Karsten Lang klang

## fix_in_cdk.py
# Another way to fix this is to let SecretsManager handle it when creating/updating the DatabaseInstance
# The SecretsManager will produce a 30 character string and I’ll leave it as an exercise to the reader to calculate
# the probability of generating a string that does NOT include at least 3 of the character groups indicated above.

exclude_characters=string.printable
  .replace(string.ascii_letters, "")
  .replace(string.digits, "")
  .replace(string.whitespace, " ")
  .replace('#', "")
  .replace("$", "")

## cloudtrail-unique-users.sh
 aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=UserAuthentication | jq '.Events|.[]|.Username' | sort | uniq

## bucket1.yaml
Resources:
  Bucket:
    Type: AWS::S3::Bucket

## s3_object
{
  "Version": "2012-10-17",
  "Id": "Policy1610637024575",
  "Statement": [
    {
      "Sid": "Stmt1610637009631",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": [

## bettervpc.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: "Simple VPC with one public subnet and one instance - access via ssm, rds (and port 80)"

Parameters:
  KeyName:
    Type:         AWS::EC2::KeyPair::KeyName
    Description:  Name of an existing EC2 KeyPair to enable SSH/RDP access to the instance
  VPCCIDR:
    Type:         String
    Description:  VPC address range

## readme.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                klang
                / readme.md
            
            
              Last active
              February 4, 2021 08:56
            
              
                The AWS E-learning course "Creating an IAM Role for AWS Partner-Led Support" describes how to make a specific support role, but doesn't provide the actual template. This is an advanced way to roll out the role needed, in a multi account structure.
              
          
    The AWS E-learning course "Creating an IAM Role for AWS Partner-Led Support"
describes how to make a specific support role, but doesn't provide the actual template.
This is an advanced way to roll out the role needed, in a multi account structure. If the Partner-Led customer is using AWS ControlTower
or AWS LandingZone or some other home baked control mechanism under AWS Organizations, a StackSet is probably the way to go.

  
## readme.md

      
              3 files
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                klang
                / readme.md
            
            
              Last active
              October 16, 2020 11:00
            
              
                Using AWS::SSM::Parameter to break AWS CloudFormation dependencies
              
          
    Until a few days ago, I used CloudFormation Export to transfer values between templates.
I got the error "Cannot update an export variable as it is in use by another stack." and started Googling and found
https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-systems-manager-parameter/
Of course, I had to try that myself.
The subnet id's below are from one of my training accounts ..

  
## AWSLandingZoneAdminExecutionRolesParameter.yaml
---
Parameters:
  RootAccountID:
    Type: String
    Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  AWSCloudFormationStackSetExecutionRole:
    Type: AWS::IAM::Role

## AWSCloudFormationStackSetExecutionRole.yaml
---
Parameters:
  RootAccountID:
    Type: String
    Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  AWSCloudFormationStackSetExecutionRole:
    Type: AWS::IAM::Role

## variables.tf
locals {
    project = "project-name"
    env = {
        # default.name = "default-workspace-name" # <= tf0.11 notation
        default_name = "default-workspace-name"   # <= tf0.12 notation
        # other.name = "other-workspace-name"
        other_name = "other-workspace-name"
    }
    name = "${lookup(local.env, "${terraform.workspace}_name")}"
}
	# Another way to fix this is to let SecretsManager handle it when creating/updating the DatabaseInstance
	# The SecretsManager will produce a 30 character string and I’ll leave it as an exercise to the reader to calculate
	# the probability of generating a string that does NOT include at least 3 of the character groups indicated above.

	exclude_characters=string.printable
	.replace(string.ascii_letters, "")
	.replace(string.digits, "")
	.replace(string.whitespace, " ")
	.replace('#', "")
	.replace("$", "")
	{
	"Version": "2012-10-17",
	"Id": "Policy1610637024575",
	"Statement": [
	{
	"Sid": "Stmt1610637009631",
	"Effect": "Allow",
	"Principal": "*",
	"Action": "s3:GetObject",
	"Resource": [
	AWSTemplateFormatVersion: "2010-09-09"
	Description: "Simple VPC with one public subnet and one instance - access via ssm, rds (and port 80)"

	Parameters:
	KeyName:
	Type: AWS::EC2::KeyPair::KeyName
	Description: Name of an existing EC2 KeyPair to enable SSH/RDP access to the instance
	VPCCIDR:
	Type: String
	Description: VPC address range
	---
	Parameters:
	RootAccountID:
	Type: String
	Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets

	AWSTemplateFormatVersion: '2010-09-09'
	Resources:
	AWSCloudFormationStackSetExecutionRole:
	Type: AWS::IAM::Role
	locals {
	project = "project-name"
	env = {
	# default.name = "default-workspace-name" # <= tf0.11 notation
	default_name = "default-workspace-name" # <= tf0.12 notation
	# other.name = "other-workspace-name"
	other_name = "other-workspace-name"
	}
	name = "${lookup(local.env, "${terraform.workspace}_name")}"
	}