We have a few different AWS accounts and I am looking to migrate the SNS configuration from one AWS account to another. Is that possible to migrate?
Many thanks for considering my request.
AWS does not have a 'migrate' capability.
A best-practice is to deploy "infrastructure as code" using CloudFormation or Terraform. Then, when you wish to deploy the same infrastructure to a different AWS Account, simply use the same template to deploy it.
If you did not deploy your initial infrastructure via a template, you might want to use https://former2.com/ to create a template based on existing infrastructure. You can then use that template to deploy the same resources in a different AWS Account.
Related
Sorry, I’m sort of a newbie when it comes to Amazon AWS Cloud so sorry if I sound naïve.
For .NET developers, I’ve used Visual Studio 2019’s AWS Lambda project to code Lambda functions and ultimately deploy it to Amazon AWS cloud
However, my concern is that there is No way to version and/or back up the Configurations for the AWS Services ( i.e., S3 bucket, Amazon SNS & SQS, etc.) that are invoked and/or trigger the various AWS Lambda Functions
The problem is that IT developers who configure said AWS Services have to use the ADFS AWS Services console website’s GUI to configure the various AWS Services, and if someone mistakenly deletes an AWS Services then they lose the configuration settings as well?
How do we go about versioning and/or backing up Configurations for the AWS Services?
There are Infrastructure as a Code frameworks like Terraform and Ansible designed to address that.
You can't really delete an AWS service.
it seems like you guys are kind of "new" to AWS so I will recommend using CloudFormation templates as Infrastructure As Code tool. All the configuration of how your AWS resources are supposed to look like can be added to the template and you deploy the template to create your AWS resources. Its AWS-Native and does not cost you anything.
On top of it, you also want to add your CloudFormation templates to version control system.
Can someone list for me the steps needed in order to obtain a template from Azure DevOps repo and have AWS Cloud Formation use it to build a stack.
Interested in best practices and some high-level steps please / requirements E.G. do I need AWS Pipelines? AWS Azure Toolkit?
One of the cleaner ways that I could think of doing this is integrating your DevOps repository with an S3 bucket and then triggering AWS CodePipeline to deploy the stack from the S3 bucket.
The flow would be something like,
Create a bucket in S3 to hold the cf template
Create a service connection request in DevOps repo, this should push the template to S3 every time changes are deployed
Create an AWS CodePipeline workflow that takes the template as input from S3 and deploys it to CloudFormation
I’m currently using cloudformation(JSON template) to manage different aws services.
The Aws services I use include S3, Lambda, API Gateway, Amplify, Dynamodb, IAM, Cognito.
The development phase is almost finished, now I'm finding ways to build UAT environments by using the existing cloudformation template.
Different ways come into my mind.
1.Create cloudformation stacks after switching to different countries
But some services like S3 are cross-country services.
If I create another S3 bucket with the same name, the bucket might not be successfully created.
2.Create new IAM User for creating cloudformation stacks
I am currently using the Root User account for the Service Management in the development stage(I know it's bad practise though). I can create a new IAM user(e.g. UAT_Admin) to create the UAT environment.
These are all methods I can think of. I need a method for the environment management for later creating UAT environments, and even the Production environment in the future.
Any comments or suggestions?
For greatest separation of different development environments (dev, testing, uat, prod) often different accounts are used. This provides greatest separation of resources without risking that someone from testing will accidentally delete/modify production services.
To make it easier to work with different accounts AWS provides AWS Organizations as well as AWS CloudFormation StackSets. The StackSets would enable you to use same template accorss different accounts.
We were in the process of setting up AWS Config Rules and came across a bug in one of the AWS managed rules. During our conversation with the AWS support person, he has revealed that the AWS Config Rules are processed by AWS Lambda functions behind the scenes.
I am curious to know what other AWS services use AWS Lambda behind the scenes. For example, AWS Systems Manager documents.
Thanks for your time.
Not exhaustive list, but here are some more examples:
AWS::Include Transform which is a macro hosted by AWS CloudFormation, to insert boilerplate content into your templates.
AWS::Serverless Transform which is a macro hosted by AWS CloudFormation, takes an entire template written in the AWS Serverless Application Model (AWS SAM) syntax and transforms and expands it into a compliant AWS CloudFormation template
Secret Manager and its password rotation: If you use your secret for one of the supported Amazon RDS databases, then Secrets Manager provides the Lambda function for you. And Secrets Manager automatically customizes the function to meet the requirements of the specified database.
I am trying to clone my aws account(prod) to another account(test) with all resources and configuration I have set up on prod. Is there any best practice to replicate the aws account to another?
This is not possible.
Nor is there an easy way to list all resources in an AWS account.
Each AWS Service (eg EC2, S3, Lambda) have their own API calls to list resources and describe configurations. There is no universal way to request this information.
Best Practice is to only create resources using AWS CloudFormation templates, thereby having full documentation of resources created and the ability to deploy similar infrastructure in other AWS accounts or regions.
Some third-party services (eg https://www.hava.io/) can extract configuration information and automatically create AWS CloudFormation templates. However, these templates only record the configuration of AWS resources -- they do not replicate the content of storage on disks, Amazon S3 or databases.