Questions tagged with AWS Account Management

I am following the link:- https://docs.snowflake.com/en/user-guide/admin-security-privatelink This is to set up the private link between AWS and Snowflake. The first command is aws sts get-federation-token --name sam Here i am replacing the name Sam with Root user and executing in Cloudshell. error occurred (AccessDenied) when calling the GetFederationToken operation: Cannot call GetFederationToken with session credentials Not sure if it has to do with permissions. Please adviselg...

I have generated client id and client secret, and with the help of this bearer token is also generated but after hitting API, it is showing Error 401 Unauthorized. How this problem can be resolved? **Procedure I used** First I had account id through my management account. Then I created user with administrator permissions and generated its access key and secret access key, through which on terminal with the help of curl command I generated the session token(bearer token), but postman is showing unauthorized.lg...

Hi, I'm working with AWS SSO based on Jumpcloud external Idp. I'd like to find a way to put the tag SSMSessionRunAs tag to the AWSReservedSSO role created by SSO into AWS accounts. If I try to put the tag directly I receive: "Cannot perform the operation on the protected role 'AWSReservedSSO_xxxxx' - this role is only modifiable by AWS" Someone know a way to do that ? Or maybe a "plan B" or a way to add the tag SSMSessionRunAs ? Thanks a lot Dariolg...

Hi team As AWS Technical Essentials (Japanese)(日本語実写版) https://explore.skillbuilder.aws/learn/course/13153/play/67448/aws-technical-essentials-japanese-ri-ben-yu-shi-xie-ban I want to practice employee directory application hosting(従業員ディレクトリアプリケーションホスティング) on my own AWS account, (for example, all of application construction such as instance creation, DB creation, connection) Can I practice for free with my own AWS account? Thanks!lg...

Hi there, I have some linux instances running on AWS but sometimes when we try to connect to the instance its say "Network connection failure" and same when I check on AWS EC2 console its says 1/2 status check failed. and after rebooting the instance sometimes its works perfectly and sometimes it got completely disconnected and after this we have to recover the data from EBS volumes and required to create new instance. But the previous instance was not in work. Please provide me a solution, why it is happening?lg...

How to change domain contact when contact has left organization so can't 'approve' change because no one has access to their prior organizational email account.lg...

For historical reasons, I have an AWS organisation where AWS Backups are created for critical workloads in the organisation root account. I currently replicate these backups to another dedicated AWS account for backups (using AWS Backup copy function). **I would like to protect these backup copies against a compromise of the organisation root account (e.g. if the root account is compromised, there should be no way for the attacker to delete both the original backup and the copy in the child account).** Is that even feasible? - My organisations has all features enabled, and it seems we can't go back and disable that once enabled. - I thus cannot delete the AWSServiceRoleForOrganizations role in the backup account, nor the AWSServiceRoleForSSO role, which in particular allow to easily gain access to the backup account through SSO. - I also tried removing my backup account from the organisation but the AWS Backup copy job no longer works in that case. Any guidance would be greatly appreciatedlg...

Hi.. I am unable to login to my aws account. When I try creating a new account, i get an error saying the account already exists? I appreciate helplg...

I can't delete it in anyway in KMS C.P the key is the following and it's an AWS Managed Key (not customer): "Alias: aws/lightsail" "Status: Enabled" "Description: Default key that protects my Lightsail signing keys when no other key is defined" Other than that, I have no other resources in tag editor search, so can confirm my account will not be charged for anything?lg...

Got this email and have no idea what this is wanting as anything i try and do I get an error, saying that every emails i have is associated with an AWS account. Hello, You are receiving this message because we have identified that you are currently using the same email address for this AWS account (as listed in the Subject line) and for additional AWS account(s), which are associated with your Amazon.com account. We strongly recommend that you update the root user email address [1] for this AWS account as soon as possible to separate access to your additional AWS account(s) linked to your Amazon.com account. If you do not take any action by April 10, 2023, we will require you to update your email before accessing this AWS account when you sign in next to your account. After you have changed the root user email address for this account, you will be able to use it to access your account. At that point, we can finish separating your additional AWS account(s) from your Amazon.com account.lg...

