Posts

Automate Permission Boundary Attachment to IAM roles and Users

Image
When we are managing multiple AWS Accounts in an Organization and each accounts will have their own requirement but as a centralized admin, we should be having a certain governance and compliance framework. IAM is a widely used AWS service and IAM roles/users are common used entity in AWS. As a centralized Admin, when we provide access to create IAM roles, cloud consumers in the landing zone accounts would create Users and Roles and attach Administrative policy and bypass the governance framework. In this blog, I will be briefing on restricting this scenario using IAM permission boundary and also deploying this setup through automation. AWS supports permissions boundaries for IAM entities (users or roles). A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows

Create Docker Environment locally and deploy a sample web application

Image
Docker is a platform for developers and sysadmins to develop, deploy, and run applications with containers. You can refer Docker official website for more understanding about the docker. In this blog, I will walkthrough on how to setup a Docker Environment locally in your laptop, server or desktop. Installing Docker Desktop Previously, when we were working on a Windows or Mac Environment, setting up docker was a difficult task but Docker Desktop is designed to let you build, share and run containers as easily on Mac and Windows as you do on Linux. Docker handles the tedious and complex setup so you can focus on writing code. Pre-requisites for Docker Desktop Configure WSL 2 ( Recommended for Windows 10, 11 - All Editions) Hyper-V backend ( Recommended for Windows 10, 11 - Professional, Enterprise, Education Editions) We will use WSL 2 since i

AWS Route 53 Inbound Resolver to resolve DNS for Multi Account Organization

Image
Amazon Route53 Resolver The route 53 resolvers are contactable IP addresses (endpoints) where the DNS queries from different sources can be directed. There are two types of resolvers that administrators can deploy. Inbound Resolver As the name says inbound (DNS Resolutions coming in) which will enable your resources in the on-prem network to resolve AWS resource domain names or records in a Route 53 private hosted zone by allowing your on-prem network DNS resolvers to forward queries to Route 53 Resolver. Outbound Resolver As the name says Outbound (DNS Resolutions going out) which will enable your AWS resources to resolve the domain names of your on-prem network resources using resolver rules, which would forward selected queries to the on-prem network DNS resolvers On-prem to AWS DNS Resolution for

Install SSM Agent in Amazon EC2 Instance

Image
What is SSM Agent AWS Systems Manager Agent is a Amazon software which can be installed on Amazon EC2 Instances. If SSM Agent is Installed in the servers then it will be easy to manage the EC2 Instances through AWS Systems manager.  By default SSM agent is pre installed for below Amazon Machine Images Amazon Linux Amazon Linux 2 Amazon Linux 2 ECS-Optimized Base AMIs macOS 10.14.x (Mojave), 10.15.x (Catalina), and 11.x (Big Sur) SUSE Linux Enterprise Server (SLES) 12 and 15 Ubuntu Server 16.04, 18.04, and 20.04 Windows Server 2008-2012 R2 AMIs published in November 2016 or later Windows Server 2016 and 2019 In this blog, I will walk you through on the ways to Install SSM Agent in the Instances which will not get SSM Agent by default. Steps to Install S

Import Existing Resources using Terraform

Image
In this blog, I will walk you through the ways to import pre-existing cloud resources in terraform. Why Import is required? There will be a scenario, where you will have a stringent timeline to setup a cloud Infrastructure and it can lead to situations where infrastructure needs to be created manually due to time pressures, emergency releases or just the fact that the infrastructure exists, and terraform was never used in the first instance. In a worst case scenario, you can lose the terraform.tfstate file. Terraform import will be essential in most of all these scenarios. Let's Import With an understanding of why Import is required, let us begin by importing a simple AWS resource S3. Firstly, we need to setup the Terraform and AWS credentials locally, we will not go into the details of installing and setting AWS credentials in

Deploy AWS infrastructure using Terraform and GitHub Actions

Image
Terraform being an Infrastructure as a Code helps us to manage a lot of infrastructure for several platforms in a consistent manner.  In this blog, I will walkthrough on deploying a terraform code using  Github actions Terraform code to create S3 bucket In this blog, I will walkthrough each blocks in terraform to create an S3 bucket in AWS in automated workflow using GitHub Actions. Lets look into the Terraform files. To understand easily, I have created separate tf files for each purpose, but you can still use all in one tf file as per your convenient. You can use any name with tf extension, for better understanding I used following names. versions.tf