Monday, February 17, 2020
Home Blog

CFTManager covers all AWS Services for Tags Validation


Not sure about AWS Services that support Tags, use CFTManager to verify if tagging is done as expected.

AWS Service and Data Type List that support Tags –

AmazonMQ Broker
AmazonMQ Configuration
Amplify App
Amplify Branch
ApiGateway ApiKey
ApiGateway ClientCertificate
ApiGateway DomainName
ApiGateway RestApi
ApiGateway Stage
ApiGateway UsagePlan
ApiGatewayV2 Api
ApiGatewayV2 DomainName
ApiGatewayV2 Stage
AppMesh Mesh
AppMesh Route
AppMesh VirtualNode
AppMesh VirtualRouter
AppMesh VirtualService
AppStream Fleet
AppStream ImageBuilder
AppStream Stack
AppSync GraphQLApi
AutoScaling AutoScalingGroup
CertificateManager Certificate
CloudFormation Stack
CloudFront Distribution
CloudTrail Trail
CodeBuild Project
CodeCommit Repository
CodePipeline CustomActionType
CodePipeline Pipeline
CodeStarNotifications NotificationRule
DAX Cluster
DMS Endpoint
DMS EventSubscription
DMS ReplicationInstance
DMS ReplicationSubnetGroup
DMS ReplicationTask
DocDB DBCluster
DocDB DBClusterParameterGroup
DocDB DBInstance
DocDB DBSubnetGroup
DynamoDB Table
EC2 CustomerGateway
EC2 DHCPOptions
EC2 Instance
EC2 InternetGateway
EC2 NatGateway
EC2 NetworkAcl
EC2 NetworkInterface
EC2 RouteTable
EC2 SecurityGroup
EC2 Subnet
EC2 TrafficMirrorFilter
EC2 TrafficMirrorSession
EC2 TrafficMirrorTarget
EC2 TransitGateway
EC2 TransitGatewayAttachment
EC2 TransitGatewayRouteTable
EC2 VPCPeeringConnection
EC2 VPNConnection
EC2 VPNGateway
EC2 Volume
ECR Repository
ECS Cluster
ECS Service
ECS TaskDefinition
EMR Cluster
ElastiCache CacheCluster
ElastiCache ReplicationGroup
ElasticBeanstalk Environment
ElasticLoadBalancing LoadBalancer
ElasticLoadBalancingV2 LoadBalancer
ElasticLoadBalancingV2 TargetGroup
Elasticsearch Domain
FSx FileSystem
Glue Crawler
Glue DevEndpoint
Glue Job
Glue Trigger
Glue Workflow
Greengrass ConnectorDefinition
Greengrass CoreDefinition
Greengrass DeviceDefinition
Greengrass FunctionDefinition
Greengrass Group
Greengrass LoggerDefinition
Greengrass ResourceDefinition
Greengrass SubscriptionDefinition
IAM Role
IoTAnalytics Channel
IoTAnalytics Dataset
IoTAnalytics Datastore
IoTAnalytics Pipeline
IoTEvents DetectorModel
IoTEvents Input
Kinesis Stream
Lambda Function
MSK Cluster
MediaConvert JobTemplate
MediaConvert Preset
MediaConvert Queue
MediaLive Channel
MediaLive Input
MediaLive InputSecurityGroup
Neptune DBCluster
Neptune DBClusterParameterGroup
Neptune DBInstance
Neptune DBParameterGroup
Neptune DBSubnetGroup
OpsWorks Layer
OpsWorks Stack
Pinpoint App
Pinpoint Campaign
Pinpoint EmailTemplate
Pinpoint PushTemplate
Pinpoint Segment
Pinpoint SmsTemplate
PinpointEmail ConfigurationSet
PinpointEmail DedicatedIpPool
PinpointEmail Identity
QLDB Ledger
RAM ResourceShare
RDS DBCluster
RDS DBClusterParameterGroup
RDS DBInstance
RDS DBParameterGroup
RDS DBSecurityGroup
RDS DBSubnetGroup
RDS OptionGroup
Redshift Cluster
Redshift ClusterParameterGroup
Redshift ClusterSecurityGroup
Redshift ClusterSubnetGroup
RoboMaker Fleet
RoboMaker Robot
RoboMaker RobotApplication
RoboMaker SimulationApplication
Route53Resolver ResolverEndpoint
Route53Resolver ResolverRule
S3 Bucket
SNS Topic
SQS Queue
SSM Document
SSM MaintenanceWindow
SSM Parameter
SSM PatchBaseline
SageMaker Endpoint
SageMaker EndpointConfig
SageMaker Model
SageMaker NotebookInstance
SageMaker Workteam
SecretsManager Secret
SecurityHub Hub
ServiceCatalog CloudFormationProduct
ServiceCatalog CloudFormationProvisionedProduct
ServiceCatalog Portfolio
StepFunctions Activity
StepFunctions StateMachine
Transfer Server
Transfer User
WorkSpaces Workspace

Introducing AWS Compute Optimizer


Today we are announcing AWS Compute Optimizer, a new machine learning-based recommendation service that makes it easy for you to ensure that you are using optimal AWS Compute resources.  

