DEV Community: sosmation

Why implementing AWS cloudfront is a better fit for your Architecture

sosmation — Fri, 30 Jan 2026 20:26:07 +0000

In the space of internet the ability for your platform to scale and adapt to visibility, entails a number of considerations, from the test face, consumer surveys and in the architecting phase.

Application delivery to the clients over the internet with the latest information is pivotal in the credibility, vision alignment and future growth in its adoption by new users.

AWS cloudFront provides a solution for you when implementing the AWS platform.

CloudFront is a web service with speed to deliver both static and Dynamic web content to clients over the internet. It leverages Edge locations to provide low latency in delivering content to the consumer. CloudFront is a service that integrates with other AWS tools.

It comes with two types of distributions
standard, designed for unique configuration per website or application, you need a standalone CloudFront distribution, each site or application requires its own custom settings.

Multi-tenant distribution and distribution tenants(CloudFront SaaS Manager) they are designed specifically for SaaS and multi-tenant scenarios. Their use cases
A SaaS platform to serve multiple customer websites and applications, to use this option, also when one needs to manage similar distributions efficiently and also want a centralized control over shared configurations.

CloudFront provides you with the ability to, serve videos on demand and live streaming. In the case of video on demand the media needs to be encoded and package, AWS has a tool that makes it possible AWS Elemental MediaConvert to know more about visit this link . One can use a server or Amazon S3 and link it with cloudfront. When offering livestreaming an extra step is taken after encoding by compressing and formatting the videos to device of choice.

In a case where private content needs to be served CloudFront uses lambda@edge. This is made possible by assigning cookies or through Signed URLs. You can either use an Amazon S3 through the use of an origin access control, for a breakdown on how to go about it visit There is also the use of custom origins which has a variety of ways one is the use of CloudFront managed prefix list . Another is by Serving Private Content Using Amazon CloudFront & Lambda@Edge

CloudFront enhances encryption of data like in the case HTTPS is already in place. It offers a use field-level encryption on top of the secured end to end connection by HTTPS. for an extensive study visit .

conclusion

CloudFront is not just an extension to the visibility of information over the internet, it is a tool that can be utilized to customize how, from and to where it needed to be delivered to. For the tools breakdown and extensive documentation visit . Thank you and enjoy your journey in AWS cloud service.

This article is published by: Sospeter Mchiri

why you are unable to manage load and scale using EC2 in AWS

sosmation — Sun, 25 Jan 2026 21:56:37 +0000

There are a number of services that take the hustle of managing computation resources examples are AWS fargate for serverless container, AWS lambda for general serverless purpose compute. They provide a "safe bet" to the customer with minimal configuration.
There cases that may demand setting up bit and pieces by using self managed services like EC2 instances, setting up load balancers and auto scaling groups to suit a desired resource balance. This is after numerous tests have been conducted by the team.
But with all that covered there are a number of issues that may arise even after having done numerous tests, they arise from a number of reasons:

AMI issues

An AMI is a pre-configured template that runs in an Ec2-instance. It contains the operating system, files and packages needed to configure and kickstart the application environment.
This are pegged to an elastic block device and mapped to an instance with the launch permissions. The AMI may exhibit a number of issues

An invalid device name This is caused when attaching the elastic block storage to an instance without a valid device name for the volume

*- The architect of the AMI does not march with the instance
*
Architecture conflicting with an instance prevents the Amazon auto scaling from launching new instances due to the incompatibility error.

*- Instance launching failed due to an AMI that is disabled
*
**- An AMI ID does not exist
It may occur when AMI may be deleted after creating the launch template or launch configuration.

**This may arise from the AMI not being available due to it being deleted

This are some of issues that affect the loading of EC2 instances on the instance level. for more comprehensive list visit

Here is a length documentation on AMI issues with solutions

Load balancer issues

A load balancer is a tool use to distribute traffic to instances, this varies based on one's configured settings. The auto scaling group works with the load balancer to trigger the creation of new instances, sometimes there are huddles that arise when using the services.

**- A load balancer cannot be found
**This occurs when an auto scaling group fails validating an elastic load balancer when launching a new instance

**- Target group(s) not found, the load balancer fails to validate
**This may arise from a target group attached from the Auto scaling group having been deleted.

- No active load balancer Available

It arises from the specified load balancer might have been deleted or cannot be located. You can tackle with this issue by either deleting your load balancer associated with the instance or create a new Auto Scaling group.
Here is a length documentation on load balancer issues and how to solve them

** instance launch failures**

Below are some of the reasons that prevent an instance from launching from an auto scaling group.