AFT Version: 1.9.1 terraform version: 0.15.5 terraform providers: AWS Description:- We have deployed control tower and AFT for terraform in a separate AFT account using Terraform, aft version 1.9.1. After deploying aft new account request is working fine, it is running pipeline for creating the account whenever we add new account request terraform code in our AFT account request repository. But account customisation is not working and even we can't see the state machine for account-provisioning-customization as well as no pipeline for any of the account created for account customisation. When we try to run the aft-invoke-customization step function then we are getting below error. Note: The logs mentions about account creation but the account is already existing and we are making customisation through account-customization. { "Cause": "An error occurred while executing the state 'run_create_pipeline?' (entered at the event id #33). Invalid path '$.Input.account_provisioning.run_create_pipeline': The choice state's condition path references an invalid value.", "Error": "States.Runtime", "ExecutionArn": "arn:aws:states:us-east-2:<aft-account-id>:execution:aft-account-provisioning-framework:e5c48973-f6fa-4def-beaf-55ca11e33ba2", "Input": "{\"account_info\":{\"account\":{\"id\":\"<shared-account-id>\",\"email\":\"shared_acct@email\",\"name\":\"shared-account\", \"joined_method\":\"CREATED\",\"joined_date\":\"2023-03-09 07:51:44.747000+00:00\",\"status\":\"ACTIVE\",\"parent_id\":\"ou-38lh-9att8jja\",\"parent_type\":\"ORGANIZATIONAL_UNIT\", \"type\":\"account\",\"vendor\":\"aws\"}},\"control_tower_event\":{},\"account_request\":{\"custom_fields\":\"{\\\"group\\\":\\\"prod\\\"}\",\"change_management_parameters\": {\"change_reason\":\"Create new ControlPlane account shared-account\",\"change_requested_by\":\"shared_acct@email.com\"},\"id\":\"shared_acct@email.com\",\"control_tower_parameters\": {\"AccountEmail\":\"sharedservices-account@email\",\"SSOUserFirstName\":\"-sharedservices-account\",\"SSOUserLastName\":\"sharedservices-account\" ,\"ManagedOrganizationalUnit\":\"controlplane-ou\",\"AccountName\":\"shared-account\",\"SSOUserEmail\":\"shared_acct@email.com@email\"},\"account_tags\": {\"Environment\":\"prod\",\"Owner\":\"sharedservices-account sharedservices-account\",\"Project\":\"xyz\",\"Vended\":\"true\",\"created_by\":\" sharedservices-account@email\"},\"account_customizations_name\":\"shared-customizations\"},\"account_provisioning\":{\"run_create_pipeline\":\"true\"}, \"customization_request_id\":\"c0bb8f9a-9f82-4c30-a62c-96119a391b53\"}", "InputDetails": { "Included": true }, "Name": "e5c48973-f6fa-4def-beaf-55ca11e33ba2", "StartDate": 1679307003825, "StateMachineArn": "arn:aws:states:us-east-2:<aft-account-id>:stateMachine:aft-account-provisioning-framework", "Status": "FAILED", "StopDate": 1679307036829 } To Reproduce:- Steps to reproduce the behavior: 1. Add terraform code in account-customization repository under account_customization_name valued folder 2. Run the Step function with below input { "include": [ { "type": "accounts", "target_value": [ "<target account id>" ] } ] }lg...

I have 2 ec 2 instances running and am able to login to both from pc desktop but not from Android mobile It is my understanding that we can have 2 connections through rdp, is these connections to the server or the instances, so my question is my having 2 instances is that my connections used up and I need to pay for rdp licence then? Or should I be able to connect through my mobile as well? If it is possible to connect through mobile, can someone detail the process for doing so? If I need to buy licences, where do I find details to do that and also associated costs, I would need a connection to each instance through mobile, so is that 2 rdp licenses required? any pointers appreciated Many Thanks Gordonlg...