Thanks for your awesome video! I have a question, how to connect your PC to the Snowball device? just plug ethernet cable or need to set a local network to connect with? Thank you.
@cloudonaut17 күн бұрын
By default the Snowball devices uses DHCP to configure an IP address. But it is also possible to configure a static IP address. So both scenarios should be possible.
@RifqiAbidin17 күн бұрын
@@cloudonaut got it. Thanks for your answer, Sir!
@staj23 күн бұрын
Great episode thanks. cloudonaut.io/tidying-up-after-failed-terraform-tests/
@yusefalimam130Ай бұрын
this is incredible! Thank you for this. Your demonstrations are practical realistic and well appliable. I hope you continue to make videos!
@cloudonautАй бұрын
Thank you! Will do!
@user-vq7er5ft6rАй бұрын
This is a wonderful video. Thanks cloudonaut.
@cloudonautАй бұрын
Thank you!
@ravitejateja2071Ай бұрын
Thank you for the great video. Any idea if it is possible to automate the process to auto refresh the temporary credentials? If we want to try out SSM with SSO, if we do aws configure sso and set up profile, every time it asks for approval from browser. Any way we can automate this to avoid browser approvals?
@cloudonautАй бұрын
Thanks for the feedback. I'm not aware of a way to automate refreshing the credentials.
@venkatrao7868Ай бұрын
Thank you for creating such good video !!
@cloudonautАй бұрын
Thank you!
@BoKKeR111Ай бұрын
Wow, this might be the problem we are facing, the SNS messages would sometimes arrive hours later. We have the same 1 second limit. I will test this soon. Very hard to find people talking about this throttling anywhere online
@cloudonautАй бұрын
The bug was fixed in November 13th, 2020. Not sure if they reintroduced the bug? :) You can find the history of the bug here: cloudonaut.io/loosing-trust-in-aws-sns-broken-for-24-days/
@Ravi-fz2mz2 ай бұрын
Best video on SSO. Is it possible to integrate third party tools ( Jenkins ) with users generated from SSO ( AD Entra ) , how can we get access keys for the new users to access AWS from jenkins on IAM Identity Center.
@PriyankaSharma-wf7sg2 ай бұрын
Hi, I have one question when we say that AMP provides high scalability can this not be achieved if we create a self managed Prometheus as daemon set that would scale itself depending upon the nodes it has to monitor ?
@cloudonaut2 ай бұрын
Hi! Sorry, we have no experience scaling Prometheus.
@thestart7092 ай бұрын
what about if we want to terraform apply(CI) on specific AWS account? would you create an SSO user like e.x. deployer from which you would run aws sso get-role-credentials to get temporary credentials and apply terraform?
@cloudonaut2 ай бұрын
Depend on your CI solution. If you use GitHub, you can use docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
@thestart7092 ай бұрын
The Organisation is created from the AWS root account so I guess the SSO should be activated from the AWS root account where the Organisation exists?
@cloudonaut2 ай бұрын
Yes, root account or a delegated admin account, see docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html
@Shaguar3 ай бұрын
Guys, i keep hearing about Cloudformation with you guys, and i get that it is really popular for AWS. But how do you incorporate it with CI/CD, lets say via Gitlab
@cloudonaut2 ай бұрын
We use the AWS CLI: aws cloudformation deploy ...
@wilsonmusa49564 ай бұрын
Super very informative, thank you
@cloudonaut4 ай бұрын
Thank you!
@ifalok0074 ай бұрын
What advantage hyperenv provide over using webhooks to send notification to AWS lambda?
@cloudonaut4 ай бұрын
Good question! First, HyperEnv deploys an API Gateway + Lambda as well as configures the GitHub webhook automatically. Second, HyperEnv uses a SQS queue to add resiliency, for example to avoid issues caused by rate limiting of the EC2 API. Third, HyperEnv provides an AMI pre-configured to launch a just-in-time GitHub runner. And last but not least, we are maintaining the whole step which includes patching the AMI.
@borgesnotes4 ай бұрын
I just read your latest newsletter and now watching this video. What a journey from 2015 until now! Very inspiring! Cool that you guys planned your parental leaving a year apart! Following you now on LinkedIn! Super fan!