Over-provisioning resources can lead to unnecessary infrastructure cost, and under-provisioning can lead to poor application performance. AWS Compute Optimizer delivers intuitive and easily actionable Amazon EC2 instance recommendations so that you can identify optimal Amazon EC2 instance types, including those that are part of Auto Scaling groups, for your workloads, without requiring specialized knowledge or investing substantial time and money. 

Announcing Amazon Kendra: Reinventing Enterprise Search with Machine Learning


AWS announced Amazon Kendra, a new highly accurate and easy to use enterprise search service powered by machine learning. Kendra provides a more intuitive way to search, using natural language, and returns more accurate answers so your end users can discover information stored within the vast amount of content spread across your company. Users can ask questions like “How long is maternity leave?” and get a specific answer such as “14 weeks”, or “How do I configure my VPN?” and get a specific passage extracted from a document describing the process. With Kendra, you can provide pinpoint search accuracy from content within your manuals, research reports, FAQs, HR documentation, customer service guides, and more. learn more…

Cloud Formation Template Best Practices


Best practices are recommendations that can help you use AWS CloudFormation more effectively and securely throughout its entire workflow. Learn how to plan and organize your stacks, create templates that describe your resources and the software applications that run on them, and manage your stacks and their resources. CFT Manager helps automate the process by validating your cloud formation template for these best practices

CFT Manager scans your template for below best practices –

Use IAM to Control Access

IAM is an AWS service that you can use to manage users and their permissions in AWS. You can use IAM with AWS CloudFormation to specify what AWS CloudFormation actions users can perform, such as viewing stack templates, creating stacks, or deleting stacks. Furthermore, anyone managing AWS CloudFormation stacks will require permissions to resources within those stacks. CFT Managers flags any permissions provided with (*) on Effect, Action or Resource to make sure only limited access to resource is provided for specific actions.

Reusable Templates –

  • Use Cross-Stack References to Export Shared Resources, use cross-stack references to export resources from a stack so that other stacks can use them. Stacks can use the exported resources by calling them using the Fn::ImportValue function. This reduces hard coding the values and no need to make changes for each environment.
  • To make templates reusable, use the parameters, mappings, and conditions sections so that you can customize your stacks when you create them
  • Use AWS-Specific Parameter Types

Do Not Embed Credentials in Your Templates

Rather than embedding sensitive information in your AWS CloudFormation templates, we strongly suggest you do one of the following:

  • Use input parameters to pass in information whenever you create or update a stack, using the NoEcho property to obfuscate the parameter value.
  • Use dynamic parameters in the stack template to reference sensitive information that is stored and managed outside of CloudFormation, such as in the Systems Manager Parameter Store or Secrets Manager.

Use Parameter Constraints

With parameter constraints, you can describe allowed input values so that AWS CloudFormation catches any invalid values before creating a stack. You can set constraints such as a minimum length, maximum length, and allowed patterns. 

Validate Templates Before Using Them

Before you use a template to create or update a stack, you can use AWS CloudFormation to validate it. Validating a template can help you catch syntax and some semantic errors, such as circular dependencies, before AWS CloudFormation creates any resources. If you use the CFT Manager console, the console automatically validates the template.

S3 Bucket – Right Properties needed in Cloud Formation Template


CFT Manager makes it easier for you to make sure all your cloud formation templates are up to standard and include all properties that a S3 Bucket should contain.

Lets go over all the Property attributes you should configure

  • BucketEncryption – Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS) bucket.
  • Public Access Block Property – this configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. 
  • Bucket Policy – Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must have the PutBucketPolicy permissions on the specified bucket and belong to the bucket owner’s account in order to use this operation.
  • LifecycleConfiguration, ReplicationConfiguration and LoggingConfiguration are all helpful depending on type of S3 and type of data that is stored.

learn more…

CFT Manager now part of – “AWS CloudFormation – Simplified” Udemy Course


Check out the Preview of CFT Manager at Udemy Course

Introducing Amazon Detective


Amazon Detective is a new service in Preview that makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Amazon Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations. Learn more…

AWS announces Amazon CodeGuru for automated code reviews and application performance recommendations


Amazon CodeGuru is a new machine learning service for development teams who want to automate code reviews, identify the most expensive lines of code in their applications, and receive intelligent recommendations on how to fix or improve their code. Even for the most seasoned engineers, it can be difficult to detect some types of code issues even through peer code reviews and unit testing. It can also be challenging to identify the most resource intensive code methods without needing performance engineering expertise. CodeGuru helps you catch code issues faster and earlier, and improve application performance.  Learn more…