Forum Replies Created
August 7, 2021 at 7:38 pm in reply to: How to turn on automatic encryption of new Amazon EBS Volumes? #332
New Amazon EBS volumes aren’t encrypted by default. However, there is a setting in the Amazon Elastic Compute Cloud (Amazon EC2) console that turns on encryption by default for all new Amazon EBS volumes and snapshot copies created within a specified Region.
Steps – >
1) Open the Amazon EC2 console.
2) Select the Region from the drop-down menu.
3) On the EC2 Dashboard, under Account Attributes, select Settings.
4) Under EBS Storage, select Always encrypt new EBS volumes.
5) Select Change the default key and choose any of your keys (default/CMKs) as the
Default encryption key.
6) Select Save Settings.
7) Repeat these steps for other Regions as needed.August 7, 2021 at 7:29 pm in reply to: How to run AWS Lambda function works with container images? #330
You can get started with deploying containers to AWS Lambda in three steps:
1) Prepare a container definition that implements the Lambda Runtime Interface as
2) Build the container image and publish it to Amazon Elastic Container Registry (ECR).
3) Deploy an AWS Lambda, grant it access to the ECR, and point it to the container image.
Your container image has to implement AWS Lambda runtime API. Runtime API is a simple HTTP-based protocol with operations to retrieve invocation data, submit responses, and report errors.
EC2 –> Deploy and manage your own cluster of EC2 instances for running the containers AWS Fargate –> Run containers directly, without any EC2 instances
Both are completely valid techniques for operating your containers in a scalable and reliable fashion. Which one you pick primarily depends on which factors you want to optimize for.
A)–> Core Organizational Unit with 3 accounts:
1) Master Account
2) Log Archive Account
3) Audit Account
B)–> Within each account, an initial security baseline that includes:
1) AWS CloudTrail
2) AWS Config
3) AWS Config Rules enabled for monitoring
4) AWS IAM roles
5) An initial Amazon VPC network
C)–> An Account Factory – essentially, an AWS Service Catalog product that allows you to automatically create new “child” accounts to the existing Organization that maintain all predefined security baselines
D)–> The Control Tower Dashboard – limited UI to the base Control Tower constructs. Only components deployed and managed by Control Tower are seen in the dashboard.
As Control Tower is built on the backbone of AWS Organizations, which allows you automatically control access and permissions for child accounts. AWS Organizations allows you to define Service Control Policies to limit the services that are available to different accounts within the Organization.
AWS Control Tower is a solution that helps automate the process of setting up and configuring multiple accounts known as AWS Landing Zone.
Best practices for a multi-account architecture are embedded in the solution, making AWS Control Tower perfect for companies with complex workloads and larger teams that want to quickly migrate to AWS.
Control Tower is deeply tied into AWS Organizations, a service that allows you to enroll any number of “child” accounts under a parent account and apply policies across all accounts from a single location.
With serverless computing, infrastructure management tasks like capacity provisioning and patching are handled by AWS, so you can focus on only writing code that serves your customers. Serverless services like AWS Lambda come with automatic scaling, built-in high availability, and a pay-for-value billing model.
Important – Simple functions in isolation make development easier, while event-driven execution makes operations cheaper
Benefits of serverless computing:-
1) By eliminating operational overhead, your teams can release quickly, get feedback, and iterate to get to market faster.
2) With a pay-for-value billing model, you never pay for over-provisioning and your resource utilization is optimized on your behalf.
3) With technologies that automatically scale from zero to peak demands, you can adapt to customer needs faster than ever.
4) Serverless applications have built-in service integrations, so you can focus on building your application instead of configuring it.
AWS serverless services are as given below:-
COMPUTE – AWS Lambda, AWS Fargate
APPLICATION INTEGRATION – Amanzon Event Bridge, AWS Step Functions, Amazon SQS, Amazon
SNS, Amazon API Gateway, AWS AppSync
DATA STORE – Amazon S3, Amazon DynamoDB, Amazon RDS Proxy, Amazon Aurora Serverless
- This reply was modified 2 years, 3 months ago by Harjap.
