Hier etwas Prosa // Online Java Compiler
// Use this editor to write, compile and run your Java code online
class HelloWorld {
public static void main(String[] args) {
System.out.println("Hello, World!");
}
} zum Quellcode.
[...]
| Action | Definition |
|---|---|
arn:aws:s3:::accesslogs/*
|
Defines all objects within an S3 bucket called "accesslogs" |
arn:aws:kms:eu-west-1:045676890123:key/87132241-9a03-4c89-a723-af0b43aea2bc7
|
Defines a specific KMS key within account 045676890123 in AWS Region eu-west-1 |
*
|
Defines all resources |
[...]
Full policies
Bringing all these together will create policies as these two examples.
This identity-based policy allows administrator rights to the entire AWS Account:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
This resource-based policy allows all principals from the account 045676890123 to write into the bucket “access logs” as long as the connection is encrypted:
{
"Version": "2012-10-17",
"Statement": [
{
"Principal": {
"AWS": "arn:aws:iam::045676890123:root"
},
"Effect": "Allow",
"Action": "S3:PutObject",
"Resource": "arn:aws:s3:::accesslogs/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
}
}
]
}
[...]
Tagging policies
The last component I want to highlight within AWS Organizations is tagging policies. These policies can enforce the way resources can be tagged.
They however do not enforce a specific tag being used.
{
"tags": {
"department": {
"tag_key": {
"@@assign": "Department"
},
"tag_value": {
"@@assign": [
"finance",
"sales",
"security"
]
},
"enforced_for": {
"@@assign": [
"ec2:instance",
"kms:*"
]
}
}
}
}
As an example, this policy defines that if the tag
departmentis used, it must have one of the three values defined in
tag_valueFurthermore, this enforcement is then only done on
ec2:instanceand all
kmsresources.
It’s important to fully understand the goal of tagging policies. They are designed to be used for compliance reasons. Using the Management console or the AWS CLI, you can generate a report of non-compliant resources to allow for correction later.
Also, not all resources can be tagged.
ec2:*for instance is not supported and specific resources must be defined. A complete list can be found here.
Enabling AWS Org will also enable other services and enable centralised management functionally of existing services. A sample of services which are important to AWS Org or relevant to this document are the following:
Let's check JAVA
// Online Java Compiler
// Use this editor to write, compile and run your Java code online
class HelloWorld {
public static void main(String[] args) {
System.out.println("Hello, World!");
}
}
Let's check Python
261917242 function calls in 686.251 CPU seconds
ncalls tottime filename:lineno(function)
152824 513.894 {method 'sort' of 'list' objects}
129590630 83.894 rrule.py:842(__cmp__)
129590630 82.439 {cmp}
153900 1.296 rrule.py:399(_iter)
304393/151570 0.963 rrule.py:102(_iter_cached)
Let's check Terraform
# Summary: Create a DB Instance PROD. Takes a snapshot (latest), and with the latest snapshot,creates a new DEV Instance.
# Documentation: https://www.terraform.io/docs/language/settings/index.html
terraform {
required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.38"
}
}
}
# Documentation: https://www.terraform.io/docs/language/providers/requirements.html
provider "aws" {
region = "us-east-1"
default_tags {
tags = {
cs_terraform_examples = "aws_db_instance/mount_db_snapshot"
}
}
}
Let's check YAML
---
# comment
string_1: "Bar"
string_2: 'bar'
string_3: bar
inline_keys_ignored: sompath/name/file.jpg
keywords_in_yaml:
- true
- false
- TRUE
- FALSE
- 21
- 21.0
- !!str 123
"quoted_key": &foobar
bar: foo
foo:
"foo": bar
Author
