Student SCP policy — политика для защиты аккаунтов, предназначенных для изучения AWS.
Покрыты все нужные сервисы, запрещены неадекватные действия по биллингу, запрещены действия, которые могут иметь долгосрочный и неотвратимый характер.
Student SCP policy не имеет ограничений на адекватные действия и создание любых ресурсов, что могут потребоваться для изучения. Поэтому предполагается обязательная настройка AWS Budgets и алертов.
Если требуется более жёсткие ограничений, то нужно использовать Allow List Approach — вместо запрещения проблемных лишь разрешать нужные.
#security #organizations #scp
Покрыты все нужные сервисы, запрещены неадекватные действия по биллингу, запрещены действия, которые могут иметь долгосрочный и неотвратимый характер.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "StudentSCPpolicy",
"Effect": "Deny",
"Action": [
"athena:CreateCapacityReservation",
"aws-marketplace:AcceptAgreementRequest",
"aws-marketplace:CreateAgreementRequest",
"aws-marketplace:CreatePrivateMarketplaceRequests",
"aws-marketplace:Subscribe",
"backup:CreateLogicallyAirGappedBackupVault",
"backup:PutBackupVaultLockConfiguration",
"bedrock:CreateFoundationModelAgreement",
"bedrock:CreateProvisionedModelThroughput",
"cloudfront:CreateSavingsPlan",
"devicefarm:PurchaseOffering",
"directconnect:ConfirmCustomerAgreement",
"dynamodb:PurchaseReservedCapacityOfferings",
"ec2:AcceptReservedInstancesExchangeQuote",
"ec2:CreateCapacityReservation",
"ec2:CreateCapacityReservationFleet",
"ec2:CreateReservedInstancesListing",
"ec2:LockSnapshot",
"ec2:PurchaseCapacityBlock",
"ec2:PurchaseHostReservation",
"ec2:PurchaseReservedInstancesOffering",
"ec2:PurchaseScheduledInstances",
"eks:CreateEksAnywhereSubscription",
"elasticache:PurchaseReservedCacheNodesOffering",
"elemental-appliances-software:CreateOrderV1",
"elemental-appliances-software:SubmitOrderV1",
"es:PurchaseReservedElasticsearchInstanceOffering",
"es:PurchaseReservedInstanceOffering",
"freertos:CreateSubscription",
"glacier:CompleteVaultLock",
"glacier:PurchaseProvisionedCapacity",
"groundstation:ReserveContact",
"iottwinmaker:UpdatePricingPlan",
"iq:ApprovePaymentRequest",
"mediaconnect:PurchaseOffering",
"medialive:PurchaseOffering",
"memorydb:PurchaseReservedNodesOffering",
"organizations:LeaveOrganization",
"organizations:DeleteOrganization",
"organizations:RemoveAccountFromOrganization",
"outposts:CreateOrder",
"panorama:ProvisionDevice",
"quicksight:Subscribe",
"quicksight:UpdateSPICECapacityConfiguration",
"rbin:LockRule",
"rds:PurchaseReservedDBInstancesOffering",
"redshift:AcceptReservedNodeExchange",
"redshift:PurchaseReservedNodeOffering",
"route53domains:AcceptDomainTransferFromAnotherAwsAccount",
"route53domains:RegisterDomain",
"route53domains:RenewDomain",
"route53domains:TransferDomain",
"route53domains:TransferDomainToAnotherAwsAccount",
"s3:PutBucketObjectLockConfiguration",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3-object-lambda:PutObjectLegalHold",
"s3-object-lambda:PutObjectRetention",
"savingsplans:CreateSavingsPlan",
"shield:CreateSubscription",
"snowball:CreateJob",
"snowball:CreateLongTermPricing"
],
"Resource": "*"
}
]
}Student SCP policy не имеет ограничений на адекватные действия и создание любых ресурсов, что могут потребоваться для изучения. Поэтому предполагается обязательная настройка AWS Budgets и алертов.
Если требуется более жёсткие ограничений, то нужно использовать Allow List Approach — вместо запрещения проблемных лишь разрешать нужные.
#security #organizations #scp
🔥26👍6
Jeff Barr
After giving it a lot of thought, we made the decision to discontinue new access to a small number of services, including AWS CodeCommit.
While we are no longer onboarding new customers to these services, there are no plans to change the features or experience you get today, including keeping them secure and reliable.
We also support migrations to other AWS or third-party solutions better aligned with your evolving needs. Keep the feedback coming. We’re always listening.
The services I'm referring to are: S3 Select, CloudSearch, Cloud9, SimpleDB, Forecast, Data Pipeline, and CodeCommit.
https://x.com/jeffbarr/status/1818461689920344321
After giving it a lot of thought, we made the decision to discontinue new access to a small number of services, including AWS CodeCommit.
