How Do You Attach a Lambda Function to a VPC?

0 Comments

Problem scenario
When trying to attach a Lambda function to a VPC, you get an error like this: “The provided execution role does not have permissions to call CreateNetworkInterface on EC2”

What should you do?

Solution
1. Go to IAM and create a policy. Use the JSON editor. Use these settings (taken from StackOverflow):

{
“Version”: “2012-10-17”, …

Continue reading “How Do You Attach a Lambda Function to a VPC?”

How Do You Use the AWS CLI to Return IAM Information with the AssumePolicyDocument Nested JSON?

0 Comments

Problem scenario
You want to craft an AWS CLI command to return the principal services of your IAM roles. You want the name and the ARN values of the roles to be printed along with the principal services. You know the principal services data is in the AssumePolicyDocument. Your previous attempts have returned “None” for this value. What do you do?

Solution
Run a command like this:

aws iam list-roles –output text –query ‘Roles[*].[RoleName,Arn,AssumeRolePolicyDocument.Statement[*].Principal]’ …

Continue reading “How Do You Use the AWS CLI to Return IAM Information with the AssumePolicyDocument Nested JSON?”

How Do You Configure Email Alerts for AWS Spending Thresholds of Specific Dollar Amounts?

0 Comments

Problem scenario
Sometimes you forget what is running in AWS. You want to be notified when you have spent a certain amount of money. How do you set up a notification in your AWS account that will apprise you when you have have spent over a certain amount of money for a given month?

Solution

  1. Log into the AWS Management Console (aka the web UI).

Continue reading “How Do You Configure Email Alerts for AWS Spending Thresholds of Specific Dollar Amounts?”

Why Cannot a User Approve a Release Pipeline to an Environment?

0 Comments

Problem scenario
A user in Azure DevOps cannot approve releases to a given environment. The permissions are correct; the user is a member of the relevant custom security group in the project. Why can’t the user approve the deployment to an environment?

Solution
Can the user go to the Azure DevOps organization? Can the user also see the project? The organization subsumes a project,

Continue reading “Why Cannot a User Approve a Release Pipeline to an Environment?”

What Are Eight Ways of Rotating AWS IAM Keys?

0 Comments

Problem scenario
You want to rotate AWS IAM keys across a unique set of different AWS accounts. Regular rotation is a recommended practice for securing your AWS resources (per this Amazon posting). Just as passwords can be brute-forced and defeated through exhaustive attempts, access keys could be randomly generated and attempted via a malicious person or program; rotating the access keys can make hacking your AWS resources tremendously more difficult.

Continue reading “What Are Eight Ways of Rotating AWS IAM Keys?”

How Do You Troubleshoot the AWS Error “Subnets specified must be in at least two different AZs”?

0 Comments

Problem scenario
You run an AWS CLI command, but you get this error message:
“An error occurred (InvalidParameterException) when calling the CreateCluster operation: Subnets specified must be in at least two different AZs”
How do you find subnets in different availability zones?

Solution
Run commands such as these (but replace the “us-west-x” and “us-east-x” with the availability zones that you use):

aws ec2 describe-subnets –query ‘Subnets[?AvailabilityZone==us-west-1a]’
aws ec2 describe-subnets –query ‘Subnets[?AvailabilityZone==us-west-1b]’
aws ec2 describe-subnets –query ‘Subnets[?AvailabilityZone==us-west-1c]’
aws ec2 describe-subnets –query ‘Subnets[?AvailabilityZone==us-east-2a]’
aws ec2 describe-subnets –query ‘Subnets[?AvailabilityZone==us-east-2b]’
aws ec2 describe-subnets –query ‘Subnets[?AvailabilityZone==us-east-2c]’

Now you will see more subnet IDs for your original command.

Continue reading “How Do You Troubleshoot the AWS Error “Subnets specified must be in at least two different AZs”?”

How Do You Troubleshoot “Warning FailedScheduling … default-scheduler no nodes available to schedule pods”?

0 Comments

Problem scenario
You are running EKS in AWS. You get this message “Warning FailedScheduling … default-scheduler no nodes available to schedule pods”. How do you troubleshoot it?

Solution
Verify your nodes are healthy with this command: kubectl get nodes

If you are using EKS, you may need to create nodes. Here is a command to do that (but replace “foo” with the name of the EKS cluster that you have,

Continue reading “How Do You Troubleshoot “Warning FailedScheduling … default-scheduler no nodes available to schedule pods”?”