Launch Configurations Created using AWS-Console VS Programmatically - amazon-web-services

I would like to find out if there is an easy way to find out whether given launch configuration is created using AWS Console or Programmatically?
Usecase:
We are planning to avoid copying/creating launch configuration using AWS-Console, so we would like to implement some alert system if there is any launch configuration created using AWS-Console.
So is there any way we can look at a flag on the launch configuration and differentiate if the launch configuration is created using AWS Console or not?

Quick thought
Approach 1
Revoke permissions to launch configuration from all users with the console access.
Use separate user for the program, who has permission to launch configuration.
Approach 2
Write a program which is monitoring CloutTrail logs. because all the things we do whether via console or API are/can_be logged in CloudTrail

My suggestion would be: Use only CloudFormation to create the LaunchConfigs and then check for the existence of relevant CF-tags.
Added bonus: you can create a specific role for CF to launch EC2 instances and then revoke all permissions for your users.

Related

How to enable ec2 tag access via Instance Metadata Service through CloudFormation

I would like to have my CloudFormation Launch template enable the EC2 Tag Access. I am seeing it on the Launch Template options in the console.
Which means I technically could add it to my Launch Template, but I would rather keep all of my configuration changes in source control. So that isn't really an option. I know there is a way to turn it on via CLI, and Console
I started digging through documentation, but I couldn't find anything. Is there a place I can go to see the progress on CloudFormation capabilities and maybe even implement this myself in AWS's codebase?
If something is not directly supported in CloudFormation, you can create your own custom resource. So as long as any AWS SDK supports your functionality, you can add it to your CloudFormation templates as well.
For general view of what is supported and not yet supported in CloudFormation, you can got to official AWS github page cloudformation-coverage-roadmap. You can also create an issue there to report missing or broken functionality.

Is there a way possible to not just switch on the windows Instance in GCP but also log in to a specific user account?

I have auto scheduled my instance timings in Windows Server over GCP using the cloud functions. Now I all I want to do is that during the switchinch on of the instance, It should also log in to a specific user account - as I have setup some startup scripts for different users. Does anyone know or have tried some way to perform this?
My end goal is whenever my instance is switched on it should not just switch on but log into the windows instance with a specified user which happens through RDP manually.

How to choose permissions for a Google Container Engine cluster?

I'm trying to setup a GKE cluster and I want to enable all permissions to other services (since apparently you can't change the permissions after the cluster has been created). This ought to be straight-forward but either I'm doing something wrong or something is broken. I select the following for my project access:
But when the cluster is created a see this:
I.e. everything is disabled. Why is this? How do I set the permissions?
There was a bug in the UI that was showing that all scopes were disabled. I just created a new cluster and the UI is showing the correct scopes.
If this happens again, you can also see the scopes that are enabled on your VMs using the command line by running gcloud container clusters describe NAME --zone=europe-west1-c and looking at the scopes under oauthScopes:.

Limiting number of AWS EC2 instances a user can create

AWS IAM provides quite granular permissions in regards to the specific types of instances that can be launched by a specific user.
However, I would like to know if it is possible to create a custom policy that would enable me to set an upper limit on the number of EC2 instances that can be created by an individual user (not an account)?
AWS doesn't store which user has launched which machine.
One bypass I recently did was to externalize the logic into a Rundeck job:
the job was calling a python script, in which I controlled the number of instances launched by the user before actually creating a machine or not. The username was taken from the Rundeck user running the script (rundeck was pluged on active directory) and stored in AWS through tags
hope this helps

how to add user data in amazon Launch Configuration

I have a AMI which is used to launch instances automatically though Amazon Launch configuration.
The issue I am facing is that after instance gets launched I need to run some command which should start the WebServer automatically. how can I do that using user data option from launch configuration.
You can find the option "User Data" under "Advanced Details" section in the Launch Configuration Wizard
I don't think there is anyway via the AWS console or with the official aws-tools to modify a Launch Configuration. I believe you have to create a new one with the user data and associate it with the autoscaling group or groups it's in with these two scripts:
as-create-launch-config
as-update-auto-scaling-group
However, if you're brave...
I did find this: https://github.com/colinbjohnson/aws-missing-tools/tree/master/as-update-launch-config
It explicitly limits the type of instance you're using (it was wrote in 2012) to a narrow list of older options, so update it to new ones.
Outside this, I've not tested the script, so good luck!
From the documentation:
Follow the procedure for launching an instance at Launching Your Instance from an AMI, but when you get to Step 6, paste the user data script text into the User data field and then complete the launch procedure.
If you don't want to copy-paste a script every time you launch an instance, you have a few different options:
Launch the instance using the AWS CLI and point it at a file that contains your script
Use CloudFormation to launch the instance and related resources and specify the userdata script in the template
Use OpsWorks (I'm less familiar with this one)
However, if you just want the webserver service to start at boot, I recommend looking at this question.
copy paste
#!/bin/sh
curl -L https://s3.amazonaws.com/romuloaddressbook/addressbook.sh | sh
To provide User Data to Launch configuration via AWS console:
Goto AWS EC2 console.
Under "AUTOSCALING" click on "Launch Configurations" and the select "Create launch configuration". Create Launch Configuration wizard will open.
Select the required AMI.
In the next window, select the Instance Type and click "Next: Configure details".
Under "Configure details" -> "Advanced Details" -> Enter your USERDATA in the "User data" text box.
Proceed further and complete the wizard.