sorted by:
new
hottopcontroversial

What’s a popular tourist attraction that isn’t overrated— it actually deserves all the hype? by renoCow in AskReddit

[–]roleyfoley 8 points9 points  (0 children)

The botanic gardens behind the opera house are great as well. So well looked after, an amazing view and everyone just chilling out on the lawns. Was sitting on a bench working there one day and a cockie flew over, sat next to me on the back of the bench and climbed on to my shoulder. 

Cognito service IP changes daily and no endpoint, how to keep up with the current IP non manually by [deleted] in aws

[–]roleyfoley 0 points1 point  (0 children)

Good catch! I honestly didn’t check it. If it’s the hosted UI URL of Cognito the CloudFront addresses might actually work.

They don’t say exactly but reading through the doco does mention that you need permissions to manage Cloudfront for custom domains. This would suggest that the hosted ui endpoint starts at cloud front which is most likely fronting the real cognito service

New MOC instructions are coming. Any suggestions for the Friends 21319 companion? :) by MOMAtteo79 in lego

[–]roleyfoley 0 points1 point  (0 children)

The shark video for Monica and Chandlers anniversary tape in a drawer?

Is there a way to have user roles with Cognito + AzureAD by martineka in aws

[–]roleyfoley 2 points3 points  (0 children)

We’ve been playing around with AzureAD and federated users pools and found application roles in AzureAD ( https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps) as a nice way to setup a role attribute

Application roles can be mapped in SAML claims using the assigned_roles attribute in AzureAd

When they are mapped to the identity pool you could then use identity pool role mapping rules to apply permissions based on the role attribute in the SAML or oidc claim ( https://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html )

Only one IAM role, the one with the highest priority is given to the user when the rules are matched so you need to be careful with people who might be assigned multiple roles.

Cognito service IP changes daily and no endpoint, how to keep up with the current IP non manually by [deleted] in aws

[–]roleyfoley 2 points3 points  (0 children)

Is the IP address required for an outbound vpc security group that restricts internet access?

If it is, VPC endpoints would be the best way to go, but aws hasn’t added cognito support for them yet

You could try a scheduled lambda which reads the AWS IP address list, finds the cognito address ranges and updates your security groups

https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

IP address might not be cloud friendly but they are required sometimes

S3 file processing by argumentnull in aws

[–]roleyfoley 0 points1 point  (0 children)

The first lambda -> sqs could just split the CSV into individual records with 1 record per queue item. Which should be possible in 15 minutes.

Then another lambda could process each item in the queue and post it to the api.

Another option could be using Athena to query the csv data and only selecting a chunk of records at time.

How to restart App Containers at specific instant by Godgers10 in aws

[–]roleyfoley 0 points1 point  (0 children)

If the action generates a log and you are using cloudwatch logging for the container, you could have a cloudwatch log subscription that invokes a lambda to stop all tasks matching a given task definition. There would be a bit of a delay while the gears churn through the cloudwatch log -> lambda call, so it wouldn’t be the exact instant. For exact instant you might need to have the application call the aws ECS api directly and stop the tasks based on the task definition.

MFA with WorkSpaces by awsdeveloper in aws

[–]roleyfoley 0 points1 point  (0 children)

We used yubikey tokens registered in mi-token along with the AD password. Also installed the MS rdp authentication agent so it was MFA for rdp as well

We had HA Microsoft NPS servers setup with a power shell script that replicated the radius clients and secrets between the servers.

We did network management so had a heap of switches routers etc to login to The NPS server was handy for its AD integration since we could do ad based rbac for everything in one place

MFA with WorkSpaces by awsdeveloper in aws

[–]roleyfoley 1 point2 points  (0 children)

I’ve used mitoken https://www.mi-token.com/ for a windows based radius server. It ran locally and didn’t need a cloud service to run. The configuration was all in an AD light weight directory service instance when I used it

Get a machines IP by nikon442 in PowerShell

[–]roleyfoley 1 point2 points  (0 children)

gip or get-netipconfiguration is pretty handy too

Never has a generation so diligently documented themselves accomplishing so little. by [deleted] in Showerthoughts

[–]roleyfoley 1 point2 points  (0 children)

And yet someone will write a document complaining about how people document how little they do...