@cloudonaut4 ай бұрын
Thank you!
@cloudonaut4 ай бұрын
Very funny. Today, AWS announced that they have decided to remove the following controls from all security standards: * Athena.1 (“Athena workgroups should be encrypted at rest”) [1]. Athena workgroups send results to Amazon S3 Buckets. Amazon S3 now provides default encryption on new and existing buckets with S3 managed keys (SSE-S3). Bucket encryption cannot be removed, only changed to a different method [2]. * AutoScaling.4 (“Auto Scaling group launch configuration should not have a metadata response hop limit greater than 1”) [3]. There are certain cases where a hop limit greater than 1 is required. For example, Amazon Linux 2023 AMI allows for a hop limit of 2 to support containerized workloads [4]. * CloudFormation.1 (“CloudFormation stacks should be integrated with Simple Notification Service (SNS)”) [5]. While integrating important CloudFormation stacks with SNS topics can be useful, it is not required for all stacks. * CodeBuild.5 (“CodeBuild project environments should not have privileged mode enabled”) [6]. There are certain cases where privileged mode is required for CodeBuild Docker projects. For more information, see the CodeBuild User Guide [7]. * IAM.20 (“Avoid the use of the root user”) [8]. The functionality of this control is incorporated into existing control CloudWatch.1 (“A log metric filter and alarm should exist for the usage of the root user”) [9]. * SNS.2 (“Logging of delivery status should be enabled for notification messages sent to a topic”) [10]. While logging of delivery status for important SNS topics can be useful, it is not required for all topics. In addition, the following controls will be removed only from the AWS Foundational Security Best Practices (FSBP) standard [11], but will still be included in the NIST SP 800-53 r5 standard: * S3.10 (“S3 buckets with versioning enabled should have Lifecycle configurations”) [12]. This security practice remains covered by controls S3.13 (“S3 buckets should have lifecycle policies configured”) [13] and S3.14 (“S3 buckets should use versioning”) [14], both of which belong to the FSBP standard. * S3.11 (“S3 buckets should have event notifications enabled”) [15]. While there are certain cases where event notifications for S3 buckets can be useful, this not a universal security best practice. * SNS.1 (“SNS topics should be encrypted at rest using AWS KMS”) [16]. Amazon SNS now stores messages and files using default disk encryption [17]. Security Hub will remove these controls starting March 16, 2024, in a process which can take up to a month. Once the controls are removed from your account, their findings will be archived within 5 days and will be deleted after 90 days. This does not require any action from your side. However, if you wish to stop receiving findings from these controls before they are removed, you may disable them by using the Security Hub console or API [18]." It's likely not because of us but we are happy to see some of the controls that we mentioned to be removed :)
@user-uu4js4ox1m4 ай бұрын
After 3 hours of wasting time, hop-limit=2 fixed the issue. Thank you so much for sharing.
@angelotessaro4 ай бұрын
I'm trying to wrap my head around the fact that we still need our own prometheus server with AMP... AMP supposedly allows for easy scalability and provision of resources, but then I need to handle the Prometheus server anyway. So why should I use it? It's a legit question, I don't get it and I wanted a simple solution to monitor my services running on EC2/Beanstalk. But it looks like I could be better off not using AMP.
@cloudonaut4 ай бұрын
There is a new feature called managed collector. At the moment it can only collect metrics from EKS but if that's your use case you might be covered :), see aws.amazon.com/about-aws/whats-new/2023/11/amazon-managed-service-prometheus-agentless-collector-metrics-eks/
@angelotessaro4 ай бұрын
@@cloudonaut Thanks a lot for the reply, your content is superb! I'm looking forward to digging more into your videos, they're helping me a lot. I'm not using EKS, and a lot of the documentation for AMP seems directed to it. My idea is that I'm gonna try pushing my metrics directly to AMP using the write endpoint, using the prometheus-client library for Python. I'm not confident it will work, but I'll see. If you have any pointers you could give me, I would appreciate. thanks!
