Open26

Daily AWScrap

nk_worknk_work

Rolling deploy:Deploy on old instance
Rolling deploy with batch:Add instance and deploy in batches.

nk_worknk_work

AssumeRole:temporary credential for cross acount from another person
Hands-on

getsessiontoken:temporary credential for yourself with session basic

nk_worknk_work

elasticcache redis:
🙆replication
single thread
🙆persistant

elasticcache memcached:
multi thread
in memory

nk_worknk_work

Why do not DynamoDB use eventbridge?
It have DynamoDBStream that is more suitable for DynamoDB than Eventbridge.

nk_worknk_work

Viewer protocolpolicy
You can select HTTPS only or HTTP to HTTPS when you need to connect secure.

nk_worknk_work

lambdaにはモニタリングタブがあってそこでcloudwatchやx-rayが確認可能

nk_worknk_work

Create IAM user & role for attaching suitable policy.

nk_worknk_work

##Making user and usein Identity center(ex:SSO) is best practice on AWS.
#Identity center OR IAM user
Identity center will be selected for person having multiple account.
For my practice,I use IAM user.
Auto password and attach policy on group.
S3FullAccess,lambdaFull,GlueConsoleFull....

nk_worknk_work

Making VPC route table

pl-xxxxxxx のように指定し、ターゲット (Target) にエンドポイント
via gateway

nk_worknk_work

Making cloudwatch log group.
Required policy to save
policy is attached above role and resource is attached selfarn.

nk_worknk_work

log policy requires

        "Action": "s3:GetBucketAcl",
        "Action": "s3:PutObject",
nk_worknk_work

Cost & Usage Reports
データエクスポート=CUR
daily hour...