Tag Archives: iam

AWS: Prevent VPC Modifications

Posted on April 21, 2018 by Jay V

If you have a busy AWS environment accessed by multiple developers, you will have someone modify your some aspect of your core infrastructure inadvertently. In our case, we have our VPC-related infrastructure deployed using Cloudformation and maintained via CF stack … Continue reading →

Posted in Amazon Web Services, DevOps | Tagged aws, deny, developers, iam, modifications, mods, policy, sso, user, vpc | Leave a comment

AWS S3 Bucket Policy to Only Allow Encrypted Object Uploads

Posted on February 7, 2017 by Jay V

Amazon S3 supports two types of encryption (server-side-encryption or SSE) for security of data at rest — AES256, and AWS/KMS. AES256 is termed as S3-managed encryption keys [SSE-S3], whereas, KMS is termed, well, SSE-KMS where in the customer manages their … Continue reading →

Posted in Amazon Web Services, Tech. | Tagged aes256, aws, bucket, deny, encryption, iam, kms, objects, policy, s3, sse, uploads | Leave a comment

Automating IAM Instance Profile with Ansible

Posted on June 30, 2016 by Jay V

My previous post talked about creating AWS IAM Instance Profiles so you don’t have to save keys on the instances. In this post, we’ll look at using Ansible to launch EC2 instances with IAM Instance Profiles attached to them (you … Continue reading →

Posted in Amazon Web Services, Tech. | Tagged arn, aws, iam, instance, passrole, permissions, policy, profile, user | Leave a comment

Simple Howto: AWS IAM Instance Profiles

Posted on June 23, 2016 by Jay V

For those of you looking to set up applications to run on EC2 instances without having to put credentials on the machines, there is an option. AWS has a great feature for exactly this purpose, and it’s called IAM Instance … Continue reading →

Posted in Amazon Web Services, Tech. | Tagged aws, ec2, iam, instance, logstash, profile, role, s3 | Leave a comment