| # Another way to fix this is to let SecretsManager handle it when creating/updating the DatabaseInstance | |
| # The SecretsManager will produce a 30 character string and I’ll leave it as an exercise to the reader to calculate | |
| # the probability of generating a string that does NOT include at least 3 of the character groups indicated above. | |
| exclude_characters=string.printable | |
| .replace(string.ascii_letters, "") | |
| .replace(string.digits, "") | |
| .replace(string.whitespace, " ") | |
| .replace('#', "") | |
| .replace("$", "") |
| aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=UserAuthentication | jq '.Events|.[]|.Username' | sort | uniq |
| Resources: | |
| Bucket: | |
| Type: AWS::S3::Bucket |
| { | |
| "Version": "2012-10-17", | |
| "Id": "Policy1610637024575", | |
| "Statement": [ | |
| { | |
| "Sid": "Stmt1610637009631", | |
| "Effect": "Allow", | |
| "Principal": "*", | |
| "Action": "s3:GetObject", | |
| "Resource": [ |
| AWSTemplateFormatVersion: "2010-09-09" | |
| Description: "Simple VPC with one public subnet and one instance - access via ssm, rds (and port 80)" | |
| Parameters: | |
| KeyName: | |
| Type: AWS::EC2::KeyPair::KeyName | |
| Description: Name of an existing EC2 KeyPair to enable SSH/RDP access to the instance | |
| VPCCIDR: | |
| Type: String | |
| Description: VPC address range |
The AWS E-learning course "Creating an IAM Role for AWS Partner-Led Support" describes how to make a specific support role, but doesn't provide the actual template.
This is an advanced way to roll out the role needed, in a multi account structure. If the Partner-Led customer is using AWS ControlTower or AWS LandingZone or some other home baked control mechanism under AWS Organizations, a StackSet is probably the way to go.
Until a few days ago, I used CloudFormation Export to transfer values between templates.
I got the error "Cannot update an export variable as it is in use by another stack." and started Googling and found
https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-systems-manager-parameter/
Of course, I had to try that myself.
The subnet id's below are from one of my training accounts ..
(setq org-confirm-babel-evaluate nil)
(setq org-babel-sh-command "ssh default ")
;; customize the following variables:
;;(setq org-babel-load-languages
;;<<< '((emacs-lisp . t) (python . t) (clojure . t) (sh . t ) (perl . t)))
| --- | |
| Parameters: | |
| RootAccountID: | |
| Type: String | |
| Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Resources: | |
| AWSCloudFormationStackSetExecutionRole: | |
| Type: AWS::IAM::Role |
| --- | |
| Parameters: | |
| RootAccountID: | |
| Type: String | |
| Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Resources: | |
| AWSCloudFormationStackSetExecutionRole: | |
| Type: AWS::IAM::Role |