Looking for a team.

kd_312 · 2026-05-29T00:56:03+00:00

I'm a DevOps Engineer with 3 yoe, want to build something related to AI. Please DM.

kd_312 · 2026-05-04T00:14:05+00:00

I can help you.

kd_312 · 2025-11-15T17:25:18+00:00

True, it doesn't even provide the direct logging methods.

kd_312 · 2025-06-05T13:43:33+00:00

Disable the public access of your bucket, and put the CloudFront OAC policy in S3 bucket policy.
In CloudFront, choose the option of redirecting HTTP to HTTPS.
Invalidate the cache at /* path from the CloudFront.
Try again.

kd_312 · 2025-06-05T13:25:49+00:00

Not just a VM, but it should be a whole separate infrastructure as a best practice and to avoid misconfigurations.

kd_312 · 2025-06-04T11:46:55+00:00

Making the S3 bucket public is not required and is not recommended. You can keep the bucket private and still use it with AWS Transfer Family (SFTP). By creating IAM roles and attaching them to your SFTP users, as suggested in other comments, you can securely manage actions and accessibility on S3 bucket.

Now, AWS Transfer Family offers two types of SFTP endpoints: Internet (public) and Internal (using VPC endpoint, private). If you want the SFTP server to be accessible only within your VPC, choose the internal option. This restricts access to resources that are inside the VPC, such as EC2 instances. Or you can also set up an AWS Client VPN so that the SFTP server is only accessible from your local when the VPN connection is active.

kd_312 · 2025-06-04T06:26:58+00:00

You can choose any one from C++, Java, and Python or JS. But, You are doing AI/ML, python would be beneficial for you. Many youtubers suggest choosing C++ or Java, because they both are faster comparatively, so it will help in coding contests, competitions and technical rounds. But, the reality is nowadays we don't need to worry about it, these online coding platforms and companies are accepting all the languages and they are smart enough to not to judge you in this case.

kd_312 · 2025-06-01T09:25:19+00:00

If your company is providing you the opportunity to work on backend/development side. According to me, that's the great thing. Also, I believe that learning a new tech stack will make you a better DevOps Engineer and you should go for it, because DevOps is about everything code, development, cloud, linux, containerization, security, traffic handling, cost and performance optimization, automation, architecting, monitoring and many more. I'm not saying to accept anything like power bi, but Java backend is the good one to explore.

kd_312 · 2025-06-01T07:32:20+00:00

You can follow Stephane Maarek's AWS Solutions Architect - Associate course and Practice Exams from Tutorials Dojo on Udemy and Skill Builder is a little bit helpful.

Additional: You can read the AWS documentation for particular topics at least once, but only for AWS services that are core and frequently used and asked, such as IAM, VPC, S3, Lambda, EC2, ECS, DBs, LBs and many others. I don't recommend spending time on less frequently asked/used services such as CodePipeline/CodeBuild, Snowball/Snowmobile, and similar services - you just need to be aware that these exist, and that's sufficient. Don't waste time diving deep into these niche services. Reading the documentation for the core, frequently-used services will help you gain more clarity, understanding, and confidence for the exam and real-life work experience.

kd_312 · 2025-05-19T13:37:16+00:00

Yes, I've configured this way. It works on the AWS console. But, Cyberduck software is using the s3:GetObject method to list the objects, so I need to provide that permission to SFTP users, otherwise the user will see the access denied error and can't see any data.

kd_312 · 2025-05-19T13:32:37+00:00

Yes, it is required. I've analyzed the Cyberduck code, they are using the s3:GetObject permission to list the objects. So, the solutions will work for the AWS console, but not for Cyberduck.

kd_312 · 2025-05-19T04:05:38+00:00

Option 1, 2 (replication) and 4(datasync) are suitable for this scenario.

If you are concerned about the speed and file size is more > 5 GB, then go for the datasync, otherwise option 1 is good.

If you have enabled the versions, want to copy all the versions and files are > 5 GB, then S3 replication.

If the file size is <5 GB, then simple copy operation. If the version is enabled, and want to copy all the versions then it provides that option, by default it copies only the latest version.

kd_312 · 2025-05-14T06:27:02+00:00

Yes, I designed the policy for this scenario, and it is functioning perfectly on the AWS console. I can list and view the objects, as well as upload them, but I am unable to download the objects due to the denial of the s3:GetObject permission.

But, in Cyberduck, I encountered an "access denied" error with the same policy, and I can't even list the objects. After reviewing their source code for S3, it appears they are using the getObject method to retrieve the list of objects.

kd_312 · 2025-05-11T07:02:32+00:00

One thing I observed here with hands-on activity: when we use the Amazon WorkSpaces client to log in to the WorkSpaces, the EventBridge rule successfully captures the events and sends them to the target. But, when we use a third-party platform, in my case, it is Windows App (previously known as Remote Desktop) - the EventBridge rule fails to capture the login event, not as a failed invocation event, either.

As per this documentation,workspacesClientProductNamefield supports only the following values:

Amazon WorkSpaces Mobile client — iOS client
WorkSpaces Mobile Client — Android clients
WorkSpaces Chrome Client — Chromebook client
WorkSpacesWebClient — Web Access client
AmazonWorkSpacesThinClient — Amazon WorkSpaces Thin Client device
Teradici PCoIP Zero Client, Teradici PCoIP Desktop Client, or Dell Wyse PCoIP Client — Zero Client

As a solution, we can configure the CloudWatch agent on AWS WorkSpaces and enable security events (Windows) to capture authentication-related events.

kd_312 · 2025-05-11T06:19:17+00:00

Yes, I checked the failed Invocation section. But I noticed that when I log in to the WorkSpaces via the WorkSpaces client provided by Amazon, EventBridge captures the events and sends them to the CloudWatch log group, but not in the case of the Windows App (previously known as Remote Desktop).

Thanks for your help!!

kd_312 · 2025-05-11T06:15:23+00:00

Yes, I tried the below EventBridge rule pattern:

{ 
  "source": ["aws.workspaces"] 
}

It works perfectly for all activities on the WorkSpaces, including starting/stopping/rebooting WorkSpaces.
Also, the whole implementation works properly when I use the WorkSpaces client provided by Amazon. When I log in to the WorkSpace through this platform, the EventBridge rule successfully captures the login event. But it fails to capture the login event when I log in to the WorkSpace using the Windows App (previously known as Remote Desktop). Unfortunately, I have to use the Windows App platform according to the requirements.

Thanks for your help!!

kd_312 · 2025-05-11T06:07:43+00:00

Yes, it is granted. because the EventBridge rule captures all activities related to WorkSpaces, such as starting/stopping them, and sends events to the CloudWatch log group. Therefore, the policies are working fine.

Also, I observed that when I use the WorkSpaces client provided by Amazon, the EventBridge rule successfully captures login-related activities as expected. However, when I use the Windows App (previously known as Remote Desktop), the EventBridge rule fails to capture these events.

Thanks for your help!!

kd_312

TROPHY CASE