In AWS you have the ability to utilize Microsoft AD. You have three different options to choose from when it comes to this integration. They are AWS managed Microsoft AD, AD connector, and simple AD. First off with AWS managed Microsoft AD you are able to create your own AD compatible directory in AWS and…
Posts/Projects
Post #195 (AWS) – IAM Identity Center
The IAM Identity Center is the replacement for the older AWS SSO. It allows you to sign in with one AWS account and utilize SSO, single sign on, to be able to access multiple IAM accounts with your one login. It also gives you the ability to utilize single sign on with not just your…
Post #194 (AWS) – Permission Boundaries via IAM
You have the ability to set a “permission boundary” this is essentially an additional IAM policy that defines the maximum permission an IAM user or role can get, while your identity-based policy defines what the user can actually do. For example if you have an IAM permission boundary that states the user can access all…
Post #193 (AWS) – IAM roles and Resource Based Policies
Let’s say for example you want to allow a user in an alternate account to access an S3 bucket in this account. How would you go about providing this access? Well you have two options. Firstly, you can create an IAM role on this alternative account this act as a sort of proxy. The permissions…
Post #192 (AWS) – Advanced IAM policies
You can get very granular with your IAM conditions, they can range from the IP of your source, Whether MFA is enabled, the region the request is made in, etc. For example, you can only allow users to access EC2 if MFA is enabled and they are in US-EAST1. You have a lot to work…
Post #191 (AWS) – Organizations
Organizations allow you to manage multiple AWS accounts, with one manager account, and several member accounts. Each member account can only exist within one organizations. The benefit of using an organization is you have the ability to get discounts on resources shared by the account like EC2 or S3. You are also able to utilize…
Post #190 (AWS) – AWS Config
AWS Config allows for you to record and audit the compliance of your AWS resources and save the configurations so you can roll back if needed in the future. This is configured per-region as well and there is no free-tier so be aware of the cost. The configuration data can be stored in S3 for…
Post #189 (AWS) – CloudTrail
CloudTrail is great for auditing and governance purposes. It is a set of logs that show a history of API calls and events within AWS. For example if someone deletes an S3 bucket object, that will be in CloudTrail logs. These logs can be uploaded to S3 or CloudWatch Logs for further analysis as well….
Post #188 (AWS) – CloudWatch Insights and Operational Visibility
CloudWatch Container Insights allow for CloudWatch to aggregate CloudWatch metrics and logs by using a containerized version of the CloudWatch Agent to send data from these containers to provide a dashboard that is a very detailed representation of the collected CloudWatch metrics and logs. CloudWatch can provide Lambda Insights as well, a detailed dashboard of…
Post #187 (AWS) – EventBridge
EventBridge is a highly powerful AWS service that allows you to do things such as run scheduled lambda scripts, known as cron jobs, and implement Event Patterns, these are events that are triggered when a certain action happens, such as creating an SNS notification when an object is uploaded to an S3 bucket. You can…