Questions tagged with AWS Account Management
Content language: English
Sort by most recent
Check ARNs for AssumeRole regularly not hitting quota limits
Hello, we need to do a regular check of all our customers who gave us permissions for AssumeRole in case they drop the permission/role/user. In respect to [quota limits](https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html#apigateway-account-level-limits-table), what would be the best possible way of doing that? I am thinking: * For each customer account (ARN) * Perform AssumeRole for that ARN * Perform some "ping" operation (e.g. DescribeRegions) * Delay so we don't hit the service quota limits (e.g. DescribeRegions has 20 operations per second bucket). It is not clear how service quota limits are applied when doing AssumeRole. Is that applied against ours (service) account, or customer (assumed) account? What are the limits for the STS operations, specifically AssumeRole? There is not much in the docs in this regard, or I am missing it. Is there some always-available "ping" operation we could call or some STS API request that would confirm us that the ARN is valid? Is there a place we can check the consumption of quota limits so we can fine-tune our background checker? Thanks
Issue adding user to the list
Hello all, we are using a dashboard: https://app.monitron.aws/ We want to add a general user to the list in order to have only read rights. The user is: email@example.com When I try to add it, the button of 'Add' remains grey. Can you please help me with this case? Kind regards,
How to increase the S3 Bucket Naming Characters from 63 to higher
Hi Team, I have a requirement of creating a s3 bucket with prefix and Suffix. Prefix has a env name and Suffix has a region along with account number. Which led to exceed the naming limit (0 - 63). is there a way to increase it any other suggestions
How to protect EC2 against intermittent DDos attack
Hi, I currently have 4x EC2 instances, each host around 70-80 websites. They each run WHM/cPanel software so that I can split accounts between customers. I am having an issue with one of those instances, whereby 2 specific websites on 1 account keep getting targeted and a DDOS type attack increases the server load to 100+ to the point that services crash and forces other websites offline. I have dealt with this for about 6 months but my customers are now getting annoyed. The attack occurs 3-4 times per day, last for around 1 hour (unless I notice first and deny the IP in the WHM firewall software) and it is multiple POST requests per second on each of the 2 websites. I cannot use Cloudflare for these websites, because the domain names use the .scot.nhs.uk suffix which cloudflare sees as a subdomain and Enterprise account is required which is $1000+/year which is well above what these 2 customers pay for their account. I am wondering if AWS had any solution that would help me to protect my instance from these attacks, or prevent them from happening. Thank you.
How to delete Pipeline, Trial and Experiment in Sagemaker
I already deleted Domain, Users, Models, Endpoints, Endpoint configurations, Notebook instances, S3 Bucket instance and log groups but left with Pipeline, Trial and Experiment. Can anyone please help me with steps to followed to delete Pipeline, Trial and Experiment.
I need to decommission multiple workspace in multiple aws account. Is there is any boto3 script available to perform this operation.
I need to decommission multiple workspace in multiple AWS account. Currently i have a boto3 script which will terminate the workspace in only one account. I want to terminate multiple worksapce on multiple account. Could anyone help me with the boto3 script to perform this operation.
Migrate AWS Account
Hello Everybody, I plan to migrate AWS Account to different account by all services would be transferred as below - EC2 20-30 Instants - Cloudwatch - OpenSearh - Cloudfront - S3 - Load Balance EIP for ec2 are more than 20 IP. Therefore, AMI it's seem to be cannot migrate IP together with EC2 https://aws.amazon.com/premiumsupport/knowledge-center/account-transfer-ec2-instance/ Then, I have checked transferring EIP and found it need to open a support cases for this. https://repost.aws/questions/QUImID0dYDRR24o4PAEUPvyg/is-it-possible-move-migrate-eip-to-another-account This is my questions 1. To transfer EIP that Account Basic can do open a ticket for support this? 2. If must be developer, business and enterprise what is minimum type? 3. Just source account or destination must pay as well for support? https://us-east-1.console.aws.amazon.com/support/plans/home?region=us-east-1#/ All suggestions and recommendation, Thank you in advance.
Unable to Relaunch Elasticsearch Connector for AWS Glue from Marketplace
Prior, I was able to Subscribe to [Relaunch Elasticsearch Connector](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj9kJCX3vz6AhVyMjQIHdn6D4UQFnoECBsQAQ&url=https%3A%2F%2Faws.amazon.com%2Fmarketplace%2Fpp%2Fprodview-v5ygernwn2gb6&usg=AOvVaw0TMrJCuyHDp4nv1T9PSuBd). Upon subscribing and following the instructions on that page, I ended at "Configure this software" in the Elasticsearch Connector Marketplace subscription. Upon choosing "Glue version 3.0" and selecting software version "7.13.4-2", initially, I was met with a box labeled "Usage instructions", which I was able to follow, get SecretsManager set up successfully. Initially, I was met with a generated link below "Usage instructions" reading "Deployment template: Activate connector in AWS Glue". Upon clicking this convenient link, I was taken to "AWS Glue Studio > Connectors" page in my account, with a generated MARKETPLACE type connector. Through trial and error in getting the connector set up, I had along the lines deleted this MARKETPLACE connector, with seemingly no obvious way to restore or retrieve it. After googling around, I was unable to find any similar issues as this, so I attempted to unsubscribe and re-subscribe to the Marketplace connector. Upon doing so, and reaching "Usage instructions" (on [Relaunch Elasticsearch Connector](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj9kJCX3vz6AhVyMjQIHdn6D4UQFnoECBsQAQ&url=https%3A%2F%2Faws.amazon.com%2Fmarketplace%2Fpp%2Fprodview-v5ygernwn2gb6&usg=AOvVaw0TMrJCuyHDp4nv1T9PSuBd)), the option "Deployment template: Activate connector in AWS Glue" had disappeared with no apparent way to re-create this MARKETPLACE connector in glue. Is this expected behavior for Marketplace custom glue connectors, and, if so, are there any steps to properly recreate a MARKETPLACE custom connector within my account?