- Mismatch between the launch template / configuration and the instance type
**
**- A security group does not exist
This may come from the security group being deleted.
To solve this

retrieve a list of the security groups using the AWS cli command from
select the security group to use from the list.
create a new launch template or launch configuration. 4.Update the new auto scaling group by using the aws cli

- Key pair types associated to an instance are unavailable
This may arise from the key pairs not being located, they might have been deleted.
To solve this:

Retrieve the list of key pairs through the AWS cli, here is a link to guide
Select a key pair from the list, one can also create a new one of choice. 3.Create a new launch template or launch configuration. 4.Update the new auto scaling group by using the aws cli

*- An invalid block device that might not be available or is not supported during an instance launch
*

*- An elastic block device isn't supported by the Instance store-AMIs
*

for a comprehensive list visit

Here is a length documentation on instance launch failure

launch Template issues

An instance launch template consist of versions and configurations used when launching an Ec2 instance, this is essential in cases where a certain set of standards are need to spin on even types of instances.

*- you must have a valid fully-formed launch template
*
This error may occur due to the amazon ec2 auto scaling to detect an issue with the launch template, it is caused by a number of issues.

it can be resolved by

Noting the specificity at the end of the error flag i.e You must use a valid fully-formed launch template error this will direct one on addressing the issue.
When unable to located the issue you can dry run some commands to assist you get insights on what might be the issue.
Address information that is missing by verifying the settings, re-adjusting the launch template to the desired fit.
Ensure necessary resources are accessible by the launch template, for example Amazon key pair are in the same account and region.
Dry run the commands in step two to verify that your launch template uses valid values.

NB: here is a link to the AWS command line with commands for instances troubleshooting.

AWS provides a comprehensive documentation covering launch template issues

**- you are not authorized to use launch template
**This error stems from a lack of sufficient permissions, mainly the IAM policies assigned to user, group or role.
it may also arise from using a private AMI that is account specific.

In this particular case one case use the steps below to solve the issue

Ensure that the IAM credentials used have the correct iam:PassRole permission role specified to the Amazon EC2 Auto Scaling service. Below is a link with a detailed lead and examples of IAM policies for EC2 and how to troubleshoot

You must use a valid fully-formed launch template This error may arise because the values in the template are only validated when an auto scaling that is using the launch template is created or updated.

Conclusion

AWS provides mechanisms to assist you the consumer, even with that covered the AWS has a guideline on share responsibility providing a blueprint on the cohesiveness when using the platform

This article is published by sospeter Muchiri

Operationalcost

sosmation — Sat, 25 Jan 2025 20:24:13 +0000

As a measure of growth operation cost is one factor that can indicate changes with time, it can also be used in cases that where decision making, adopting changes as the business needs are also changing,

Seeking Compliance over

sosmation — Sat, 25 Jan 2025 02:51:49 +0000

In the day to day activities the ease in operations can be narrowed down to a number of factors and among them is compliance.

When adopting the cloud there are a do's and don'ts that hold the fabric of how communication, implementation and execution between different services not only in the day to day operations and should adhere to the short term needs or even the long term needs or both, this can only be achieved by combining different sets policies to suite the desired need.

AWS provides a number of services that enable and make it possible to achieve this. In this article i will be addressing different types of policies and how they impact boundaries to access resources from user, role and organization level.
A policies is a set of instructions coupled in different formats json or yaml that outlines boundaries to be adhered to that are set on account, user, role or resource level.

AWS defines them as Objects when associated with an identity or resource, defines their permissions, they are evaluated when an Identity and access management(IAM) principle makes a request.
AWS currently supports seven types of policies

Identity-based policies
This are the most commonly use policies in AWS, they can be attached both from a managed or an inline.
Managed come in two forms AWS managed, this are designed and managed by AWS and customer managed, this are designed by the customer and have an outlined approach over the policies than AWS managed.
Identity-based also incorporate inline policies which have a strict one-to-one relationship between policy and an identity, they size to be effective when the identity is deleted.
It is best practice to implement managed policies over due to various reasons they are highly reusable and offer versioning and rolling back the link below provides a detailed summary of all the advantages
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-choosing-managed-or-inline.html
Resource-based policies
They are attached to resources and grant permission to the principal that is specified in the policy, in this case the Principal can be in or another account, it is best practice not to use resource-based policies that include a notprincipal policy element with a deny effect for IAM users or roles that have a permissions boundary policy atached. This causes some IAM users or roles that would have access to the resource to lose access.
....
Permission Boundaries
They are more of a feature that when set to an entitity, the entity can perform only the actions that are allowed by both its identity -based policies and its permission boundaries.
When implemented to a user it gives a limit to the permission but cannot provide permissions by its own.
Organization service control policies
They define the maximum permissions for an IAM user and role within accounts in the organization or organization unit (OU).
N/B: SCP'S do not grant permissions
Organization Resource control policies
They define maximum permissions for resources for accounts that are within the organization or Organization unit.
They limit permissions that identity-based and resource-based policies can grant to resources in account within your organization.
They also don't grant permissions

-Access control lists
They are unique as they are do not adopt a JSON policy document structure. They are cross-account and grant permissions to specified principal.
They cannot offer permissions to entities in the same account.