AWS EC2 is a service that allows for using virtual machines called EC2 instances in the cloud and providing scalability. You can change the amount of disk space, CPU performance, memory etc. whenever you need. You can select the base image with the necessary pre-installed operating system.
The most common use cases of AWS EC2 are:
1) Hosting web sites
2) Developing and testing applications or complex environments
3) High performance computing
4) Disaster recovery
General use cases of AWS Lambda:
1) Automating tasks
2) Processing objects uploaded to Amazon S3
3) Real-time log analyzing
4) Real-time filtering and transforming data
AWS Marketplace is a digital store that is used by customers to find, buy, consume, and manage third-party software, services, and data that customers need to build solutions and run their businesses.
AWS Marketplace is very helpful for Independent Software Vendors, Value-Added Resellers , and Systems Integrators, who have software products they want to offer to customers in the cloud. Partners use AWS Marketplace to be up and running in days and offer their software products to customers around the world.
For more information please follow the link :- https://aws.amazon.com/partners/aws-marketplace/August 7, 2021 at 1:54 pm in reply to: How to re-create the deleted default VPC in aws account? #315
You need to contact the support center and raise a query. Please follow the link below
to ask for help. Folow: — http://amzn.to/1pAUHYo
You can change the security groups when the instance is in the running or stopped state.
To change the security groups for an instance using the console
1. Open the Amazon EC2 console.
2. In the navigation pane, choose Instances.
3. Select your instance, and then choose Actions, Security, Change security groups.
4. For Associated security groups, select a security group from the list and choose Add security group.
To remove an already associated security group, choose Remove for that security group.
For more information, Please follow this link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#changing-security-groupAugust 7, 2021 at 1:34 pm in reply to: How to find out the usage costs to specific groups within our organization #312
There are two general methods; you can use either, or both.
1) Create Subaccounts.
2) Tag your resources. Many AWS resources can be tagged with a number of key-value pairs you choose. You can add tags to your resources that identify the program a user is working on.
Yes, you will be charged for usage that isn’t covered by or goes beyond the free tier. You can set up a billing alarm to be notified when your upcoming bill exceeds a certain amount, which could very well be set to $0. That way you can quickly act on potentially unwanted charges, but there is unfortunately no way to automatically stay inside the free tier so to speak.
For more information, please follow this link:- http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-alarms.html
- This reply was modified 2 years, 3 months ago by Harjap.
A Stateful Firewall is the one that maintains the state of the rules defined. It requires you to define only inbound rules. Based on the inbound rules defined, it automatically allows the outbound traffic to flow.
On the other hand, a Stateless Firewall requires you to explicitly define rules for inbound as well as outbound traffic.
For example, if you allow inbound traffic from Port 80, a Stateful Firewall will allow outbound traffic to Port 80, but a Stateless Firewall will not do so.
Using multiple AWS accounts to help isolate and manage your business applications and data can help you optimize across most of the AWS Well-Architected Framework pillars including operational excellence, security, reliability, and cost optimization. This paper provides best practices for organizing your overall AWS environment. The extent to which you use these best practices depends on your stage of the cloud adoption journey and your specific business needs.
Way to use :-
1) Open Aws single sign-on console.
2) Enable sign-on service, select the identity source.
3) Add groups and users, in the left navigation pane.
4) Go to AWS accounts in the left navigation pane, choose permissions-set tab and create permission-set by adding the managed-policies or inline policy.
5) Go to AWS accounts in the left navigation pane, choose AWS organization tab.
6) Choose any account then select the user or group to assign, next choose permissions-set for the user and finish.
7) Now ask the user to confirm the sso login service in the email they received and set the password.
8) Finally go to the Settings option in the left menu pane and click on the User portal URL to login through SSO.