What is Account Factory for Terraform (AFT) Account Factory for Terraform (AFT) is a solution provided by AWS that leverages Terraform to automate and manage the creation and configuration of AWS accounts. It is designed to streamline the account provisioning process, enforce consistent configurations, and ensure governance and compliance across multiple AWS accounts. It may … Continue reading Uninstalling Account Factory for Terraform (AFT)
Category: AWS
You deleted the “DO_NOT_DELETE” IdP?
When you deploy an AWS Organization using Control Tower, an AWSSSO IdP is created in every account. It's name ends with DO_NOT_DELETE. What happens if you delete it? Background I recently had someone reach out to me asking what happens if the auto-created AWS SSO IdP Provider that integrates with IAM Identity Center in Control … Continue reading You deleted the “DO_NOT_DELETE” IdP?
Using AWS’s IaC Generator to Rescue Manual Deployments
In their eagerness to launch a cloud initiative, there are still organizations that deploy new environments and resources from the AWS console. While they may believe it leads to a quick win, the reality is different. Background I spoke with an organization recently that had deployed all of their AWS resources from the console. I … Continue reading Using AWS’s IaC Generator to Rescue Manual Deployments
AWS Landing Zone Accelerator Features: Beyond Control Tower
My previous post detailed the process to install AWS Landing Zone Accelerator (LZA) within an existing Control Tower environment. While the process wasn't trivial or all that well documented, it did result in a successfully deployed LZA. What are the benefits that LZA provides out of the box beyond a basic Control Tower deployment? Using … Continue reading AWS Landing Zone Accelerator Features: Beyond Control Tower
Studying for the AWS Advanced Networking Specialty Exam
I recently took (and passed) the AWS Advanced Networking Specialty exam and hope this quick post may help you prepare. Exam Overview The exam itself consists of 65 multiple choice and multiple response questions and you have 170 minutes to take it. When I completed the exam, and a review of a few questions, I … Continue reading Studying for the AWS Advanced Networking Specialty Exam
Intro to Route 53 Resolver DNS Firewall
Use Route 53 Resolver DNS Firewall to help secure egress traffic... What Is Route 53 Resolver DNS Firewall? Route 53 Resolver DNS Firewall is a highly available, fully-managed service/firewall that leverages domain lists and rule groups to provide an additional layer security for outbound DNS traffic. It enables granular control over DNS querying behavior within your … Continue reading Intro to Route 53 Resolver DNS Firewall
Get your AWS Digital Badges
Use AWS Skill Builder Digital Badges to showcase your skills! AWS Digital Badges AWS has introduced Digital Badges as a means for you to enhance, and then showcase your knowledge and skills in specific AWS technologies and services. Digital Badges are obtained within AWS Skill Builder, include a pre-built learning path containing training content relevant … Continue reading Get your AWS Digital Badges
Autogenerate Documentation with terraform-docs and GitHub Actions
Using terraform-docs to limit my exposure to Markdown while also providing updated documentation when I do code commits?!?! Screenshots to Markdown At some point pretty early in my IT career, I started taking screenshots of the work I was doing. Initially, I did this to reinforce in my own mind, the steps required to configure … Continue reading Autogenerate Documentation with terraform-docs and GitHub Actions
Deploying AWS LZA with pre-existing Control Tower
Multi-account landing zones have been the defacto standard for how to architect environments from a governance and compliance standpoint in AWS. Control Tower is an AWS service that was released in 2019, enabling customers to quickly and easily deploy the framework for a well-architected landing zone . More recently, AWS released Landing Zone Accelerator (LZA), … Continue reading Deploying AWS LZA with pre-existing Control Tower
VMC on AWS Networking: Fun with Transit Connect
Anyone who is currently running or has deployed VMware Cloud on AWS (VMC) will tell you that hybrid cloud networking adds the most complexity. It does make sense, the VMware aspect of VMC is frankly pretty easy. Getting access to a VMware SDDC in any public cloud provider typically takes about 10 – 15 minutes … Continue reading VMC on AWS Networking: Fun with Transit Connect