#aws (2025-01)

aws Discussion related to Amazon Web Services (AWS)

aws Discussion related to Amazon Web Services (AWS)

Archive: https://archive.sweetops.com/aws/

2025-01-07

Yaakov Amar avatar
Yaakov Amar

Hey CloudPosse community! Heads up on a critical AWS EBS policy change that could cause issues if not addressed (for example). AWS’s notification only covers policies used in the last 90 days, potentially missing infrequently used ones in large environments. To help tackle this, I’ve created an open-source Python CLI tool that scans ALL policies, regardless of recent usage, and outputs a CSV based on policy statements. This can help catch and identify every affected policy, even rarely used ones. The tool is available for anyone to use: https://github.com/JacobAmar/aws-policy-checker All you need to do in order to generate a csv file containing all the policies that contains this statement is simply run:

python3 main.py --region us-east-1 --workers 50 (workers are optional but good to use when you have a lot of policies) --statement ec2:CreateVolume (or any other statement)

Hope this helps fellow DevOps pros facing this challenge across various organizations! Feel free to check it out, contribute, or share feedback! Cheers!

1
1
1

2025-01-08

2025-01-09

2025-01-12

Zing avatar

anyone have experience with both of these aws cli tools?

https://github.com/synfinatic/aws-sso-cli

https://www.granted.dev/ we’re all in on aws iam identity center (SSO) so both of these work for us, but i’m curious if anyone has pros vs cons to share

Granted

Granted - the easiest way to access your cloud.

synfinatic/aws-sso-cli

A powerful tool for using AWS Identity Center for the CLI and web console.

Joe Perez avatar
Joe Perez

+1 for granted. works well with AWS SSO and I like the feature of being able to view multiple aws accounts by doing something like assume -c account1 and then assume -c account2 which will open a browser window for each and they won’t interfere with each other

Granted

Granted - the easiest way to access your cloud.

synfinatic/aws-sso-cli

A powerful tool for using AWS Identity Center for the CLI and web console.

Zing avatar

it does look quite promising

Zing avatar

but synfinatic’s tool does as well, i’m gonna play with both a bit

andrey.a.devyatkin avatar
andrey.a.devyatkin

aws-vault is great

loren avatar

i use exclusively granted. it’s fantastic

Zing avatar

it’s not multi cloud right?

Zing avatar

we’re not multi cloud atm, but in case we ever become multi cloud, it’d be nice to not have to adopt a second cli

loren avatar

it’s notionally “pluggable” and they have designs to be multicloud, but currently it supports on aws, subscribe to this issue to follow along: https://github.com/common-fate/granted/issues/277

#277 [Feature Request] Add support for Microsoft Azure and GCP

Hi,

Please consider the support for Microsoft Azure. The tool is useful so I think that the big three public cloud platforms should be supported. Most of companies have a combination of resources in AWS, GCP and Azure so this tool is absolutely necessary.

Thanks in advance,

2025-01-13

    keyboard_arrow_up