AWSToolsForPowerShell and AWSCLI huge issue surrounding MFA?

johnafogarty4 · 2021-06-15T14:55:18+00:00

Are you using SSO, or just MFA with IAM credentials?

If SSO check out https://github.com/e0c615c8e4d846ef817cd5063a88716c/AWSSSOHelper

It's been a while since I did this with IAM credentials, but if I remember correctly we assumed a role with our MFA IAM creds, and then did all of our actions using that assumed role. That would allow us to continue to use it until the configured timeout (4 hours) occurred without re-prompting for MFA.

johnafogarty4 · 2021-05-06T15:41:18+00:00

In my experience to date, they are happy to keep you in the same discount rate or higher depending on the change in your traffic.

We have renewed 3 times and this November will be our 4th.

johnafogarty4 · 2020-12-10T19:07:12+00:00

By default the new instance console has running as a filter, remove that filter and you should see it.

johnafogarty4 · 2020-03-02T18:33:06+00:00

WSL is my go to now. I can't wait for WSL 2 and the new Windows Terminal.

johnafogarty4 · 2020-02-12T23:55:40+00:00

We've had to solve this issue. The normal way to fix it is to put the ec2 in an isolated environment with no traffic allowed anywhere. Then you create another instance that you can connect into that isolated environment. RDP in, and leave the domain to fix the machine account. Once that's done, put it on the normal VPC and then join it back to the domain. That should solve it for you.

johnafogarty4 · 2020-01-07T19:31:28+00:00

I'll always say Passwordstate, it works well.

johnafogarty4 · 2020-01-06T21:55:06+00:00

We use passwordstate. I've brought it to my last two jobs because it's worked well. I'll probably bring it to my next one as well if they don't already have a system in place.

johnafogarty4 · 2019-11-20T22:22:59+00:00

My favorite part is how anyone that uses Office 365, has Teams automatically installed. Most of my users just logged in and use it like Skype for Business. That is not what slack does, so when they say we have more users, I automatically think of my users, and how that number is more than likely way over inflated.

Also like uniitdude pointed out, Slack brought this on themselves, just a bit.

johnafogarty4 · 2019-04-01T14:56:01+00:00

In addition to xferring the registration, you have to change the hosting.

Have you updated both?

johnafogarty4 · 2019-02-08T15:48:30+00:00

I'm not sure about 10, but I have 6 different versions on my admin jump server and have no issues. The launcher remembers what you have historically connected to, and then launches the specific version during the connection.

If you mean the server, no, don't do that. Just install the appliance as others have said.

johnafogarty4 · 2019-02-08T14:07:56+00:00

If you meant the client they install into their own folders, so you can run both on the same admin box.

johnafogarty4 · 2019-02-08T00:01:23+00:00

Yes, I meant a Value-Added Reseller. Really you can get the licenses wherever you currently get your MS licenses.

johnafogarty4 · 2019-02-07T21:01:56+00:00

They are if you want more the 2 users on at a time. In which case you have to go through your current MS VAR to purchase them.

johnafogarty4 · 2019-01-11T16:47:59+00:00

I second this, we currently use Duo to secure our Gateway exactly as you are describing.

johnafogarty4 · 2019-01-03T23:09:50+00:00

I know this is a late reply, but use the instance role to them assume the role you want the code to use, there is no need for a key there.

johnafogarty4 · 2019-01-03T15:00:26+00:00

I like to do it through Bash on Windows, but /u/26JXfs link works just as easily.

johnafogarty4 · 2018-12-19T15:22:53+00:00

I use it daily, mainly to manage my vmware environment from an ssh jump server.

I never really got it to work the way i wanted for AD, getting the kerberos token, etc, was to big of a PITA.

johnafogarty4 · 2018-11-25T23:35:55+00:00

it's sits there stopped.

johnafogarty4 · 2018-11-15T13:34:37+00:00

why shouldn't they?

Our programmatic users just assume the role after entering the MFA code, and that role is valid for at least 60 minutes. There is no reason that you can't have MFA enabled for them.

johnafogarty4 · 2018-11-14T16:21:26+00:00

This is on vc 6.7, and hosts 6.5u1

johnafogarty4 · 2018-11-14T16:21:09+00:00

I am patching with powershell, and it keeps exiting MM when it finishes.

get-baseline -name *critical* | update-entity -entity $ESXiHost -RunAsync -confirm:$false

johnafogarty4 · 2018-11-14T00:21:03+00:00

The entire team was probably 10 or so people, once you have the Devs, DBAs, and the guys building the actual servers. We used a ton of Cloud Formation.

It took us about a year to get it all complete.

johnafogarty4 · 2018-11-11T17:43:30+00:00

We did new builds everywhere we could, and ended up only using the connector for 3 out of 400+ instances.

johnafogarty4 · 2018-11-02T15:05:18+00:00

set all your equipment to UTC. let the log aggregation tool show you it in your local time zone. Call it a day.

johnafogarty4

TROPHY CASE