#aws (2018-10)

aws Discussion related to Amazon Web Services (AWS)

aws Discussion related to Amazon Web Services (AWS) Archive: https://archive.sweetops.com/aws/

2018-10-23

jarv avatar
jarv
08:25:31 AM

+1 just noticed AD is optional now on AWS SSO, default works with out any managed directory now

Was avoiding going that route originally because of the dependency on ad, but thinking that may have been designed to be made optional later

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that’s nice! so it can work with pure IAM users?

jarv avatar

seems like the same interface/setup just without requiring the directory, not sure what they are doing behind the scenes there..

jarv avatar

did notice they mentioned adding more flexibility in a recent change related to saml, haven’t dug into it much more though. hoping to provision permissions based on saml attributes

jarv avatar

so yep seems so, depending on what your looking for. guess i’d be interested if existing iam users could use the same setup..

but anyways messed around with it a little bit, user provisioning is pretty nice, can provision users from the web console at least now

2018-10-22

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
Using CloudFormer to Create AWS CloudFormation Templates from Existing AWS Resources - AWS CloudFormation

Create an AWS CloudFormation template from existing AWS resources in your account using the CloudFormer tool.

Ryan Ryke avatar
Ryan Ryke

last time i used it (couple years ago) was

Using CloudFormer to Create AWS CloudFormation Templates from Existing AWS Resources - AWS CloudFormation

Create an AWS CloudFormation template from existing AWS resources in your account using the CloudFormer tool.

ramesh.mimit avatar
ramesh.mimit

I have tried to use it couple of times but not worth it… You will spent more time figuring out and modifying output template as compared to writing templates on your own.

2018-10-17

rohit.verma avatar
rohit.verma
How to Set Up Federated Single Sign-On to AWS Using Google Apps | Amazon Web Services attachment image

The AWS Security Blog has covered a variety of solutions for federating single sign-on (SSO) to the AWS Management Console. For example, How to Connect Your On-Premises Active Directory to AWS Using AD Connector, How to Set Up SSO to the AWS Management Console for Multiple Accounts by Using AD FS and SAML 2.0, and […]

nikiai/terraform-aws-sso-google

Contribute to nikiai/terraform-aws-sso-google development by creating an account on GitHub.

1
rohit.verma avatar
rohit.verma

And this goes hand in hand with 1 account 1 environment policy of geodesic.

rohit.verma avatar
rohit.verma
nikiai/terraform-modules

Contribute to nikiai/terraform-modules development by creating an account on GitHub.

2018-10-16

jarv avatar

Was looking over the org/sso docs again just now and seems to be more module then I had thought before.

jarv avatar

Was avoiding going that route originally because of the dependency on ad, but thinking that may have been designed to be made optional later

jarv avatar

Recent feature is pretty interesting as well, that and cloud directory get the feeling they are going to try and run AWS on it..

jarv avatar

yeah pretty sure that’s going to happen, really excited to see some of this come together in the wild though

jarv avatar

still a lot that i’m a bit unsure on, like trying to understand how it will end up working out. mainly things around org/sso/service links

jarv avatar

and scp’s.. with the open ended api’s for that and trusted services guessing they have a lot more planned

jarv avatar

Not sure if anyone has looked into this much but with that being developed out I keep on not being able to help but think how someone might want to tie together account provisioning. Digging through gsuite stuff lately would interested in messing around with integrating it with some stuff there, something like accounts mapping to google groups.

Ideally i’d want to navigate to some ui and be able to know what’s going on who work’s on it, what tools people use, etc.. the whole google suite seems pretty ideal for throwing together something like that without too much overhead

jarv avatar

just simple things like email and phone for service password reset’s in the same UI, i think could make a big difference

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@jarv this is on our list of “wanted” modules

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I really want AWS SSO, but haven’t had the client engagement yet to justify the investment

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@rohit.verma loves the GSuite SSO and has been using it with all their AWS stuff

2018-10-11

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


The document from late 2015 lists the addresses and some operational details of over one hundred data centers spread across fifteen cities in nine countries. To accompany this document, WikiLeaks also created a map showing where Amazon’s data centers are located.

2018-10-10

sarkis avatar
sarkis
05:51:00 PM

@sarkis has joined the channel

2018-10-09

Gaurav avatar
Gaurav
05:52:07 PM

@Gaurav has joined the channel

2018-10-04

markmutti avatar
markmutti

@Erik Osterman (Cloud Posse) Interesting! I’d never heard of that project and have some colleagues I could coax into using AWS directly with something like that. (Commits as young as 21 hours)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

in that issue he references: https://github.com/cloudtools/stacker

cloudtools/stacker

An AWS CloudFormation Stack orchestrator/manager. Contribute to cloudtools/stacker development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

looks interesting

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
jpignata/fargate

CLI for AWS Fargate. Contribute to jpignata/fargate development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Andriy Knysh (Cloud Posse) this is sweet

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this + atlantis

jarv avatar

really wanted to get atlantis up and running, really like it just because the idea is simple and (seems?) flexible

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea - same

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@maarten has been using it for some time and loves it

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i’ll be kicking the tires

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Support for custom atlantis.yaml filenames by darrylb-github · Pull Request #2 · darrylb-github/atlantis

Adds ability to define custom atlantis.yaml filename in the repo. This allows setting different configs for different instances of atlantis, e.g. staging vs prod, each with different IAM perms.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I want this

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

hope he opens PR into offical repo

jarv avatar

hm, yeah that would be useful

2018-10-03

Steven avatar
Steven
11:50:49 AM

@Steven has joined the channel

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I forgot to check back on empire when we started all our ECS stuff

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

looks like no new release in over a year

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

is the project dead?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
remind101/empire

A PaaS built on top of Amazon EC2 Container Service (ECS) - remind101/empire

ankur avatar
ankur
02:52:16 AM

@ankur has joined the channel

2018-10-02

mallen avatar
mallen
07:25:48 PM

@mallen has joined the channel

2018-10-01

jarv avatar
jarv
01:58:55 AM

@jarv has joined the channel

    keyboard_arrow_up