I'm using an AWS student pack provided by my university. I want to switch the location to Bahrain from N. Virginia. Everytime I try to do that I get the following error:
AWS Educate Starer Accounts are very limited.
You can check what is allowed in the link below:
AWS Services Supported with AWS Educate Starter Account
Shortly, you have no access to billing information and many, many other services and options.
you don't need to enter in the Billing area into the console to change to Bahrain.
What you have to do is:
Login on AWS Educate site (https://aws.amazon.com/education/awseducate/)
Right Up corner (AWS Account) inside the AWS Educate portal
Click "AWS Educate Starter Account". It will open another tab, "Workbench".
Click to open "AWS Console"
Now, you are logged on AWS console.
Go to Services, select a services that changes with a region, for example, EC2, RDS, etc., if you see "Global" on right top corner, you cannot change the region to Bahrain, please select another service first, then select the region.
I hope I could help.
Related
If i want to use codestar, I need to create a developer account, which is probably pretty weird. But it is even more weird, that i get redirected to creating an Amazon account.
Can anyone explain me why this is the case?
You have to pay attention to the application type
Select the right application type and AWS service in the template section
For example, if you chose AWS EC2 and Web application, AWS won't ask you for an Amazon developer account
This happens when accessing EC2 console for any region.
Global services like S3, IAM and account related pages can be accessed without problems.
No AWS Organization issue, no policy issue.
Just go to your email and click the link AWS management console and open an AWS account.
So, now you can access your EC2.
Check whether you have skipped one or more steps during registration.
You may have received an email stating you need to complete those steps.
File a support case to receive the email again if you missed it.
It takes a while to AWS to verify your card details after you register a new account with AWS. It would be great if AWS would give a more sensible message.
Wait for account activation :
After you choose a Support plan, a confirmation page indicates that your account is being activated. Accounts are usually activated within a few minutes, but the process might take up to 24 hours.
AWS create and activate account
I want to use GCP Stackdriver for my AWS accounts.
When I go to my workspace settings and click the "Add AWS Account" it gives the following instructions:
Log in to your Amazon IAM console and click Roles
Click "Create New Role"
Select the role type "Another AWS account"
Check the box "Require external ID"
Enter the following:
Account ID: 123456789012
External ID: ab12345678
Require MFA: unchecked
Click "Next: Permissions".
Select "ReadOnlyAccess" from the policy template list and click "Next: Review"
Enter a "Role Name" such as Stackdriver and click "Create Role"
Select the "Role Name" you just entered from the role list to see the summary page
Copy the "Role ARN" value and paste it in the AWS Role ARN field below
I tried that on my AWS account but it's obvious that the IDs aren't real. How can I get the IDs to create my AWS link account?
I'm the GCP project's owner and have permissions to create projects too.
Thanks
By looking the steps mentioned you are trying this document; The ID's are exactly the ones that Stackdriver monitoring is telling you to use to create the role on AWS.
There is some issue with the new UI for Stackdriver Monitoring. To workaround this issue please follow this steps:
On stackdriver Monitoring console you will see a banner at the top
"Stackdriver Monitoring in the Google Cloud Console is Generally Available. This is now the default experience and will be the only experience available by the end of January 2020"
Then click to use classic button to change to the old interface, there you will be able to say why you are changing to the old interface.
Once you get the old interface, go to Workspace Settings (located in your project name on the top/left side of the screen) --> Monitored accounts --> Add AWS account. There you will be able to get the correct Account ID and External ID for your OWN Stackdriver Workspace.
Then continue the steps as the guide say by creating the role on AWS and sharing the ARN to Stackdriver.
So we have this aws account with some permissions and it was working fine at first. We were able to deploy to aws using serverless framework. But then the client decided to setup an organization since they have other aws accounts also and to consolidate the billing under 1 account, they added the account they gave us to the organization. Now the problem is when we deployed using serverless again, serverless can no longer see the deployment bucket with an access denied error. But when the account was removed from the organization, serverless is able to locate the bucket. Is there some addition permissions or changes to the permissions that needs to be done when an account is linked to an organization? Can someone explain to me cause I can't seem to find any example of my scenario in a google search. I am new to AWS and this is the first time I experience organzations in AWS.
The only implication to permissions from joining an OU (organization unit) would be via the Service Contol Policy (SCP). Verify that the SCP attached to the organization does not block the actions you are attempting to execute.
We would love to get more information if possible, but I would maybe start looking in the following places in your consolidated account:
Trusted access for AWS services - https://console.aws.amazon.com/organizations/home?#/organization/settings
https://console.aws.amazon.com/organizations/home?#/policies
See if anything was changed there, if someone added a policy, or if the AWS Resource Access Manager is disabled.
I am a beginner on Google Cloud and Bigtable, I was wondering if it was possible to setup a service account having admin access to a single bigtable instance ?
If possible I would like to do it from the console.
This is what I use today:
To enable Cloud Bigtable IAM roles, please enable the Cloud Bigtable API via the Cloud Console, which you can find by searching the API Library for "Bigtable".
Once you've done this, the Cloud Bigtable IAM roles will show up, and you will be able to grant Cloud Bigtable IAM roles to service accounts, as you have done in the screenshot for other services.
That said, please note that all of these roles, including the ones in your screenshot, are not instance-specific, they are service-specific, but affect all instances of that service across the entire project.
To assign IAM roles on a per Cloud Bigtable instance level, follow these instructions:
Go to the Cloud Bigtable instances page in the GCP Console.
Check the boxes next to the instances whose roles you want to manage. An information panel appears.
In the information panel, click Permissions.
Under Add members, start typing the email address of the user or service account you want to add, then click the email address of
the user or service account.
Click the Select a role drop-down list, then click Cloud Bigtable to select a predefined role or Custom to select a
custom role.
Click the name of each role that you want to assign.
Click Add. The user or service account is granted the roles that you specified at the instance level.
Instance level permissions are now available and you can assign roles to individual instances. This functionality is accessible via the cloud console by clicking the check box next the Bigtable instance that you would like to configure.