@cloudonaut4 ай бұрын
@@angelotessaro Good luck :)
@michaelpesin9465 ай бұрын
how do you set the credentials?
@cloudonaut5 ай бұрын
Please see docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/setting-credentials.html
@madrag5 ай бұрын
Scary? Overreacted... man really so many steps to make that work...
@cloudonaut5 ай бұрын
Thanks for your feedback!
@edpro47765 ай бұрын
The Cloudformation template didn't work. Do I need to provide a sub domain? I ran it with the command below bucket_name=my-unique-bucket hosted_zone=us-west-2 sub_domain=my-unique-domain stack_name=my-unique-stack-name aws s3 mb s3://$bucket_name --region us-west-2 npm i aws cloudformation package --template-file example.yaml --s3-bucket $bucket_name --output-template-file packaged.yaml aws cloudformation deploy --template-file packaged.yaml --stack-name $stack_name --parameter-overrides HostedZoneId=$hosted_zone SubDomainNameWithDot=$sub_domain --capabilities CAPABILITY_IAM aws cloudformation describe-stacks --stack-name $stack_name --query "Stacks[0].Outputs[?OutputKey=='Url'].OutputValue" --output text
@asdf8asdf8asdf8asdf5 ай бұрын
aurora serverless very useful info. Serverless v2 removing scaling down to zero capability to save $ is now missing.
@cloudonaut5 ай бұрын
We miss that feature!
@user-us7rg4cd6p5 ай бұрын
awesome video
@cloudonaut5 ай бұрын
Thank you!
@user-zh7ji2ji6x5 ай бұрын
Hey Man, can I connect with you on LinkedIn?
@cloudonaut5 ай бұрын
Absolutely! www.linkedin.com/in/andreaswittig/
@TheBlackChessAuthority5 ай бұрын
Thanks, informative.
@felipevarela18615 ай бұрын
Great podcast!!
@cloudonaut5 ай бұрын
Thank you!
@pippopeppe835 ай бұрын
Real AWS news good and bad. Thanks
@cloudonaut5 ай бұрын
Thanks for your feedback!
@pippopeppe836 ай бұрын
Wonderful session, much better than normal presentation by AWS where they described things in a too much sugar way. Do you know if as a buyer you can run a marketplace solution using boto3 api call?
@cloudonaut6 ай бұрын
As far as I know, there is no API for subscribing to an AWS Marketplace product. However, after a subscription is active, you are able to deploy AMI products by launching EC2 instances or creating CloudFormation stacks.
@pippopeppe836 ай бұрын
Thanks for the info
@thewisearchitect6 ай бұрын
Great demo @cloudonaut. Thank U.
@cloudonaut6 ай бұрын
Thanks for your motivating feedback!
@user-mr6ws1dq8d6 ай бұрын
If generating a token is the same procedure , then anyone can generate a token and use it? kindly explain me if i am wrong?
@cloudonaut6 ай бұрын
Check out aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/ for details.
@mohamedsambo92106 ай бұрын
heavily awesome even after 2 years <3 <3
@cloudonaut6 ай бұрын
Thank you!
@rayama55257 ай бұрын
is dnssec applicable for domains in which one domain redirected to another domain
@cloudonaut7 ай бұрын
That's not really the focus. See www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en
@cloudonaut7 ай бұрын
@wuffgang Check out Mike's approach for accessing DynampDB: cloudonaut.io/dynamodb-entity-store-cleaner-typescript-code/.
@davidebadini30498 ай бұрын
Great video, thanks. If I want to allow access to my EC2 server only by passing through the VPN created with AWS Client VPN, how could I do it?
@cloudonaut8 ай бұрын
Use security groups to control traffic (see docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authorization.html#security-groups).
@meras15498 ай бұрын
One remark. You don't do Linting only in pipeline unless you pay for cloud costs by yourself :) Linting should be done at very early stage so you should have scripts to lint you code locally and then next step is to lint code during push and last is lint before merge. So linting in build is as well OK but before that you have bunch of tests before you will trigger build.
@cloudonaut8 ай бұрын
Yes, lint before tests. I also agree that you should be able to run all the steps locally as well.
