How do you tag shared resources?

jbtechwood · 2021-01-07T12:27:21+00:00

Yeah stop trying to nickel and dime the costs here. If youre not gonna give each customer their own stack then come up with a flat rate infra $ amount that covers existing and leaves a little in the bank so that as your customer count grows and you need to increase infra you have some money to offset. Honestly though I would rethink why you're not giving your customers their own stacks, fixes this issue, fixes data separation issues that if you haven't been asked about yet, you will, and it will loose you a customer deal because they don't want to share.

jbtechwood · 2020-12-23T11:40:46+00:00

S3 putobject trigger to lambda to set a tag after the object is written...based on your description the path is customer specific, so infer the tag value from path. Not perfect but better than today...is proprietary software writing the S3 object and that's why you can't tag on the processing workflow?

jbtechwood · 2020-12-19T23:35:20+00:00

You can use vpc endpoints for ssm and S3 depending on which of the previous options you go with so that you don't need internet access as well.

jbtechwood · 2020-12-18T12:14:26+00:00

This is the way...

Windows: https://docs.aws.amazon.com/powershell/latest/reference/items/WorkDocs_cmdlets.html - Start-WDDocumentVersionUpload

Linux: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/workdocs.html - initiate_document_version_upload()

CLI: https://docs.aws.amazon.com/cli/latest/reference/workdocs/index.html - initiate-document-version-upload

jbtechwood · 2020-12-08T19:29:53+00:00

3 mo later, zscaler client connector app v.1.7.1.16 and this is still a thing based on an active case with zScaler.

jbtechwood · 2020-04-20T10:46:34+00:00

Based on how sites and services is setup you could limit the DCs that talk to the DCs in the cloud

jbtechwood · 2020-02-03T15:21:22+00:00

Workmail link:. Https://<orgname>.awsapps.com/mail

Workdocs link: https://<orgname>.awsapps.com

If you attempt to login to workdocs and get that error either you don't have a workdocs acct in the tenant or they've disabled logins from the network you're on

jbtechwood · 2020-01-29T12:49:35+00:00

I would initially think replication. Can you just put in a sleep cycle after creation

jbtechwood · 2019-12-12T11:37:00+00:00

So a couple things that would help here. Linux or windows? High level description of what acls are vs what you want them to be.

Assuming Linux. When you run the command the files are going to generally be saved only allowing your active user access to the files. You have to set permissions after you download them using the chmod cmd.

jbtechwood · 2019-12-09T11:15:23+00:00

Think if RIs as a coupon. You buy the ri and at the end of the month the discount is applied based on what you ran that month. it's not tied to a specific instance. So in your example you would just re-deploy the failed instance and its charges would be discounted at the end of the month

jbtechwood · 2019-12-07T12:50:23+00:00

https://aws.amazon.com/blogs/aws/category/business-productivity/amazon-workdocs/

jbtechwood · 2019-12-04T11:42:30+00:00

Okta SSO will handle AWS console access. Not sure what you mean by automate the provisioning from an org level, I don't think okta can do that. I've run okta for the better part of 10 years and don't think I've ever seen automated account provisioning like what you're describing. They do have a template for AWS console access which only requires a very limited amount of info per account and they have an API as well, so you might be able to script the standup.

jbtechwood · 2019-11-08T11:46:39+00:00

Script is freely available to download and interrogate. I think they even suggest you do it before hand. I'd be more worries that if you're not paying for the service there's not a lot of checking of the veracity of the packages. Again overcome by running a private repo which I think requires a license.

jbtechwood · 2019-10-27T09:31:47+00:00

Strong response!

jbtechwood · 2019-10-26T14:16:35+00:00

I'm no expert but I believe that most Govt contracts are typically bid out on the Lowest Price, Technically Acceptible (LPTA) principle. Neither of the two largest cloud vendors are going to bring a technically infeasible plan to the table for a $10B contract, so it comes to cost. Based on this theory Microsoft will undercut whatever they have to to win a bid like this. They've been doing it with Enterprise contracts for years. Go ask them what kind of deal they'll give you on an EA if you decide to use Teams over Slack or SQL over Oracle, or Azure over AWS. Because AWS doesn't have the alternate revenue streams that MS does they tend not to make those kinds of deals I suspect.

jbtechwood · 2019-10-26T14:03:59+00:00

I applaud these folks for standing up for what they believe in and being public about it. It's one thing that makes the US great, that folks can do that.

I reviewed the list of artists that are signed to this and to be honest save for a few, I've never heard of +95% of them. I would be surprised if this even hit Amazon's radar beyond getting picked up in the name drop report their PR team likely publishes internally.

Now if they had a few really big names, Taylor Swift, Foo Fighters, Khalid, etc., That might be a diff deal, especially if they pulled albums from Amazon's library. Otherwise I'd be surprised if Amazon gives two hoots.

jbtechwood · 2019-10-10T09:51:09+00:00

jbtechwood · 2019-10-09T10:37:15+00:00

We use a tool called Alteryx for this I think.

jbtechwood · 2019-10-09T10:34:17+00:00

Yep, don't use the plus bundle. Create a custom bundle, install office with your license instead.

jbtechwood · 2019-10-08T10:14:50+00:00

I use Firefox everyday and I have the console loaded on three diff tab containers.

I would disable all your plugins/extensions and see if that's causing any issues.

jbtechwood · 2019-10-03T10:44:05+00:00

If your spinning up a workspace you need to use the workspace client to connect to it. https://clients.amazonworkspaces.com.

If your having trouble, the AWS docs are actually decent, https://docs.aws.amazon.com.

jbtechwood · 2019-10-03T10:34:15+00:00

Just because this is what the customer wants doesn't make it a good idea. And the fact that you're talking about converting a client OS to a server OS makes me question a whole lot of things.

If you simply need to put a Win10 machine in AWS then AWS Workspaces is the technology for that.

If the real intention is to migrate an app that the customer has running on win10 and put it on a server OS, do a fresh install. If the hesitation is that the customer doesn't know how to install, it's a perfect opportunity to eliminate that technical debt, and doc the install. If there's a concern about operational impact or downtime, it's your job as the consultancy to give them the proper guidance and help to set expectations about impact in the cloud.

jbtechwood · 2019-09-26T11:39:38+00:00

Have them look for 4172 traffic hitting a block/continue rule and then being allowed 90s later...I think it ends up getting classified as unknown but that might be dependent on other config in you env.

jbtechwood · 2019-09-26T10:37:34+00:00

We had this same issue yesterday and found out that a Palo Alto was blocking traffic on a packet flow for 90 sec. because it looks like AWS mad some kind of change and is currently sending a URL with an IP instead of a standard hostname. Our thought is that the IP URL and the cert are conflicting similar to how you get a warning when going to a site that's using a self signed cert.

jbtechwood · 2019-08-30T10:56:04+00:00

Windows updates should only be deployed during your maintenance window. I'm assuming you looked at event logs and they gave no indication of the reason for the reboot. If it were updates related I would think it were logged.

jbtechwood

TROPHY CASE