While we are no longer onboarding new customers to these services, there are no plans to change the features or experience you get today, including keeping them secure and reliable.
We also support migrations to other AWS or third-party solutions better aligned with your evolving needs. Keep the feedback coming. We’re always listening.
The services I'm referring to are: S3 Select, CloudSearch, Cloud9, SimpleDB, Forecast, Data Pipeline, and CodeCommit.
https://x.com/jeffbarr/status/1818461689920344321
👍10😁8🤝1
Выберите AWS сервисы (можно несколько вариантов), которыми пользовались, или хотя бы слышали и примерно знаете, что это.
Anonymous Poll
39%
Cloud9
24%
CloudDeploy
9%
CloudSearch
54%
CodeCommit
15%
Data Pipeline
5%
Forecast
1%
InfiniDash
18%
S3 Select
11%
SimpleDB
34%
👀 Посмотреть результаты
AWS Notes
Jeff Barr After giving it a lot of thought, we made the decision to discontinue new access to a small number of services, including AWS CodeCommit. While we are no longer onboarding new customers to these services, there are no plans to change the features…
В сердцах каждого амазоновца:
Пожалуйста, и Chime тоже, ну, пожалуйста!
Пожалуйста, и Chime тоже, ну, пожалуйста!
😁32💯8❤1
This media is not supported in your browser
VIEW IN TELEGRAM
Заказчик не хочет выполнять взятые на себя финансовые обязательства, подвергая сомнению функциональные требования и сроки выполнения проекта перед завтрашним демо.
#пятничное
#пятничное
😁31🤣5
Как перенести AWS аккаунт из одной AWS Organization в другую.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_account_migration.html
#Organizations
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_account_migration.html
#Organizations
Amazon
Migrate an account to another organization with AWS Organizations - AWS Organizations
Learn how to migrate an AWS account that you want to become part of another organization.
👍2❤1🔥1✍1
Forwarded from AWS Notes Україна
AWS з нуля українською
https://www.youtube.com/watch?v=c-s8F0hyD2o&list=PLiv5DsFFzt7T_Ca2iuBBWNxuzolJKnTOM&index=5
#video #courses
https://www.youtube.com/watch?v=c-s8F0hyD2o&list=PLiv5DsFFzt7T_Ca2iuBBWNxuzolJKnTOM&index=5
#video #courses
👍35🤡9😁7👎2❤🔥1
AWS IPv6 Learning Path
1️⃣ IPv6 Fundamentals and VPC Connectivity
https://explore.skillbuilder.aws/learn/course/20489
Foundational-level course covering IPv6 addressing, Amazon VPC IPv6 support, and VPC connectivity options using IPv6.
2️⃣ IPv6 Application Networking and Internet Edge Connectivity
https://explore.skillbuilder.aws/learn/course/20488
Intermediate-level course on IPv6 for application networking, containers and serverless workload deployments, and AWS edge services.
3️⃣ IPv6 Design and Build Global IPv6 Networks on AWS
https://explore.skillbuilder.aws/learn/course/20499
Intermediate-level course to learn about IPv6 network design, hybrid and global connectivity, and IPv6 security and monitoring.
#IPv6
1️⃣ IPv6 Fundamentals and VPC Connectivity
https://explore.skillbuilder.aws/learn/course/20489
Foundational-level course covering IPv6 addressing, Amazon VPC IPv6 support, and VPC connectivity options using IPv6.
2️⃣ IPv6 Application Networking and Internet Edge Connectivity
https://explore.skillbuilder.aws/learn/course/20488
Intermediate-level course on IPv6 for application networking, containers and serverless workload deployments, and AWS edge services.
3️⃣ IPv6 Design and Build Global IPv6 Networks on AWS
https://explore.skillbuilder.aws/learn/course/20499
Intermediate-level course to learn about IPv6 network design, hybrid and global connectivity, and IPv6 security and monitoring.
#IPv6
explore.skillbuilder.aws
Self-paced digital training on AWS - AWS Skill Builder
Your learning center to build in-demand cloud skills.
👍11
How to use LAG (Logically Air-Gapped) AWS Backup:
https://aws.amazon.com/blogs/storage/building-cyber-resiliency-with-aws-backup-logically-air-gapped-vault/
• Fast recovery time due to ability to share with RAM
• Auto-lock in compliance mode with AWS-owned key encryption
#Backup
https://aws.amazon.com/blogs/storage/building-cyber-resiliency-with-aws-backup-logically-air-gapped-vault/
• Fast recovery time due to ability to share with RAM
• Auto-lock in compliance mode with AWS-owned key encryption
#Backup
Разработчик добавляет новый параметр в CI/CD пока девопс в отпуске (осторожно, больно смотреть).
