years ago

Hey friends, I wanted to share a quick tip for anyone looking to extract permissions after an AWS installation. I created a Python script and wrote an article on Medium that explains how to easily find the permissions using CloudTrail. If you’re in need of something like this, here’s the link.
https://medium.com/@diego_maia/discovering-used-permissions-creating-dynamic-aws-iam-policies-with-python-27e089097b81

Balazs Vargaalmost 3 years ago

in organization suspended an account. when it will vanish from the list ? How can I delete it totally ?

March 2023 Browse by date May 2023