I have created AWS Config for SNS topic not encrypted with AWS KMS. Both SNS and AWS config are in the same region.
I have created 2 sample SNS topics but I can see only one in AWS Config.
AWS config Image:
SNS topics created:
Can anyone explain why the 2nd topic is not showing in AWS Config even though neither is encrypted with KMS?
Regards,
I would recommend checking it with CLI, because sometimes AWS UI works wonders and it just does not show it in the UI, but it is actually there. Either use boto3 for that or CLoudShell. For CloudShell here is the documentation and for boto3 it is here.
Related
can anyone help with the format to create an scp policy in json format to restrict the creation of any unencrypted sns topics? Thank you
I don't think this is possible because Actions, resources, and condition keys for Amazon SNS - Service Authorization Reference only lists Tags as the available Conditions for the CreateTopic command.
I'm trying to trigger AWS Step Function whenever a new file is uploaded on S3 bucket. I'm using Cloudwatch rules to do this but I'm getting this warning
I tried to follow AWS documentation link "https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-cloudwatch-events-s3.html#tutorial-cloudwatch-events-s3-step-1" but state machine did not invoked.
Can anyone tell me what exactly I'm doing wrong?
EDIT
I created this trail and region is Ohio
I found the issue, we need to enable data events as well to get API calls for S3. It was not mentioned in above AWS Document.
I researched a lot but i'm not convinced or sure if it's possible or not, Your help would be really appreciated.
I want to learn if cross Region resource access is possible using resource based policy if yes then how in this case.
USE CASE:
Same Account Different Regions
AWS SES is in Account A and Region us-east-1
AWS Lambda Function is in Account A Region eu-central-1
I Want to accomplish AWS SES trigger AWS Lambda (Same Account Different Regions)
If this is not possible then your workaround would be appreciated, but understanding this is the main purpose here.
It doesn't look like you can trigger cross region lambda from SES
The Amazon SNS topic you choose must be in the same AWS region as the Amazon SES endpoint you use to receive email.
See
Lambda Action - Amazon Simple Email Service - AWS Documentation
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-action-lambda.html
As a workaround, consider using SQS based Subscribtions, to subscribe an Amazon SQS queue to an Amazon SNS topic in your target region.
See https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-subscribe-queue-sns-topic.html
I'm struggling to find any information of possibility to setup an alert whenever a VPC Peering connection was deleted or a new one is a Pending acceptance. Is it possible to setup such an alert? How/where I should look to? AWS documentation is nightmare to me and finding anything is even worse.
That is totally possible using AWS Config with SNS.
Read more about AWS Config here
A tutorial on how to Implement AWS Config with SNS
I'm trying to generate a cloudformation stack provided by AWS here. When I click the Create a Cognito User with CloudFormation button, it directs me to AWS console CloudFormation page on us-west-2 (Oregon), from there its pretty much self explanatory. The problem is, the company that I'm working on only allows work on us-west-1 (N. California). I have tried looking over the CloudFormation template itself and I cant find any region being mentioned. I have also asked this question in AWS developer forum but no one has responded, and I'm wondering if anyone here knows how to generate that particular stack on any region other than us-west-2 (oregon)? Thanks!
I found a workaround for that. I used to face the same problem, as my company policy was set to not use us-west-2, therefore I couldn't use the CloudFormation JSON script provided by Amazon Kinesis Data Generator.
What I did was:
Download CloudFormation JSON script by Amazon Kinesis Data Generator in your local machine. CloudFormation JSON script download link can be found Amazon Kinesis Data Generator Help page
Download the source code. The source code download link can be found in Amazon Kinesis Data Generator Help page.
In your AWS account, go to S3 and create a S3 bucket in the region that you are allowed to create. Name it whatever you want.
Upload the source code downloaded in step2 to the created bucket in step3.
Edit CloudFormation JSON script downloaded in step1. Inside of script, change bucket name inside of Lambda function to the name of bucket you created in step3.
Go to CloudFormation and create the stack by uploading your edited script.
One thing that you need to keep in mind implementing this workaround is that if there are any changes to source code by AWSLAB, or any newer version of source code comes to life, you will have to manually check and update it to your bucket.
I hope it was clear.
I have created JMeter plugin to publish data records in Kinesis Data Stream.
https://github.com/JoseLuisSR/awsmeter
It works very well and you don't need use any aditional AWS service to publish event in Kinesis as Kinesis Data Generator does, where you could pay aditional charges for services like Cognito, Cloudformation, Lambda that are need to build and deploy KDG.
You just need AWS IAM user with programmatic access, download JMeter and install awsmeter plugin.
If you have questions or comments let me know.
Thanks.