When your application—say, running on an EC2 instance—needs to interact with your data in Amazon S3 buckets, then the secure, and best practice approach to access “s3” is using IAM Roles. These IAM Roles provide temporary credentials that your service (the trusted entity) can assume, ensuring your secrets are never exposed or permanently stored. This…
Monitoring IAM activity is essential for maintaining a secure and compliant AWS environment. Whether you’re auditing permissions or cleaning up unused roles, knowing when a specific AWS action was last used can help you make informed decisions. In this guide, we’ll show you how to use AWS IAM Access Advisor with Boto3 to track the…
AWS Config is a service that continuously monitors and records your AWS resource configurations and changes over time. It helps you: It’s especially useful for governance, risk management, and maintaining a clear view of your cloud environment. Cost for AWS config is based on the number of configuration items recorded and the frequency of evaluations….
If you have a 100 Gigabit-per-second (Gbps) network link, but your S3 uploads max out at a fraction of that speed, here is the harsh truth: S3 is not the bottleneck. The service is engineered for massive scale. The real limits are almost always on your side of the connection. Here’s a deep dive into…
When managing massive amounts of data in Amazon S3, accidentally deleting the wrong object is a real risk. That’s where conditional deletes come in. This powerful S3 feature allows you to verify an object’s existence or modification status before you execute the deletion, dramatically improving the safety and reliability of your object storage operations. This…
Sometimes it’s necessary to get the list of EC2 stopped instances across different AWS accounts to see how many instances have been stopped. There might be variety of reasons why we may need to see the list of stopped EC2 instances (like whether those instances can be terminated or whether those instances needed to be…
AWS doesn’t provide stats on list of terminated EC2 instances across a single account or across every accounts in an organization. To get the list of terminated instances, we may need to use boto3 script and use EC2 instance client to get the list of terminated instances as shown below List of Terminated instances for…
AWS has recently changed the way in which the models can be enabled and now all the accounts will have model access enabled by default without the need to request for it. Because of this change the models can be restricted only by IAM Policies and SCP Policies. Let us see here how to use…
AWS Config Recordings and Rules act as guardrails, ensuring users’ actions align with the Cloud Governance team’s policies. While they are crucial for maintaining control, it’s vital to monitor them because each recording costs $0.003, and a large volume can significantly increase your bill. If your AWS account has lot of auto scaling instances then…
One of the most important things in AWS Access Keys. I have seen lot of organizations where users have created lot of keys and the governance team had a tough task in eliminating or reducing the keys., So as a first step it’s important to prevent creation of access key if you are going to…