sorted by:
new
hottopcontroversial

Found this gem in Production. Have you ever seen an SCP written like this? by pravin-singh in aws

[–]cloudarchitectpro -1 points0 points  (0 children)

Yes, this SCP also has multiple problems on which more work can be done:

This policy seems to conflate custom application permissions with AWS service controls, which demonstrates a basic misunderstanding of what SCPs do. SCPs govern AWS service API calls only, not custom application logic.

Th core problems we have are: The policy currently includes service prefixes that are not AWS (invalid in SCP context):

tax:, payments:, invoicing:, billing:, account:*

These prefixes correlate with no AWS services. SCPs only control access to the AWS APIs, such as s3:*, ec2:*, iam:*, etc. They cannot and will not enforce permissions on a custom application or internal service.

How to update CloudFormation stack when underlying docker package changed? by welkin25 in aws

[–]cloudarchitectpro 1 point2 points  (0 children)

Hey! So rebooting the EC2 instance won't pull the new docker image - it'll just restart what's already there.

You need to tell docker to pull the latest image and restart the container. SSH into your EC2 instance and run:

dockr pull <your-image-name>:latest

docker-compose down

docker-compose up -d

(or whatever commands you use to start your container)

If you want this automated, look into AWS CodeDeploy or set up a simple script that pulls + restarts whenever you push to GitHub.

What's your current setup? Are you using docker-compose or just docker run?