Cloud

System Manager cross-account Parameter sharing

Recently on Feb 22, 2024 AWS has launched  new capability to share Parameters in System Manager across the AWS  accounts.

AWS Systems Manager’s Parameter Store is a tool that helps one to safely store configuration information. Now, it lets us share more advanced configuration details with other AWS accounts. This makes it easier to manage all your configuration data from one central location. 

Many customers have work spread across different AWS accounts, all relying on the same configuration data. With this update, you can avoid the hassle of copying and syncing data manually. Instead, you can share parameters with other accounts that need access, creating a single, reliable source for all your configuration data.

In this blog post, I will guide you through the process of sharing AWS System Parameters with another AWS account. Here are the steps to setup how to create and share Parameter:

  1. First of all let’s create a new Parameter in Parameter Store, click on ‘Create parameter’ button
  2. Provide Name and ensure to select Advanced Tier. Please note cross account Parameter share is only possible if you select Tier as Advanced
  3. For now lets consider type as String and value as t3.medium 
  4. Click on ‘Create parameter’ button
  5. The parameter is created now
  6. Click on the parameter and select ‘Sharing’ tab and click on Share button.
  7. This will open new window for ‘Resource Access Manager’
  8. Click on ‘Create resource share’
  9. Enter Name, in Resources drop down select ‘Parameter Store Advanced Parameters’
  10.  This will show you Parameters that you have created in this account, select parameter which you want to share with other accounts. In our case it would be InstanceType and then select Next
  11. Choose Permissions for sharing parameters either AWS Managed or Customer Managed, for this demo lets choose AWS Managed Permission
  12. Let’s select AWS account with whom you want to share Parameter. In our case we choose to share it with account named ‘AI-POC’
  13.  Click next and click ‘Create resource share’
  14. Now your resource share has been created 

Next let’s see how to access Parameter created above:

  1. Now lets login to consumer AWS account in our case it would be ‘AI-POC’ 
  2. Go to RAM (Resource Access Manager) and click on ‘Resource shares’ under ‘Shared with me’
  3. You would be able to see Parameter which was shared from earlier account.
  4. Consumer account can access shared parameters using the AWS command line tools, and AWS SDKs.
  5. Here is the CLI command –> aws ssm get-parameter –name arn:aws:ssm:us-east-1:<ProducerAWSAccount#>:parameter/InstanceType
  6. Here is the output of the command, you would able to access Parameter value.

Important Notes..

  • Your consumer accounts receive read-only access to you shared parameters
  • The consumer can’t update or delete the parameter
  • The consumer can’t share the parameter with a third account
  • To share a parameter with your organization or an organizational unit in AWS Organizations, you must enable sharing with AWS Organizations
  • To share a SecureString parameter, it must be encrypted with a customer managed key, and you must share the key separately through AWS Key Management Service

I hope you find this blog post enjoyable and that it provides you with a high-level understanding of how cross-account parameter sharing operates. If you appreciate this post, please consider sharing it with others 🙂

March 6, 2024 by Cloud Cloud Operations 1

Enable AWS Systems Manager for all EC2 instances in an account

Recently, on Feb 17, 2023 AWS have released new feature which will enable customers to on-board all EC2 instances in account with AWS System Manager, that too with minimum configuration. Isn’t it great!!

Did you Know?

Any instance/ node which is configured for AWS System Manager is called as Managed Instance/ Managed Node. Whether it is AWS EC2 instance, Azure VM (Hybrid Environment) or On-Premise Server.

Earlier if any EC2 instance was require to be configured as Managed Instance then an IAM instance profile/ custom role was needed to be attached with every EC2 Instance manually. This could get cumbersome if there are EC2 instances to be managed at the scale.

This scalability is possible with new feature called as Default Host Management Configuration (DHMC) agent. DHMC simplifies the experience of managing EC2 instances by attaching permissions at the account level

You can begin utilizing the benefits of DHMC in just a few clicks from the Fleet Manager console. This feature ensure Patch Manager, Session Manager, and Inventory are available for all new and existing instances in an account.

 

Important:

  1. In order to leverage benefit of Default Host Management Configuration feature, you need to ensure all instances with Instance Metadata Service Version 2 (IMDSv2) in your account  should have SSM Agent version 3.2.582.0 or later.
  2. Default Host Management Configuration doesn’t support Instance Metadata Service Version 1.
  3. You need to attach IAM instance role at System Manager level, System Manager assume role by calling EC2 services.
  4. You must turn ON the Default Host Management Configuration setting in each Region you wish to automatically manage your Amazon EC2 instances.

In this short video I will demonstrate how to use this new feature. 

February 21, 2023 by Cloud Cloud Operations 0

Azure Automation Visual Studio Code Extension

During January 2023 Microsoft had launched Preview of Visual Studio Code Extension for Azure Automation. Azure Automation is one of the commonly used Azure service, which is used to automate mundane activities by IT Professional.

Azure Automation provides a new extension from VS Code to create and manage runbooks. Using this extension, you can perform all runbook management operations such as, creating and editing runbooks, triggering a job, tracking recent jobs output, linking a schedule, asset management, and local debugging.

 

Pros
  • No need to go to Azure Portal for Managing Runbook
  • Improve overall E2E time for support
  • Local Debugging – Yes you can debug your runbook locally, this was headache for Support Engineers since there was no provision for debugging script from Azure Portal (Except relying on output stream). Though this is feature is still in preview but will definitely be helpful in future.
 
Limitations as of writing this blog (Feb 2023)
  • Creation of new schedules.
  • Adding new Certificates in Assets.
  • Upload Modules (PowerShell and Python) packages from the extension.
  • Auto-sync of local runbooks to Azure Automation account. You will have to perform the operation to Fetch or Publish runbook.
  • Management of Hybrid worker groups.
  • Graphical runbook and workflows.
  • For Python, we don’t provide any debug options. We recommend that you install any debugger extension in your Python script.
  • Currently, we support only the unencrypted assets in local run.
Please watch this video to understand how to create and author runbook with VS Code
 
February 3, 2023 by Azure Cloud 12

Connect PowerApps with AWS RDS Postgres DB

If you are building apps in PowerApps (No-Code /Low-Code framework) then you may require to connect multiple data sources like SharePoint List, Dataverse Table, Cloud storage like Azure SQL Database etc.  As PowerApps is part of Office 365 family products and powered by Azure. It would be easy for Developers to connect to various Data Sources within Microsoft or Azure Eco-System.

What if requirement arise to connect to Data Storage in another Cloud Provider e.g. AWS or GCP. Well that is also possible. Let’s say there is need to connect to AWS RDS Postgres Database with PowerApps, then you don’t need to move database in Azure Cloud infact you can directly connect with AWS RDS.

First you need to create new custom Connection for AWS RDS DB and then use that Connection in PowerApps to connect Postgres DB tables.

Please watch this video for step by step process to do that.

January 30, 2023 by Cloud Multi-Cloud 4

Let’s Connect

Site Visits

Total 102803

Archives