#пятничное
#пятничное
This media is not supported in your browser
VIEW IN TELEGRAM
🫡16😁12🙈6🤡4🦄3👍1
Amazon EKS Terraform Workshop
https://catalog.us-east-1.prod.workshops.aws/workshops/afee4679-89af-408b-8108-44f5b1065cc7/en-US
- Install the Sample Application
- Observability
- Automation using Flux
- Using Kyverno Policy Manager
- Enabling GuardDuty
- VPC Lattice
- VPC CNI Network Policy
- Troubleshooting
#EKS #Terraform #workshop
https://catalog.us-east-1.prod.workshops.aws/workshops/afee4679-89af-408b-8108-44f5b1065cc7/en-US
- Install the Sample Application
- Observability
- Automation using Flux
- Using Kyverno Policy Manager
- Enabling GuardDuty
- VPC Lattice
- VPC CNI Network Policy
- Troubleshooting
#EKS #Terraform #workshop
👍17
Open Source как требование для государственных организаций Швейцарии.
https://www.zdnet.com/article/switzerland-now-requires-all-government-software-to-be-open-source/
Так что не стоит сомневаться в перспективах OpenToFu, Valkey и других популярных Open Source проектов.
P.S. Кстати, а что планируется вместо Sentry (если планируется)?
#OpenSource
https://www.zdnet.com/article/switzerland-now-requires-all-government-software-to-be-open-source/
Так что не стоит сомневаться в перспективах OpenToFu, Valkey и других популярных Open Source проектов.
P.S. Кстати, а что планируется вместо Sentry (если планируется)?
#OpenSource
ZDNET
Switzerland federal government requires releasing its software as open source
The United States remains reluctant to work with open source, but European countries are bolder.
🔥9👍1
dockerc — сompile docker image to binary
https://github.com/NilsIrl/dockerc/
No more
P.S. We need executables for making executables too.
https://github.com/NilsIrl/dockerc/
No more
docker run, pip install or npm i — just give your users executables they can run.P.S. We need executables for making executables too.
😁32🤔5
Пересмотрел тысячи часов курсов по AWS, платных и бесплатных, от различных авторов. Не для сдачи на сертификацию, а с целью оценки качества подачи материала. Что особенно важно для тех, кто начинает с нуля.
Бесплатные курсы в интернете есть и местами даже неплохие. Платные нередко хуже бесплатных, а временами просто противопоказаны начинающим.
Однако тягаться с хорошими платными курсами нереально. Лучшие — от Adrian Cantrill, https://learn.cantrill.io. Не самые дёшевые. Возможно потому, что лучшие.
Распродажами Адриан не балует. Однако прямо сейчас как раз такой случай (50%):
https://www.linkedin.com/posts/adriancantrill_everyone-on-my-network-knows-i-hate-sales-activity-7228662578053275648-clv1
Не мешкайте, промокод
#Certification
Бесплатные курсы в интернете есть и местами даже неплохие. Платные нередко хуже бесплатных, а временами просто противопоказаны начинающим.
Однако тягаться с хорошими платными курсами нереально. Лучшие — от Adrian Cantrill, https://learn.cantrill.io. Не самые дёшевые. Возможно потому, что лучшие.
Распродажами Адриан не балует. Однако прямо сейчас как раз такой случай (50%):
https://www.linkedin.com/posts/adriancantrill_everyone-on-my-network-knows-i-hate-sales-activity-7228662578053275648-clv1
Не мешкайте, промокод
AUG1337-LINKEDIN.#Certification
learn.cantrill.io
Homepage
❤17👍3🤪1
Всем привет .
Мы выпустили новый релиз 0.13.1
Добавлено:
- Cka lab 6. Create general resources (Namespace, Deployment, Service). solutions . video
- k3s template. помогает создавать очень дешевый k8s кластер на одной маленькой ec2 для простых сценариев.
- Cka lab 7. CPU throttle. solutions
- Cks labs are updated.
на данный момент подготовлены mock экзамены cka (mock1 mock2 ) , cks(mock1 ) , ckad (mock1 mock2 ) , lfcs (mock 1 )
Для
Все рессурсы создаются с
по умолчанию используются
пример запуска
выпуск на devops kitchen talks , где обсуждали как готовиться к экзаменам CKA, CKS, CKAD в 2024 году
github платформы
канал с решениями мок экзаменов и лабораторных работ.
Мы выпустили новый релиз 0.13.1
Добавлено:
- Cka lab 6. Create general resources (Namespace, Deployment, Service). solutions . video
- k3s template. помогает создавать очень дешевый k8s кластер на одной маленькой ec2 для простых сценариев.
