8 messages
Discussion related to Amazon Web Services (AWS)
Archive: https://archive.sweetops.com/aws/
SA10 months ago(edited)
Question on Detaching and Re-enrolling Accounts in AWS Control Tower via Account Factory:
I’m working on updating AWS alias, root email, and account name and need some clarification regarding the detachment and re-enrollment of accounts in AWS Control Tower.
1. The accounts are provisioned via AWS Control Tower using Account Factory, where each account is specified in the .
2. Detaching from Control Tower for Updates:
To update account aliases, root email addresses, and account names, do I need to detach the account from Control Tower by removing the corresponding
I couldn't find much or it's a bit unclear for me from the AWS Docs. can someone shed some light on whether I am thinking the process correctly or not
Resource Block (to remove for detachment):
Parameter Block (to ensure re-enrollment):
TL;DR:
To update the alias, root email, and account name, do we need to detach the account from Control Tower by removing the
Any insight is much appreciated. TI
I’m working on updating AWS alias, root email, and account name and need some clarification regarding the detachment and re-enrollment of accounts in AWS Control Tower.
1. The accounts are provisioned via AWS Control Tower using Account Factory, where each account is specified in the .
yaml template. 2. Detaching from Control Tower for Updates:
To update account aliases, root email addresses, and account names, do I need to detach the account from Control Tower by removing the corresponding
AWS::ServiceCatalog::CloudFormationProvisionedProduct resource in the .yaml template? and Once the updates are done, should I re-enroll the account back into Control Tower by adding the account back to the template and redeploying?I couldn't find much or it's a bit unclear for me from the AWS Docs. can someone shed some light on whether I am thinking the process correctly or not
Resource Block (to remove for detachment):
yaml
AccountName:
Type: AWS::ServiceCatalog::CloudFormationProvisionedProduct
Properties:
ProductId: !Ref pProvisionedProductId
PathId: !Ref pPathId
ProvisioningArtifactId: !Ref pProvisioningArtifactId
ProvisionedProductName: !Ref pAccountName
ProvisioningParameters:
- Key: AccountEmail
Value: !Ref pAccountEmail
- Key: AccountName
Value: !Ref pAccountName
- Key: ManagedOrganizationalUnit
Value: !Sub "dev (${pDevOuId})"
- Key: SSOUserEmail
Value: aws-mgmt+usw2-controltower@.com
- Key: SSOUserFirstName
Value: AWS Control Tower
- Key: SSOUserLastName
Value: AdminParameter Block (to ensure re-enrollment):
yaml
pAccountName:
Type: String
Default: account-nameTL;DR:
To update the alias, root email, and account name, do we need to detach the account from Control Tower by removing the
AWS::ServiceCatalog::CloudFormationProvisionedProduct resource and its associated parameters in the YAML? Once the updates are complete, should we re-enroll the account by adding the resource and parameter blocks back to the YAML and redeploying?Any insight is much appreciated. TI
Michael10 months ago
AWS news: Lambda billing will now charge for cold starts
https://aws.amazon.com/blogs/compute/aws-lambda-standardizes-billing-for-init-phase/
https://aws.amazon.com/blogs/compute/aws-lambda-standardizes-billing-for-init-phase/
jaysun9 months ago
I’ve been thinking about switching to elasticache serverless for redis (we’re currently using non-clustered with replication group) and noticing that you can’t create a user / pass with the terraform resource… how are people adding that additional layer without using replication group nodes?
is it just not needed as a general rule? (rely on security groups + TLS)
is it just not needed as a general rule? (rely on security groups + TLS)
Aarushi9 months ago(edited)
Hey folks— quick pulse check: is anyone else seeing AWS costs creep up again this year?
We’ve been digging into 400+ AWS environments and spotting some recurring patterns — things even seasoned teams miss.
We’re putting together a free tactical webinar:
2025 Cloud Fitness: 5 Pro-tips for Healthier AWS Infrastructure
No fluff — just 5 expert-backed fixes to cut waste and boost performance this year.
• Focused on actionable steps
• Backed by real-world infra data
• 30 minutes + live Q&A
Grab your seat here: https://www.cloudkeeper.com/cloud-fitness-healthier-aws-infrastructure-webinar-2025?utm_source=Slack&utm_medium=slack_webinar&utm_campaign=cfc
We’ve been digging into 400+ AWS environments and spotting some recurring patterns — things even seasoned teams miss.
We’re putting together a free tactical webinar:
2025 Cloud Fitness: 5 Pro-tips for Healthier AWS Infrastructure
No fluff — just 5 expert-backed fixes to cut waste and boost performance this year.
• Focused on actionable steps
• Backed by real-world infra data
• 30 minutes + live Q&A
Grab your seat here: https://www.cloudkeeper.com/cloud-fitness-healthier-aws-infrastructure-webinar-2025?utm_source=Slack&utm_medium=slack_webinar&utm_campaign=cfc
joey9 months ago
does anyone have strong opinions on EKS network flow monitoring (e.g. cross-AZ) for people that aren't using a CNI that provides things like Hubble? i've found AWS Network Flow Monitoring to be... not good, kubecost to be inaccurate (and not good), most open source solutions to not work, VPC flow logs to be painful, and the class of Datadog, Splunk, etc. to be expensive.
Mubarak J9 months ago
It looks like Terraform will add enhanced region support as part of the AWS provider v6. I'm curious how this will work in root and child modules.
akhan4u9 months ago
Hi Team, I've a question around integration of AWS LakeFormation & IAM Identity Center. I'd like to grant external-users (AD Users/SAML users) access to AWS Lakeformation resources i.e S3, Redshift, etc and classify access using Tags. (aka. More fine grained permissions). I'd be great if someone can provide me general guidance, or something like a rough flowchart for this use-case.
PePe Amengual9 months ago(edited)
Who uses shared vpcs? do they work now? how is your experience?