#aws (2018-10)
Discussion related to Amazon Web Services (AWS)
Discussion related to Amazon Web Services (AWS)
Archive: https://archive.sweetops.com/aws/
2018-10-01
@jarv has joined the channel
2018-10-02
@mallen has joined the channel
2018-10-03
@Steven has joined the channel
I forgot to check back on empire when we started all our ECS stuff
looks like no new release in over a year
is the project dead?
@ankur has joined the channel
2018-10-04
@Erik Osterman (Cloud Posse) Interesting! I’d never heard of that project and have some colleagues I could coax into using AWS directly with something like that. (Commits as young as 21 hours)
in that issue he references: https://github.com/cloudtools/stacker
looks interesting
@Andriy Knysh (Cloud Posse) this is sweet
this + atlantis
really wanted to get atlantis up and running, really like it just because the idea is simple and (seems?) flexible
yea - same
i’ll be kicking the tires
I want this
hope he opens PR into offical repo
hm, yeah that would be useful
2018-10-07
2018-10-09
@Gaurav has joined the channel
2018-10-10
@sarkis has joined the channel
2018-10-11
The document from late 2015 lists the addresses and some operational details of over one hundred data centers spread across fifteen cities in nine countries. To accompany this document, WikiLeaks also created a map showing where Amazon’s data centers are located.
2018-10-16
Was looking over the org/sso docs again just now and seems to be more module then I had thought before.
Was avoiding going that route originally because of the dependency on ad, but thinking that may have been designed to be made optional later
Recent feature is pretty interesting as well, that and cloud directory get the feeling they are going to try and run AWS on it..
yeah pretty sure that’s going to happen, really excited to see some of this come together in the wild though
still a lot that i’m a bit unsure on, like trying to understand how it will end up working out. mainly things around org/sso/service links
and scp’s.. with the open ended api’s for that and trusted services guessing they have a lot more planned
Not sure if anyone has looked into this much but with that being developed out I keep on not being able to help but think how someone might want to tie together account provisioning. Digging through gsuite stuff lately would interested in messing around with integrating it with some stuff there, something like accounts mapping to google groups.
Ideally i’d want to navigate to some ui and be able to know what’s going on who work’s on it, what tools people use, etc.. the whole google suite seems pretty ideal for throwing together something like that without too much overhead
just simple things like email and phone for service password reset’s in the same UI, i think could make a big difference
I really want AWS SSO, but haven’t had the client engagement yet to justify the investment
@rohit.verma loves the GSuite SSO and has been using it with all their AWS stuff
2018-10-17
@jarv for us we are completely relying on gsuite for this. The guide is at https://aws.amazon.com/blogs/security/how-to-set-up-federated-single-sign-on-to-aws-using-google-apps. With terraform its just https://github.com/nikiai/terraform-aws-sso-google/blob/master/hub_saml.tf
And this goes hand in hand with 1 account 1 environment policy of geodesic.
we did something like https://github.com/nikiai/terraform-modules
2018-10-22
anybody used this https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-using-cloudformer.html ?
last time i used it (couple years ago) was
I have tried to use it couple of times but not worth it… You will spent more time figuring out and modifying output template as compared to writing templates on your own.
2018-10-23
+1 just noticed AD is optional now on AWS SSO, default works with out any managed directory now
that’s nice! so it can work with pure IAM users?
seems like the same interface/setup just without requiring the directory, not sure what they are doing behind the scenes there..
did notice they mentioned adding more flexibility in a recent change related to saml, haven’t dug into it much more though. hoping to provision permissions based on saml attributes
so yep seems so, depending on what your looking for. guess i’d be interested if existing iam users could use the same setup..
but anyways messed around with it a little bit, user provisioning is pretty nice, can provision users from the web console at least now