@user-hs4sh4ye7l8 ай бұрын
hello and thank you for the tutorial. This method works great for me when I use SSH, but when I use SCP it throws me 'ssh: Could not resolve hostname' you know what it could be?
@cloudonaut8 ай бұрын
Is it possible, that scp is using a different config file?
@user-hs4sh4ye7l8 ай бұрын
@@cloudonaut thank you for the quick response <3. I was trying to copy the file to a restricted access folder, my bad! scp is working just like in your video
@sapguru09119 ай бұрын
Fabulous analysis. Thanks so much. I like the pitfalls. We are in the midst of integraiting AWS Security Hub to ServiceNow Incidents. so if you have any great insights to that integration, please let me know.
@pippopeppe839 ай бұрын
The AWS Client Endpoint was already created, you mentioned you need 2 hours to do it (probably the 2nd time you do it you spend less time). Anyway, I was looking for a guide to create it. Thanks anyway
@cloudonaut9 ай бұрын
Thanks for your feedback!
@thatguynick79929 ай бұрын
Is there an updated version of this content. Currently there isn’t an option to enable and disable encryption. SSE-S3 is default
@cloudonaut9 ай бұрын
Correct, S3 buckets are encrypted by default those days. Up until know, we haven't recorded an updated video yet.
@oleksandrlytvyn5329 ай бұрын
Hello, could you please add timecodes with topics discussed? It's hard to understand which topics are discussed and when it happens (when it starts)
@Niko-kf1gt9 ай бұрын
i agree
@cloudonaut9 ай бұрын
Thanks for the feedback! I added timecodes
@nalgonda53910 ай бұрын
AWS now has added VPC Reachability Analyzer on Organizations to find out connectivity between multiple AWS Accounts with transit gateway in between.
@cloudonaut9 ай бұрын
That's great! Thanks for the update!
@javiermadriz783410 ай бұрын
Great video, How much data did you load? How much time did it take you to finish upload?
@cloudonaut10 ай бұрын
As far as I remember it was around 1 TB of data. Took less than an hour to copy the data from my disk to the Snowcone device.
@yannkefeleck197410 ай бұрын
Real good job..thanks a lot
@cloudonaut10 ай бұрын
Thanks a lot for your motivating feedback!
@harekrishna26310 ай бұрын
Hi @cloudonaut, thanks for the amazing demo and really want to try this out for learning. I was unable to find the Node JS code for pushing the API data from Finhub to AWS TimestreamDB. In this video, it's mentioned that this code script is available in the community page, can you please guide on where can I find this community page?
@anisahmednacer541010 ай бұрын
it's an excellent video.
@TechLeadEngineer10 ай бұрын
Great video tutorial, thank you. Quick question, how do I use an SSO user to login with long-term credential? I have an API that needs to login to AWS to view data of a KDS. This is an automated process and so I need to use a proxy account coming from identity source (Azure AD in our case), however all the AWS docs I found only use IAM with short-term credential. Any idea? Thanks in advance.
@cloudonaut10 ай бұрын
Not possible.
@Anshie00710 ай бұрын
Absolutely great video ! One question if we don't have AWS organizations setup, we can still work with this setup for the same account right ? Also as recommendation, would have been cherry on top if you could add On prem AD as identity provider as that's the most common use case. Thanks again !
@cloudonaut10 ай бұрын
Your AWS account must be managed by AWS Organizations. If you haven't set up an organization, you don't have to. When you enable IAM Identity Center, you will choose whether to have AWS create an organization for you.
@user-ej1tp5kv2s10 ай бұрын
Short tutorial but clear explanation and covered all points. Thanks for providing such great videos.
@cloudonaut10 ай бұрын
Thank you!
@user-ut3jo8md3l10 ай бұрын
Hey Guys, your video is very distorted for approximately a minute from time 9:20. Thanks for the content
@cloudonaut10 ай бұрын
We are sorry for the technical issues. We are recording the show at two places. If one of our Internet connections is bad we run into such issues. Let ms see if we can optimize our setup. Thanks for reporting it!