|
abelwingnut posted:is it possible to enable single sign-on for certain apps in an account and not the whole account? like, i want to know if it's possible to just have sso for quicksight and not, like, cloudformation or ec2 or anything like that. ultimately, what i'm trying to do is give some users in our network access to some dashbaords for testing. sso seems like it would be way easier rather than having to build and deploy accounts. at the same time, i don't want them to have sso access to the rest of the infrastructure. Not sure what you want exactly but it sounds like 2 different things. You can deny usage of specific services quite easily through IAM policies or https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html]Service Control Policies if you use AWS organizations. The latter however goes for all users in an account, so if you're building infra in the same account that's probably not ideal. Using SSO can be done through AWS IAM Identity Center. Or do you actually want all users that are logged in with SSO have access to specific services and users that login with an IAM account have access to more/different services? e;f;b
|
# ¿ Nov 28, 2022 20:35 |
|
|
# ¿ May 1, 2024 20:38 |
|
Scrapez posted:What is the best course for the 2022 Solutions Architect Professional Exam? I previously used ACloud-Guru but it appears their course is not updated yet and is still for the 2020 version of the certification. I recently assed mine on Stephane Maareks course on udemy. Also bought the test exams from Jon Bonso which are really good. Cantrills content looks awesome as well. It’s more than just what you need to pass for the exam though. If you’re in a hurry go for Maareks course, if you have time Cantrill will probably teach you more.
|
# ¿ Jan 12, 2023 15:51 |
|
lazerwolf posted:What are best practices for replaying failed Step Function executions? Are you looking at a specific scenario or in general? In general it’s a good idea to look at your possible/actual failures and set IntervalSeconds (wait time before starting a retry), MaxAttempts and BackoffRate. You can also use a Catch to handle known errors in a specific way. If you’re using Lambda’s it’s best to handle your exceptions there instead of in the SF.
|
# ¿ Jun 10, 2023 22:47 |
|
Adhemar posted:Do you need SF here? Sounds like a perfect use case for SQS + DLQ with a Lambda trigger off the queue. Then you get the redrive functionality for free. Agree, the use case almost sounds like a text book example. s3 event on object creation -> sqs -> trigger processing lambda. You can manage error handling on the lambda and use a DLQ for permanent failures. Setup a cloudwatch alarm that informs you on failures (or trigger another lambda to do stuff with the events)
|
# ¿ Jun 11, 2023 10:50 |
|
For one of my accounts I received a billing alert stating that mysql 5.7 is EOL and since I’m running 1 or more instances the account will be opted in for extended support. The mail mentions account id and region but no ARNs. I only run a few dbs in that account and all of them have been upgraded to 8.x months ago. I do have the pre migration snapshots which were made on an even older version. Could those trigger such a warning? The health dashboard shows the same billing alert but also no ARNs. Just a prediction of the extended support costs.
|
# ¿ Feb 17, 2024 22:34 |
|
Blurb3947 posted:Curious if Forrest Brazeal’s cloud resume challenge holds any weight in the industry? I’m almost done with it and have learned quite a bit with various services but was skeptical if it actually helps people during their job hunts. If I’m interviewing a junior and they can explain what they built and why they used specific services I’d treat it the same as hands on professional experience. I don’t think it’s really “a thing” like a certification or something.
|
# ¿ Mar 8, 2024 07:49 |
|
|
# ¿ May 1, 2024 20:38 |
|
kalel posted:is there a way to send bucket notifications from an s3 in one account to an sqs queue in a different account? I don't know why I shouldn't be able to do it without the use of lambda or eventbridge, but I can't find an example that doesn't use one of those Haven’t tried it myself but sqs is a valid destination for s3 event notifications so it seems like throwing it to a different account should be possible. If you can’t send it to an sns topic in your account amd subscribe the queue in the different acount to it.
|
# ¿ Mar 20, 2024 21:46 |