AWS Notes

Сетевое хранилище данных категории Б DevHumor

Open Source как требование для государственных организаций Швейцарии. https://www.zdnet.com/article/switzerland-now-requires-all-government-software-to-be-open-source/ Так что не стоит сомневаться в перспективах OpenToFu, Valkey и других популярных Open Source проектов. P.S. Кстати, а что планируется вместо Sentry (если планируется)? #OpenSource

​​Не сомневайтесь, у вас всё получится. #DevOps

Amazon EKS Terraform Workshop https://catalog.us-east-1.prod.workshops.aws/workshops/afee4679-89af-408b-8108-44f5b1065cc7/en-US - Install the Sample Application - Observability - Automation using Flux - Using Kyverno Policy Manager - Enabling GuardDuty - VPC Lattice - VPC CNI Network Policy - Troubleshooting #EKS #Terraform #workshop

Бэкенд добавляет новый параметр в CI/CD пока девопс в отпуске (осторожно, больно смотреть). #пятничное

​​pgvector 0.7 is available in Aurora PostgreSQL: https://aws.amazon.com/about-aws/whats-new/2024/08/pgvector-0-7-0-aurora-postgresql/ pgvector 0.7 adds two new vector data types: ▪️ halfvec for storing dimensions as 2-byte floats ▪️ sparsevec for storing up to 1,000 nonzero dimensions #Aurora #PostgreSQL #пятничное

​​How to use LAG (Logically Air-Gapped) AWS Backup: https://aws.amazon.com/blogs/storage/building-cyber-resiliency-with-aws-backup-logically-air-gapped-vault/ • Fast recovery time due to ability to share with RAM • Auto-lock in compliance mode with AWS-owned key encryption #Backup

Open Source: Sentry — вычёркиваем. https://blog.sentry.io/sentry-is-now-fair-source/ #OpenSource

eiifccrcniubbnitrgrnbvrrclilniikdtrdhvniejie

AWS IPv6 Learning Path 1️⃣ IPv6 Fundamentals and VPC Connectivity https://explore.skillbuilder.aws/learn/course/20489 Foundational-level course covering IPv6 addressing, Amazon VPC IPv6 support, and VPC connectivity options using IPv6. 2️⃣ IPv6 Application Networking and Internet Edge Connectivity https://explore.skillbuilder.aws/learn/course/20488 Intermediate-level course on IPv6 for application networking, containers and serverless workload deployments, and AWS edge services. 3️⃣ IPv6 Design and Build Global IPv6 Networks on AWS https://explore.skillbuilder.aws/learn/course/20499 Intermediate-level course to learn about IPv6 network design, hybrid and global connectivity, and IPv6 security and monitoring. #IPv6

AWS з нуля українською https://www.youtube.com/watch?v=c-s8F0hyD2o&list=PLiv5DsFFzt7T_Ca2iuBBWNxuzolJKnTOM&index=5 #video #courses

​​AWS з нуля українською https://www.youtube.com/watch?v=c-s8F0hyD2o&list=PLiv5DsFFzt7T_Ca2iuBBWNxuzolJKnTOM&index=5 #video #cources

Как перенести AWS аккаунт из одной AWS Organization в другую. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_account_migration.html #Organizations

Заказчик не хочет выполнять взятые на себя финансовые обязательства, подвергая сомнению функциональные требования и сроки выполнения проекта перед завтрашним демо. #пятничное

В сердцах каждого амазоновца: Пожалуйста, и Chime тоже, ну, пожалуйста!

Jeff Barr After giving it a lot of thought, we made the decision to discontinue new access to a small number of services, including AWS CodeCommit. While we are no longer onboarding new customers to these services, there are no plans to change the features or experience you get today, including keeping them secure and reliable. We also support migrations to other AWS or third-party solutions better aligned with your evolving needs. Keep the feedback coming. We’re always listening. The services I'm referring to are: S3 Select, CloudSearch, Cloud9, SimpleDB, Forecast, Data Pipeline, and CodeCommit. https://x.com/jeffbarr/status/1818461689920344321

