https://blog.kgol.xyz/en/tags/aws/Recent content in AWS on KGOL-BlogHugo -- gohugo.ioen©2025, All Rights ReservedSat, 16 Apr 2022 17:00:00 +1100https://blog.kgol.xyz/en/posts/tf-module-sechub-summarizer/Sat, 16 Apr 2022 17:00:00 +1100Sat, 16 Apr 2022 17:00:00 +1100https://blog.kgol.xyz/en/posts/tf-module-sechub-summarizer/This module can be found on Github and Terraform Registry Background AWS Security Hub is a pretty useful tool for discovering potential vulnerabilities in your infrastructure. Recently I was deploying a landing zone through Terraform that included Security Hub and came across an issue regarding how Security Hub notifies the discovery of a new vulnerability. The current practice is to have an Eventbridge Rule that looks for Security Hub finding events and triggers an SNS.Kieran Goldsworthyfeatured imageAWSTerraformSecurityGarden Shedhttps://blog.kgol.xyz/en/posts/tf-module-container-inisights/Sat, 16 Apr 2022 16:00:00 +1100Sat, 16 Apr 2022 16:00:00 +1100https://blog.kgol.xyz/en/posts/tf-module-container-inisights/This module can be found on Github and Terraform Registry The Container Insights Terraform Module is used to deploy AWS’ Container Insights agent onto a Kubernetes Cluster (EKS Specifically). This allows for enabling deeper visibility into the operations of your K8 cluster via metrics and logs sent to AWS CloudWatch. The module connects to the Kubernetes cluster via the management endpoint to run a custom-written Helm Chart. This helm chart deploys the Container Insights Agent to the cluster as a DeamonSet and configures it to use IAM roles for service accounts, with an IAM Role this module also creates.Kieran Goldsworthyfeatured imageAWSTerraformObservabilityGarden Shedhttps://blog.kgol.xyz/en/posts/tf-module-tgw-routetable/Sat, 16 Apr 2022 15:00:00 +1100Sat, 16 Apr 2022 15:00:00 +1100https://blog.kgol.xyz/en/posts/tf-module-tgw-routetable/This module can be found on Github and Terraform Registry This module creates an AWS Route Table for Transit Gateway, and its associations and propagations. It is designed to be used in collaboration with the official TGW module by AWS [Github, TF Registry]. While the official TGW module does include some route table functionality, the advantage of this module is better support for cross-account attachments and easier implementation of multiple route tables for the same TGW, thus being able to implement multiple routing domains (More details here).Kieran Goldsworthyfeatured imageAWSTerraformNetworkingGarden Shedhttps://blog.kgol.xyz/en/posts/tgw-routing-domains/Wed, 30 Mar 2022 00:00:00 +0000Wed, 30 Mar 2022 00:00:00 +0000https://blog.kgol.xyz/en/posts/tgw-routing-domains/A more advanced routing architecture for AWS VPCs. TLDR: TGW can route traffic based on the source VPC as well as the destination IP. Before AWS introduced Transit Gateway, the only way to connect VPCs together was to use VPC peering. The main issue with this approach is that you need a VPC Peering between each pair of VPCs that you want to connect. To simplify large multi-VPC environments AWS released Transit Gateway, this allows for a hub-and-spoke model which allows for multiple VPCs to talk to each other with only a connection to a single hub.Kieran Goldsworthyfeatured imageAWSNetworkingMan Pageshttps://blog.kgol.xyz/en/posts/atf-thoughts/Sun, 20 Feb 2022 00:00:00 +0000Sun, 20 Feb 2022 00:00:00 +0000https://blog.kgol.xyz/en/posts/atf-thoughts/I’ve worked with AWS and Terraform for 3-4 years at this point and when AWS initially announced the Account Factory for Terraform (AFT) I didn’t take a too closer look because the company I worked for already had a solution to account generation that we would not be changing very soon (for many reasons). After I moved jobs I worked for a company that wanted to build AWS via terraform and were considering the account provisioning process, including using AFT.Kieran Goldsworthyfeatured imageAWSTerraformInteresting Bitshttps://blog.kgol.xyz/en/posts/s3-idea/Fri, 14 Jan 2022 00:00:00 +0000Fri, 14 Jan 2022 00:00:00 +0000https://blog.kgol.xyz/en/posts/s3-idea/Making the world a better place, one bucket at a time. S3 takes from a global namespace (actually, it’s the ARN that needs to be globally unique), which means anyone can create a bucket with any name (subject to a format) as long as that name has not been used by someone else. This actually creates a problem. Given the global namespace, short simple bucket names are already taken. For example, a bucket used to store logs can’t be called logs because someone else certainly already has it.Kieran Goldsworthyfeatured imageAWSSecurityInteresting Bitshttps://blog.kgol.xyz/en/posts/aws-in-china/Wed, 12 Jan 2022 00:00:00 +0000Wed, 12 Jan 2022 00:00:00 +0000https://blog.kgol.xyz/en/posts/aws-in-china/AWS has a ‘partition’ in Mainland China. It’s not like building in normal AWS, some services/features are missing or work in odd ways. Partitions AWS has a concept of ‘partitions’, these are basically separate instances of the AWS Cloud. You may have heard this term before when it comes to the different parts of the ARN e.g.