aws sts get-caller-identity

aws configure list                    # Shows which source is being used
aws configure list --profile ni-dev   # Check specific profile

# removed from overton dns_chall
arn:aws:route53:::hostedzone/Z0443945xxxARXVAS

aws sts decode-authorization-message --encoded-message xxx \
  |jq '.DecodedMessage' |jq fromjson

aws sts assume-role \
  --role-arn arn:aws:iam::26xxx809:role/dev-ecr-ro \
  --role-session-name ECRListImagesSession
  
export AWS_ACCESS_KEY_ID=AKIAUxxxZCMJW37D
export AWS_SECRET_ACCESS_KEY=h/InxxxT8CMO16YaCEp
export AWS_DEFAULT_REGION=us-west-2
export AWS_REGION=us-west-2
export AWS_PROFILE=myron_admin
export AWS_SHARED_CREDENTIALS_FILE=~/.aws/credentials.overton

aws --profile xxx

# set role duration
aws iam update-role --role-name OrganizationAccountAccessRole --max-session-duration 43200
aws iam get-role --role-name ROLE_NAME --query 'Role.MaxSessionDuration'

• Enable AWS Systems Manager?

• AWS Status

• AWS IAM Identity Center (successor to AWS Single Sign-On)

• AWS Marketplace

• Professional Services

  • AWS Professional Services

  • Become a partner

• Set account name / alias

  • IAM → Dashboard → AWS Account → Account Alias → Create

• AWS Health

  • AWS Service Health

• Billing and Cost

  • Reducing Costs

    • 10 things to reduce costs

    • Getting started with AWS Cost Anomaly Detection

    • Configuring AWS Budgets actions

    • Price List API

  • Guidance for Cloud Fin Man
    • FinOps

  • Changes to Billing

  • cloudprice.net

  AWS Subsciptions

• Docs

  • docs.aws.amazon.com

  • Containers

  • List all hosted zones

    aws --profile myprod route53 list-hosted-zones |jq -c '.HostedZones[]|{name:.Name,id:.Id}'

  • Get aws account id

    • console_account-alias

    aws sts get-caller-identity --query Account --output text

  AWS Training

• Tools

  • Builder Tools

  • SDKs

  • SDK Code Examples

  • Decision Guides

  • https://github.com/open-guides/og-aws — Open Guide to AWS

  • Prescriptive Guidance
    • Overview

  • Solutions Guide

  • Our Account Health

  • AWS Solutions Library

  • AWS Toolkit for Visual Studio Code

  • Systems Manager - Useful?

  • AWS Integration and Automation - aws terraform on github
    • https://github.com/aws-ia/terraform-aws-eks-blueprints

  OpenSearch

• Access

  IAM

  • ENV

    • ENV and credential file

      export AWS_SHARED_CREDENTIALS_FILE=~/.aws/credentials.overton
      export AWS_CONFIG_FILE=
      export AWS_SHARED_CREDENTIALS_FILE=

    • https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html

    export AWS_ACCESS_KEY_ID=AKIAUxxxZCMJW37D
    export AWS_SECRET_ACCESS_KEY=h/InxxxT8CMO16YaCEp
    export AWS_DEFAULT_REGION=us-west-2
    
    aws s3 cp testfile s3://x-dev-customer/
    
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "s3:List*",
                    "s3:GetAccessPoint",
                    "s3:GetAccountPublicAccessBlock",
                    "s3:CreateJob"
                ],
                "Resource": "*"
            },
            {
                "Sid": "VisualEditor1",
                "Effect": "Allow",
                "Action": "s3:*",
                "Resource": "arn:aws:s3:::x-customer/*"
            }
        ]
    }

  • AWS CLI

    • Installation aws cli install

      # on linux
      apt update
      apt install unzip
      # install latest
      curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" &&
      unzip awscliv2.zip &&
      ./aws/install &&
      rm -rf aws *.zip;

