Service Control Policies + AWS Organizations

Imagine you have 5 AWS accounts. And you want to restrict 2 of those accounts from using an AWS service. How will you do that?

This can be achieved through service control policies and AWS organisations.

Create an organisational unit (OU) with those 2 accounts and then restrict access to that OU.

This service control policies control the use of AWS services across multiple accounts.

The IAM policies can be applied only to users, roles and groups. But not to accounts. Whereas SCPs can be applied to accounts or group of accounts.

Comments

How to install/upgrade/downgrade kubectl in Linux (Ubuntu)?

To install the latest version: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256" echo "$(<kubectl.sha256) kubectl" | sha256sum --check sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl kubectl version --client kubectl version To install a specific (v1.19.0) version: curl -LO "https://dl.k8s.io/release/v1.19.0/bin/linux/amd64/kubectl" curl -LO "https://dl.k8s.io/v1.19.0/bin/linux/amd64/kubectl.sha256" echo "$(<kubectl.sha256) kubectl" | sha256sum --check sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl kubectl version --client kubectl version This will install kubectl client. Run minikube start to install kubectl server.

Application Load Balancer (ALB)

The ALB spans all subnets in a VPC i.e., it is not inside a subnet but VPC. ALB is bound to Target Groups (TGs). TGs are bound to subnets.

CloudFront

The user requests to get static contents served from CloudFront are directed to the nearby Edge locations .

Ayyappu MK

Search This Blog