Jeff Barr After giving it a lot of thought, we made the decision to discontinue new access to a small number of services, including AWS CodeCommit. While we are no longer onboarding new customers to these services, there are no plans to change the features or experience you get today, including keeping them secure and reliable. We also support migrations to other AWS or third-party solutions better aligned with your evolving needs. Keep the feedback coming. We’re always listening. The services I'm referring to are: S3 Select, CloudSearch, Cloud9, SimpleDB, Forecast, Data Pipeline, and CodeCommit. https://x.com/jeffbarr/status/1818461689920344321

Student SCP policy — политика для защиты аккаунтов, предназначенных для изучения AWS. Покрыты все нужные сервисы, запрещены неадекватные действия по биллингу, запрещены действия, которые могут иметь долгосрочный и неотвратимый характер.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "StudentSCPpolicy",
      "Effect": "Deny",
      "Action": [
        "athena:CreateCapacityReservation",
        "aws-marketplace:AcceptAgreementRequest",
        "aws-marketplace:CreateAgreementRequest",
        "aws-marketplace:CreatePrivateMarketplaceRequests",
        "aws-marketplace:Subscribe",
        "backup:CreateLogicallyAirGappedBackupVault",
        "backup:PutBackupVaultLockConfiguration",
        "bedrock:CreateFoundationModelAgreement",
        "bedrock:CreateProvisionedModelThroughput",
        "cloudfront:CreateSavingsPlan",
        "devicefarm:PurchaseOffering",
        "directconnect:ConfirmCustomerAgreement",
        "dynamodb:PurchaseReservedCapacityOfferings",
        "ec2:AcceptReservedInstancesExchangeQuote",
        "ec2:CreateCapacityReservation",
        "ec2:CreateCapacityReservationFleet",
        "ec2:CreateReservedInstancesListing",
        "ec2:LockSnapshot",
        "ec2:PurchaseCapacityBlock",
        "ec2:PurchaseHostReservation",
        "ec2:PurchaseReservedInstancesOffering",
        "ec2:PurchaseScheduledInstances",
        "eks:CreateEksAnywhereSubscription",
        "elasticache:PurchaseReservedCacheNodesOffering",
        "elemental-appliances-software:CreateOrderV1",
        "elemental-appliances-software:SubmitOrderV1",
        "es:PurchaseReservedElasticsearchInstanceOffering",
        "es:PurchaseReservedInstanceOffering",
        "freertos:CreateSubscription",
        "glacier:CompleteVaultLock",
        "glacier:PurchaseProvisionedCapacity",
        "groundstation:ReserveContact",
        "iottwinmaker:UpdatePricingPlan",
        "iq:ApprovePaymentRequest",
        "mediaconnect:PurchaseOffering",
        "medialive:PurchaseOffering",
        "memorydb:PurchaseReservedNodesOffering",
        "organizations:LeaveOrganization",
        "organizations:DeleteOrganization",
        "organizations:RemoveAccountFromOrganization",
        "outposts:CreateOrder",
        "panorama:ProvisionDevice",
        "quicksight:Subscribe",
        "quicksight:UpdateSPICECapacityConfiguration",
        "rbin:LockRule",
        "rds:PurchaseReservedDBInstancesOffering",
        "redshift:AcceptReservedNodeExchange",
        "redshift:PurchaseReservedNodeOffering",
        "route53domains:AcceptDomainTransferFromAnotherAwsAccount",
        "route53domains:RegisterDomain",
        "route53domains:RenewDomain",
        "route53domains:TransferDomain",
        "route53domains:TransferDomainToAnotherAwsAccount",
        "s3:PutBucketObjectLockConfiguration",
        "s3:PutObjectLegalHold",
        "s3:PutObjectRetention",
        "s3-object-lambda:PutObjectLegalHold",
        "s3-object-lambda:PutObjectRetention",
        "savingsplans:CreateSavingsPlan",
        "shield:CreateSubscription",
        "snowball:CreateJob",
        "snowball:CreateLongTermPricing"
      ],
      "Resource": "*"
    }
  ]
}

Student SCP policy не имеет ограничений на адекватные действия и создание любых ресурсов, что могут потребоваться для изучения. Поэтому предполагается обязательная настройка AWS Budgets и алертов. Если требуется более жёсткие ограничений, то нужно использовать Allow List Approach — вместо запрещения проблемных лишь разрешать нужные. #security #organizations #scp