    • Command Reference

    • AWS CLI Output Formats

    • Config Files - see S3 Custom command settings

    • Config cli to use identity center

  • API gateway

    • REST API Starter Kit

  • Root to sub account access

    • Create a policy

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": "sts:AssumeRole",
                  "Resource": [
                      "arn:aws:iam::6501xxx24:role/OrganizationAccountAccessRole"
                  ]
              }
          ]
      }

    • Use profile to tie role and root account together

    # ~/.aws/credentials
    [axx]
    aws_access_key_id = AKIAWTAxxAPWBX
    aws_secret_access_key = 3b35...
    
    # ~/.aws/config
    [profile x-dev]
    role_arn = arn:aws:iam::6501xxx2024:role/OrganizationAccountAccessRole
    source_profile = sxx
    region = us-east-1
    
    # use --profile or set export AWS_PROFILE=myron_admin
    # --profile position is command does matter
    export AWS_PROFILE=mydev
    aws sts get-caller-identity --profile mydev

• Security

  • Using GuardDuty to auto block

  AWS Security

  SecretsManager

• Develop

  • SAM build

  • BottleRocket AMIs

  • CDKs

    Cloud Dev Kit (CDK)

    Terraform CDK (cdktf)

    • AWS CDK - Cloudformation (slow)

      • https://github.com/aws/aws-cdk

      • https://github.com/aws-quickstart/cdk-eks-blueprints

      • https://cdkworkshop.com/

      • https://docs.aws.amazon.com/cdk/api/v2/docs/aws-construct-library.html

      • https://tidycloudaws.com/

  • Python

    • https://github.com/boto/boto3 — docs

    • Boto config

    • Boto submit batch job

    • Boto DevGuide

  • Code Pipeline

    • Tutorial

• Config / Parameters

  • SystemManager Parameter Store

  • What is Config

  • Service Quotas

• Compute

  • Compute Guide

  • Check EC2 Service quotas

  • ECS

    • ECS Dev Guide

    • Update ECS Cluster

    • Container Insights on ECS

    • ECS Control Instance Termination

    • ECS Cluster Auto Scaling

    • ECS Deep Dive into AutoScaling

    • ECS CLI Examples

  • Auto Scaling

    • Groups

    • Zonal shift

    • Launch Templates

  EC2

  AWS Batch

  Lambda

  Serverless

• Storage

  EBS

  EFS

  S3

  RDS

• Virtual and Images

  ECR

  EKS

  AWS Finch

• Network

  • AWS Transfer Family

    • SFTP and such

  LoadBalancer

  Simple Email Service (SES)

• Monitor and Logging

  CloudWatch

• AWS Localstack for testing local

  # test with --endpoint
  aws --endpoint-url=http://localhost:4566 s3 ls
  
  # docker compose snipet
    localstack:
      image: localstack/localstack:latest
      container_name: localstack
      ports:
        - '4566:4566'
      environment:
        - SERVICES=s3,sqs,sns,lambda,dynamodb,iam,sts,secretsmanager,ssm,cloudwatch,logs
        - DEBUG=0
        - PERSISTENCE=1
      volumes:
        - localstack_data:/var/lib/localstack
        - /var/run/docker.sock:/var/run/docker.sock
      restart: unless-stopped

• Disk Space Metric

  aws --region us-west-1 \
  cloudwatch put-metric-data \
  --namespace x-prod \
  --metric-name DiskSpace \
  --unit Bytes \
  --value $(df --output=pcent .|tail -1|cut -d% -f1)

• Amazon Mechanical Turk

  • mturk.com

• Amazon AI

  • AWS Generative AI

• Amazon Partner

  • Guide to becoming

  • 1Byte Funding explanation

  • TechTide - becoming aws partner

  • proscons_moving_account_to_aws_reseller_vs_paying

  • Co-sell opportunities

  • Selling

  • Partner Search

  • Steven Morey
    • how-to-become-an-aws-partner-a-step-by-step-guide