EC2 with IAM Role: CloudFormation Sample Template

Creating an EC2 Instance with an IAM Role is easy when you do it via the AWS Console but doing this with CloudFormation is not as direct. You will need an Instance Profile to connect an EC2 with an IAM Role.

TL;DR: See the CloudFormation Template below.

Continue reading EC2 with IAM Role: CloudFormation Sample Template

How to get the ARN of an S3 Bucket

Each resource in AWS has an Amazon Resource Name (ARN). An ARN is a unique identifier of your resource. Its value has no duplicate in other accounts and only exists in your account.

It’s used especially in IAM policies where you set which resources you will allow access to.

You can actually predict the ARN of an S3 Bucket since it has a standard format of arn:aws:s3:::S3_BUCKET_NAME.

But if you are like me who is afraid of making a mistake typing the S3 bucket ARN, I prefer going to the AWS Console, searching for the S3 Bucket ARN, and copy-pasting it.

Follow the instructions below to get the S3 Bucket ARN.

Continue reading How to get the ARN of an S3 Bucket

Minimum IAM Permission to create S3 presigned URLs

If you wanted to publicly share a file or an object inside a private S3 bucket you will need to create an S3 presigned URL. This will create a temporary link to the S3 file which you can share and access publicly.

As best practice, we must apply the least privileged permission to the IAM user or IAM role that will create the S3 presigned URL. Which brings us to the question, what is the minimum IAM permission to create an S3 presigned URL?

Continue reading Minimum IAM Permission to create S3 presigned URLs

How to download all files in an S3 Bucket using AWS CLI

There are many ways to download files from an S3 Bucket, but if you are downloading an entire S3 Bucket then I would recommend using AWS CLI and running the command aws s3 sync s3://SOURCE_BUCKET LOCAL_DESTINATION.

In the examples below, I’m going to download the contents of my S3 Bucket named radishlogic-bucket.

My S3 Bucket in the AWS Console
My S3 Bucket in the AWS management console


Example 1: Download S3 Bucket to Current Local Folder

If you want to download the whole S3 Bucket in the same folder that you are in, then you should use the command aws s3 sync s3://SOURCE_BUCKET ..

In our example S3 Bucket above, the AWS CLI will be like this.

Continue reading How to download all files in an S3 Bucket using AWS CLI

How to create IAM User Access Keys via AWS CLI

To create programmatic Access Keys for an AWS IAM User using AWS CLI, run the command aws iam create-access-key.

On the command below change MyUser with the username of your target IAM User.

aws iam create-access-key --user-name MyUser

This will return the following JSON formatted string.

Continue reading How to create IAM User Access Keys via AWS CLI

How to create IAM User Access Keys using AWS Console

If you want to be able to control your AWS resources on your local computer you will either use AWS CLI or AWS SDK. To use those tools, you will need to have an Access Key ID and a Secret Access Key.

In this post, we will show you how you can generate your own Access Keys so you can programmatically access your AWS resources.

For the instructions later the target username that I want to create Access Keys is rabano. Yours will be different.

Continue reading How to create IAM User Access Keys using AWS Console

How to get the remaining time of a running AWS Lambda Function using Node.js

To get the remaining time of a running Lambda Function using Node.js, we will use the context object’s getRemainingTimeInMillis() function. This returns the number of milliseconds that the Lambda Function can still run before it times out.

Below is a simple code that fetches the remaining time inside a Lambda Function. I have set the timeout to be only 3 seconds, that is why the output is 2,999 milliseconds or approximately 3 seconds.

Continue reading How to get the remaining time of a running AWS Lambda Function using Node.js

List of Public SSM Parameters of latest Operating System EC2 Images

We are running CI/CD pipelines that take the latest EC2 Image of Windows or Red Hat then it will automatically install the required security agents and check if they are properly installed.

At first, it was a hassle since we had to always be on the lookout for the latest EC2 Image ID of our target operating system and input this manually into our pipeline. But as it turns out AWS maintains SSM Parameters that holds the latest Image IDs of various operating systems and their versions.

Sometimes I see these in CloudFormation scripts.

Continue reading List of Public SSM Parameters of latest Operating System EC2 Images