RSInfoMinds

  A VPC endpoint enables customers to privately connect to supported AWS services and VPC endpoint services powered by AWS Private Link.  Amazon VPC  instances do not require public IP addresses to communicate with the resources of the service.   A VPC endpoint enables  connections between a virtual private cloud (VPC) and supported services ,  without requiring that you use an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.  We will create two subnets Public and Private. We will test the S3 bucket access from both the subnets. Since the public subnet is connected to the Internet Gateway we should be able to access the S3 buckets from the EC2 instances launched in the Public Subnet. We will try to access the s3 bucket from the Private Subnet. Now, We will create a VPC Endpoint - S3. Next, We need to select the VPC. I created a VPC called "DemoVPC" with Public and Private Subnets. Next is the important...

  In this post, We will see what is an AWS Transit Gateway. In the last post, we saw about VPC peering. One of the major problems with VPC peering is creating a peering connection as VPC's grows. Imagine you have 3 VPC's A, B and C with peering as A -> B and B -> C. You cannot connect from VPC-C to VPC-A via VPC-B. This problem is addressed via Transit Gateway. This is like a typical L3 Router where it learns about the network(VPC) it is associated with and updates the route table accordingly. We have 2 VPC's. VPC1 - 10.0.0.0/16 -> Subnet -> 10.0.1.0/24 VPC2 - 198.0.0.0/16  -> Subnet -> 198.0.1.0/24 I have created two Internet Gateways and attached them to VPC1 and VPC2. Updated the routing table of VPC1 to reach 0.0.0.0/0 via Internet Gateway1 and VPC2 to reach 0.0.0.0/0 via Internet Gateway2. The above discussed are basic steps. So, I am going to proceed with creating a Transit Gateway. Once TGW(Transit Gateway) is created. Proceed to create a TGW attac...

  A VPC peering connection is a one-to-one relationship between two VPCs.   You can create multiple VPC peering connections for each VPC that you own, but transitive peering relationships are not supported. Transitive peering means VPC-A is connecting to VPC-C via another VPC-B is not possible. In short, VPC peering is a channel to establish a connection between 2 different VPC's. I have 2 VPC's: 1) Default VPC - CIDR 172.31.0.0/16 2) Demo VPC - CIDR 10.0.0.0/16 We are going to create a VPC Peering between them and update the route table on both the VPC's accordingly. For demo purpose, I have launched an ec2 instance on "Demo VPC" and setup an httpd server. We are trying to access that httpd server from another ec2 instance launched on "Default VPC". I get time out when I try to curl from the ec2 instance launched on "Default VPC" to the httpd service running on "Demo VPC". Now, Let's create a peering connection. Under VPC, Sel...

  AWS SSO  securely creates or connects your workforce identities and manages their access centrally across AWS accounts and applications. For a single account, the users and group can be managed via IAM. If there are multiple accounts managed through AWS Organization, manually creating users/groups across the accounts via IAM is tedious work. AWS SSO is a solution for it. Where the user/group is created in AWS SSO and it can be assigned to the AWS Accounts. NOTE: * SSO can enabled in only one region. * SSO is integrated with AWS Organization. * AWS Organization must be used for SSO. I have already set up AWS Organization - Please refer to  AWS Organization Let's enable SSO.  We can log in using the AWS Access Portal URL. Now, We will start creating a user. The user is created. Now, We will create a  Permission Set.  Permission sets define the level of access that users in IAM Identity Center have to their assigned AWS accounts.  Under permission set, ...

  In this post, we will see how to set up budget alerts with email and SNS. We will create a SNS topic and subscription. Finally, create a budget alert and set the threshold, and add the SNS topic for notification. Creating a topic called "budget-sns" and make sure this SNS has access from the budget service. Create a subscription. Now, let's start with AWS Budget. We are done with creating a budget alert. The first time it takes 24 hours to activate the budget alert.