“arn:partition:service:region:account-id:resource-id” There are currently 3 partitions: aws The normal aws cloud aws-us-gov AKA GovCloud aws-cn Mainland China These different partitions have limited overlap and connectivity.Kieran Goldsworthyfeatured imageAWSNetworkingInteresting Bitshttps://blog.kgol.xyz/en/posts/terragrunt-default-tags/Sat, 21 Aug 2021 00:00:00 +0000Sat, 21 Aug 2021 00:00:00 +0000https://blog.kgol.xyz/en/posts/terragrunt-default-tags/An approach to adding tags to all resources deployed by terragrunt This page describes a method to adding a set of default tags to all resources that can be tagged in an AWS account (other terraform providers may be compatible) More specifically, all resources deployed by terraform / terragrunt in a git repository. Setup First I should mention how I have set up the various terragrunt and terraform code, modules and repositories.Kieran Goldsworthyfeatured imageAWSTerraformTerragruntMan Pageshttps://blog.kgol.xyz/en/posts/aws-resource-policies/Sun, 27 Sep 2020 00:00:00 +0000Sun, 27 Sep 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/aws-resource-policies/The other side of AWS IAM Permissions IAM Policies This article will not be an in-depth look at IAM Policies, but it’s a good idea to go over the general basics. An IAM Policy is in the form of a JSON Object with the most important part being the statements. Each Policy Statement defines a set of actions, whether the action should be explicitly Allowed or Denied, and under which conditions the statement should apply.Kieran Goldsworthyfeatured imageAWSIAMSecurityMan Pageshttps://blog.kgol.xyz/en/posts/aws-iam-permissions-boundaries/Sat, 26 Sep 2020 00:00:00 +0000Sat, 26 Sep 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/aws-iam-permissions-boundaries/How to use this lesser known feature of AWS IAM A competent understanding of IAM Polices and how they affect the permissions of any User/Role they are attached to is important to understand Permission Boundaries. Introducing Permissions Boundaries Boundaries are applied to Users and Roles and they act as the upper-limit (like a Boundary… funny that) to the User/Role, regardless of what might be granted by the attached IAM Policies.Kieran Goldsworthyfeatured imageAWSIAMSecurityMan Pageshttps://blog.kgol.xyz/en/posts/installing-and-configuring-confluence-data-center-on-aws/Sun, 16 Feb 2020 00:00:00 +0000Sun, 16 Feb 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/installing-and-configuring-confluence-data-center-on-aws/Or at least how I did it Disclaimer This is my experience and steps I performed, YMMV. Some of these steps might not be required for your environment and some other steps might be. Some of the values might be different for you, where I think that might be the case they will appear as variables like so: ${VARIABLE}. This guide is to help you, not tell you want to do, so I take no responsibility if you screw up.Kieran Goldsworthyfeatured imageAtlassianConfluenceAWSJavaMan Pageshttps://blog.kgol.xyz/en/posts/installing-and-configuring-jira-data-center-on-aws/Sun, 16 Feb 2020 00:00:00 +0000Sun, 16 Feb 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/installing-and-configuring-jira-data-center-on-aws/Or at least how I did it Disclaimer This is my experience and steps I performed, YMMV. Some of these steps might not be required for your environment and some other steps might be. Some of the values might be different for you, where I think that might be the case they will appear as variables like so: ${VARIABLE}. This guide is to help you, not tell you want to do, so I take no responsibility if you screw up.Kieran Goldsworthyfeatured imageAtlassianJiraAWSJavaMan Pageshttps://blog.kgol.xyz/en/posts/interesting-bits-1/Wed, 22 May 2019 18:47:28 +1000Wed, 22 May 2019 18:47:28 +1000https://blog.kgol.xyz/en/posts/interesting-bits-1/Misspelled characters, Unexpected AWS achievements 1 One of my favourite characters is the lowercase Greek letter ‘L’ called ’lambda’. I don’t know why I like it, perhaps it was after I played Half-Life; or perhaps it was when it was used for eigenvalue when I was learning linear algebra. Either way, I do use the symbol every now and then. But alas there is no \(\lambda\) symbol on the keyboard, hence to use it I would need to copy it from either the web or from a built in feature of Microsoft Windows called ‘Character Map’.Kieran Goldsworthyfeatured imageWindowsAWSCloudformationInteresting Bits