Skip to main content


Showing posts with the label AWS

Amazon EventBridge - Resource-based Policies and Lambda

Refer AWS Documentation here When a rule runs in EventBridge, all of the targets associated with the rule are invoked.  Rules can invoke AWS Lambda functions, publish to Amazon SNS topics or relay the event to Kinesis streams. To make API calls against the resources you own, EventBridge needs appropriate permissions. EventBridge uses Resource-based policies for: 1. Lambda 2. Amazon SNS 3. Amazon SQS 4. Amazon CloudWatch Logs  EventBridge uses Identity-based policies for: Kinesis streams  AWS Lambda Permissions will look something like below: {   "Effect": " Allow ",   "Action": " lambda:InvokeFunction ",   "Resource": "arn:aws:lambda:region:account-id:function:function-name",   "Principal": {     "Service": " "   },   "Condition": {     "ArnLike": {       "AWS:SourceArn": "arn:aws:events:region:account-id:rule/rule-name"     }   },   &

Tejas Jain - AWS Notes #1

AWS Organizational Hierarchy AWS Organizations "must" be the starting point of your AWS deployment. (unless you are absolutely sure that it won't scale.. highly unlikely!!) An AWS Organization comprises of multiple "Organizational Units (OUs)". OUs comprise of other OUs or member "AWS Accounts".  Image credits : Here Tip : Design the OUs such that they complement with your organizational hierarchy and businesses and sub-divisions. For eg.  Company XYZ maps to an AWS Organization,     --  Finance maps an OU,         --   Investment Banking within Finance maps to a sub-OU               -- Investment Banking Prod environment maps to an AWS Account               -- Investment Banking Non-Prod environment gets another AWS Account               -- Investment Banking Dev environment gets another AWS Account        --   Fixed Income within Finance maps to another sub-OU       --    Retail within Finance maps to another sub-OU          and so on...   OUs insid

How to create AWS Internet Gateway and edit route tables?

A VPC has been created with an address scope, subnets have been created within that scope and EC2 instances have been created in the VPC. Now, you wish to provide your EC2 instances with Internet access. This can be done either by selection "Allocate a public IP" during the instance creation or allocating an Elastic IP to your account and associating the elastic IP to your instance. All this is possible only if you have an Internet Gateway associated with the VPC and the route table having the internet routes (or default route) pointing towards Internet Gateway. Let's create Internet Gateway. Go to Services >> VPC >> On the left pane, under Virtual Private Cloud, click Internet Gateways. Internet Gateway Click on "Create internet gateway", enter the Name tag and "Create" Internet Gateway Now associate the Internet Gateway with a VPC, by clicking on the internet gateway (just created), and Actions: Attach to VPC Attach to VPC In my case s

How to attach an Elastic IP to an EC2 instance

So you have created a VPC and your EC2 instance is ready.. (here I am assuming we haven't configured public IP, while creating EC2 instance). Let us now allocate an Elastic IP address to our AWS account from the Amazon's reserved public IP range. This can be done by Services >> EC2 >> Scroll down the left navigation pane and under Network & Security, click on Elastic IPs . Click on the Allocate Elastic IP address button AWS Elastic IP Once this IP address is allocated, select the Elastic IP, click on Actions and click on "Associate Elastic IP address", as below: Associate Elastic IP with an instance This would bring up the below page which gives an option to select the EC2 instance which this Elastic IP needs to be allocated to. [I have erased my Elastic IP address and the Instance ID] Associate Elastic IP with an instance And that should be it. There is a catch here, however! The above process won't work if there is no Internet Gateway associa

How to create a subnet in AWS

If you haven't created the VPC in which you are going to create a new subnet, then check the article here . A subnet is simply the subset of the IPv4 CIDR block which you defined while creating a VPC. It provides a demarcation for the broadcast domains. Requirements: An AWS account Virtual Private Cloud (VPC) - A subnet always resides in a VPC and hence a VPC should be present prior to creating it The subnet must be the wholly contained within the IPv4 CIDR block that you defined in the VPC Steps: Sign in to your AWS account. Under Services >> Networking >> VPC VPC Dashboard >> Your VPCs >> Click on your VPC Select Subnets >> Click on "Create Subnet" Details: Name tag: Name of the subnet (self evident) VPC: Select the VPC that you want this subnet to be the part of VPC CIDRs would be automatically populated (since it was defined at the time of VPC creation) Availability Zone: You get an option to select the AZ (in the same region as that of t

AWS Elastic IP address Billing

An Elastic IP address doesn’t incur charges as long as the following conditions are true: The Elastic IP address is associated with an EC2 instance. The instance associated with the Elastic IP address is running. The instance has only one Elastic IP address attached to it. AWS does provide you an option to import your own IP pool (if you already bought it) for which you would never incur any additional expense. Amazon would penalize you for breaching the above conditions on an hourly basis. So, best utilize your elastic IPs efficiently. Release them if you no longer need them.

AWS - Create VPC

A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is an isolated network where you can spin your resources in. Requirements: An AWS account (of course!) Region - A VPC resides in a particular region (the same cannot be said about the Availability zone (AZ).. in fact a VPC spans across all the Availability Zones in the region in which it is defined. Steps: Sign in to your AWS account. Under Services >> Networking >> VPC VPC Dashboard >> Your VPCs (You should find one VPC created by default with a subnet Let's create a new one. Click on "Create VPC" button Details; Name tag : Name of the VPC (self evident) IPv4 CIDR block : Specify your supernet from which smaller subnets would be created and allocated to the resources We are not using IPv6 here Tenancy : Dedicated tenancy ensures all EC2 instances that are launched in a VPC run on hardware that's dedicated to a single customer.  The default is shared

AWS Workspaces - Unhide C drive

AWS Workspaces Windows 10 has C:\ drive hidden by default.. To unhide it, locate the following directory in Windows Registry (regedit), HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer Dword Value - NoDrives. By default it is set to Hexidecimal value of 4.. Change it to Hexidecimal value of 0 Restart the Workspace and C:\ drive should be visible.