#aws (2025-01)
Discussion related to Amazon Web Services (AWS)
Discussion related to Amazon Web Services (AWS)
Archive: https://archive.sweetops.com/aws/
2025-01-07
Hey CloudPosse community! Heads up on a critical AWS EBS policy change that could cause issues if not addressed (for example). AWS’s notification only covers policies used in the last 90 days, potentially missing infrequently used ones in large environments. To help tackle this, I’ve created an open-source Python CLI tool that scans ALL policies, regardless of recent usage, and outputs a CSV based on policy statements. This can help catch and identify every affected policy, even rarely used ones. The tool is available for anyone to use: https://github.com/JacobAmar/aws-policy-checker All you need to do in order to generate a csv file containing all the policies that contains this statement is simply run:
python3 main.py --region us-east-1 --workers 50 (workers are optional but good to use when you have a lot of policies) --statement ec2:CreateVolume (or any other statement)
Hope this helps fellow DevOps pros facing this challenge across various organizations! Feel free to check it out, contribute, or share feedback! Cheers!
2025-01-08
2025-01-09
2025-01-12
anyone have experience with both of these aws cli tools?
• https://github.com/synfinatic/aws-sso-cli
• https://www.granted.dev/ we’re all in on aws iam identity center (SSO) so both of these work for us, but i’m curious if anyone has pros vs cons to share
Granted - the easiest way to access your cloud.
A powerful tool for using AWS Identity Center for the CLI and web console.
+1 for granted. works well with AWS SSO and I like the feature of being able to view multiple aws accounts by doing something like assume -c account1
and then assume -c account2
which will open a browser window for each and they won’t interfere with each other
Granted - the easiest way to access your cloud.
A powerful tool for using AWS Identity Center for the CLI and web console.
it does look quite promising
but synfinatic’s tool does as well, i’m gonna play with both a bit
aws-vault is great
i use exclusively granted
. it’s fantastic
it’s not multi cloud right?
we’re not multi cloud atm, but in case we ever become multi cloud, it’d be nice to not have to adopt a second cli
it’s notionally “pluggable” and they have designs to be multicloud, but currently it supports on aws, subscribe to this issue to follow along: https://github.com/common-fate/granted/issues/277
Hi,
Please consider the support for Microsoft Azure. The tool is useful so I think that the big three public cloud platforms should be supported. Most of companies have a combination of resources in AWS, GCP and Azure so this tool is absolutely necessary.
Thanks in advance,