Here's a list of possible issues and solutions when setting up your landing zone in AWS Control Tower. Your AWS environment is not ready for AWS Control Tower to be set up. AWS Control Tower detected issues with your AWS account environment that prevent successful setup. You must unsubscribe your organization from AWS Config so... Continue Reading →
Elastic Container Registry ECR – AWS CLI commands
Let's get started with the Amazon Elastic Container Registry or ECR - AWS CLI commands. The AWS CLI is an easy and quick method to verify something or learn about the various API's available for an AWS Service. This post covers Amazon's Elastic Container Registry (ECR) way of tagging an container image, creating a private... Continue Reading →
Amazon EKS IAM roles and policies with Terraform
Before you use or approve Amazon EKS in production you must have a security checklist. Everyone's list is different but everyone's listing must-have items to ensure authentication and authorization are at a minimum; in other words least privilege. Let's explore Amazon EKS IAM roles and policies written in Terraform! What are some suggestions to improve... Continue Reading →
Terraform AWS Multi-Account Setup
Terraform is an elite open-source software that helps solve a lot of cloud automations. It's very scalable and easy to use. But Terraform's flexibility has caused debates on how to setup a perfect code directory. A code directory should be setup in a way where it's easy to read, quickly deploy to various environments and... Continue Reading →
Terraform AWS KMS Multi-Region Keys
Terraform just (November 2021) released the resource to create replica KMS keys! As the name says, a Multi-Region Key is a single key that's available in two different AWS regions. There are few use cases, such as reducing cost of keys. Even a better case is the ability to share encrypted objects like AMI's with... Continue Reading →
Export AWS Security Groups & rules to CSV
As of this month, October 2021, there's a super easy way to export AWS security groups & rules to CSV! Yes, finally, go ahead jump up and down! Let's settle down now, but seriously we have been waiting for a way to export one or more security groups to CSV and export just the AWS... Continue Reading →
Get started with EC2 Image Builder in Terraform
I can safely assume a lot of engineer's know of HashCorp's Packer utility already. Packer is simply an automated virtual machine image template maker, it can create images for all the major cloud providers. It can build Amazon Machine Images (AMI) in AWS or Azure's Virtual Machine Image. Not too long ago, AWS released their... Continue Reading →
AWS Three-Tier VPC with ALB in Terraform
This AWS Three-Tier VPC with ALB in Terraform is the second part of AWS Three-Tier VPC network with Terraform. In the first post I had created many of the VPC components; such as the VPC, app subnets, web subnets, data subnets, route tables for each subnet, internet and NAT gateways, NACLs for each subnet, and... Continue Reading →
AWS Three-Tier VPC network with Terraform
A three-tier network is an enterprise architecture to deliver the best performance and security to the end-users. Each component of the design is separated into tiers. Reminder, a typical three-tier network consists of a website then the application then the database from an end-user perspective. Not every website automatically works like that. The developers and... Continue Reading →
AWS Service Control Policies with Terraform
AWS Organizations A cloud service designed to centralize & manage AWS accounts and to roll up billing from multiple AWS accounts into a single account. May be referred to as the "master" account because it can manage permissions of all its accounts that are "attached" to it. "Billing" is another name for this account because... Continue Reading →