- Cka lab 7. CPU throttle. solutions
- Cks labs are updated.
на данный момент подготовлены mock экзамены cka (mock1 mock2 ) , cks(mock1 ) , ckad (mock1 mock2 ) , lfcs (mock 1 )
Для
запуска платформы нужен личный акаунт AWS. Все рессурсы создаются с
terraform + terragrunt по умолчанию используются
ec2 spot и t4g.medium (graviton ) пример запуска
выпуск на devops kitchen talks , где обсуждали как готовиться к экзаменам CKA, CKS, CKAD в 2024 году
github платформы
канал с решениями мок экзаменов и лабораторных работ.
GitHub
cks/CHANGELOG/CHANGELOG.MD at master · ViktorUJ/cks
Open-source Platform for learning kubernetes and aws eks and preparation for for Certified Kubernetes exams (CKA ,CKS , CKAD) - ViktorUJ/cks
👍27🔥2
Forwarded from Oleksii Bebych
Amazon DevOps Guru for Serverless Applications
Description: In this talk, we’ll use a standard serverless application that uses API Gateway, Lambda, DynamoDB, SQS, Step Functions (and other AWS-managed services).
We'll explore how Amazon DevOps Guru recognizes operational issues and anomalies like increased latency and error rates (timeouts, throttling, and resource limits) and integrate DevOps Guru with PagerDuty to provide even better incident management.
Amazon DevOps Guru analyzes data like application metrics, logs, events, and traces to establish baseline operational behavior and then uses ML to detect anomalies. The service uses pre-trained ML models that are able to identify spikes in application requests, so it knows when to alert and when not to.
Speaker: Vadym Kazulkin, Head Of Development at ip.labs, AWS Community Builder
When: August 28th, 6 PM EEST
Language: English
Registration link: https://zoom.us/webinar/register/5717231125253/WN_h1cfYRgmQCuW6S2AsAFBog
Description: In this talk, we’ll use a standard serverless application that uses API Gateway, Lambda, DynamoDB, SQS, Step Functions (and other AWS-managed services).
We'll explore how Amazon DevOps Guru recognizes operational issues and anomalies like increased latency and error rates (timeouts, throttling, and resource limits) and integrate DevOps Guru with PagerDuty to provide even better incident management.
Amazon DevOps Guru analyzes data like application metrics, logs, events, and traces to establish baseline operational behavior and then uses ML to detect anomalies. The service uses pre-trained ML models that are able to identify spikes in application requests, so it knows when to alert and when not to.
Speaker: Vadym Kazulkin, Head Of Development at ip.labs, AWS Community Builder
When: August 28th, 6 PM EEST
Language: English
Registration link: https://zoom.us/webinar/register/5717231125253/WN_h1cfYRgmQCuW6S2AsAFBog
👍6🔥1
Forwarded from AWS User Group 3City
🌟 AWS UserGroup 3City Meetup #8 - Gen AI edition is Coming! 🌟
🗓 Date: August 28, 17:00 📍
Location: O4 COWORKING, al. Grunwaldzka 472B, Gdansk (with online streaming option)
Join us for an evening of learning, networking, and innovation in the world of AWS!
Agenda:
"Prompt engineering best practices for foundation models" by Viktor Vedmich (Senior Developer Advocate @ AWS)
"AI tools for programming" by Lex Kartynnik aka IT Beard (Programmer, Blogger, AI enthusiast)
"Autistic Children Mood Recognition on AWS + OpenAI" by Aliaksei Semirski (Senior Systems Engineer @ EPAM)
🍕 Enjoy pizza and networking opportunities!
🆓 The event is free of charge
Don't miss this chance to enhance your AWS skills and connect with like-minded professionals.
Spots are limited.
Register now at: https://wearecommunity.io/events/aws-user-group-3city-meetup-8
🗓 Date: August 28, 17:00 📍
Location: O4 COWORKING, al. Grunwaldzka 472B, Gdansk (with online streaming option)
Join us for an evening of learning, networking, and innovation in the world of AWS!
Agenda:
"Prompt engineering best practices for foundation models" by Viktor Vedmich (Senior Developer Advocate @ AWS)
"AI tools for programming" by Lex Kartynnik aka IT Beard (Programmer, Blogger, AI enthusiast)
"Autistic Children Mood Recognition on AWS + OpenAI" by Aliaksei Semirski (Senior Systems Engineer @ EPAM)
🍕 Enjoy pizza and networking opportunities!
🆓 The event is free of charge
Don't miss this chance to enhance your AWS skills and connect with like-minded professionals.
Spots are limited.
Register now at: https://wearecommunity.io/events/aws-user-group-3city-meetup-8
👍5