Session policies They are paased down as parameters for temporary for a role or federated, the set of permission can be resource-based they can programmatically created and passed in asingle JSON inline session policy document using the POLICY parameter. for an extensive read have a look at the link below. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session

*Conclusion *
In conclusion policies are divided on two grounds identity based and resource based, if the desired effect is to be implemented to users, roles or groups seek the identity-based route.
When seeking the alternative of granting resources like Amazon s3 implement a resource based approach as it pegs direct access to the resource as highlighted in the policy.

Applying a Reliable approach in your AWS infrastructure

sosmation — Tue, 21 Jan 2025 07:10:51 +0000

AWS outlines a key number of pointers to to improve, boost and guide in decision making, to see what is fit for your product. AWS advocates for six pillar approach known as the the well architected framework, this are

Operation Excellence
Security
Reliability
Performance efficiency
Cost Optimization
Sustainability

In this article i will be looking at how different factors work in ac

AWS plays a key part in ensuring that your cloud experience through the shared responsibility framework, this achieved by aws maintaining and updating underlining hardware, ensuring there is low-latency networking between availability zones, enabling traffic between zones is encrypted. Companies that leverage on multi-AZ architecture create a cushion that prevents an outage incase one of the availability zones is affected by a catastrophic event, has a power-outages and environmental events like earthquakes.

In the customer side of the shared responsibility model the provisioned service determines the amount of configuration one must perform as part of the resiliency responsibility.

scenarios

An application is deployed in four ec2 instances, unfortunately some of the computation is not utilized.
In this particular case there is an issue of over provisioning, the demand does not exceed the set up resources, this one of the key points in design principles that dictates one should stop guessing capacity, this can be prevented by monitoring the workload, in this particular case the use monitoring services like cloudwatch which is set up with the right policies set through the identity and access manager (IAM). There is also the setting up of auto scaling group which adjusts the number of instances based on the threshold metrics attained, example computational threshold equal or greater than eighty percent will trigger a new instance to be spine up........

case scenario 2

A company wants to set up a test environment to see if their application is production ready, they have identified the resources they will require for the task, they manually setup the resources but along the way their infrastructure shows signs of weakness and needed to be scrapped off.

One common issue when provisioning resources by manually configuring them is they are more likely prone to human error especially as the infrastructure scales. in order to achieve a reliable infrastructure it is best practice to manage your infrastructure through automation. AWS provides a number of tools like AWS Cloudformation which is a service that assists in modeling helping you model and setting up your AWS resources, by creating a template that describes all the resources that you want and cloudformation works on the provisioning and configuring the resources for you.
for more information on getting started with cloudformation visit this link

AWS also provides a software development kit (SDK) service to allow you to build applications, and manage using your most conversant programming language and tools without the need to access your AWS console. Below is a link of the supported programming languages and tools you can use to get started with AWS SDK

Reliability is also achieved through being able to revert or recover from failure. Unforeseen issues are likely to occur in the most unpredictable time, the key thing is how are you able to manage the failure an example is an application with a MySQL database that requires minimal downtime, a disaster recovery strategy should be at the center when designing the database, this is based on how critical your application is for instance if your application can have a long downtime period, a cost-effective disaster recover strategy can be implemented. In this particular case the application requires minimal downtime, AWS provides a detailed documentation on what to select based on the application use case.

Conclusion

When adopting the AWS cloud there are a number of key points to check and one is Reliability, it is one of the key pillars in the well architect framework, we have had a brief incite on some of the reliability issues that occur when setting, implementing and managing your AWS resources. AWS offers a comprehensive documentation of how to implement a reliable system.
Here is a foundational approach that will guide you in your journey

All the best in your AWS cloud journey, feel free to comment and share, see you in the next article.

_Authored by : Sospeter Gathungu _

Leveraging AWS Appflow to get the best out of your data

sosmation — Wed, 08 Jan 2025 02:18:47 +0000

Introduction

Data is at the core of any Operations regardless of the business model, it holds a huge stake in the decision making of day to day operations.
It can be engaging to extract, analyse and a draw a conclusive...
AWS cloud provides a number of services that make it possible to achieve this from kinesis data stream and its "complimentary" services like amazon firehose, amazon kinesis data analytics. AWS also has offers a solution for applications leveraging on Apache Kafka under the service amazon managed streaming for kafka.

In this article i will be looking at AWS Appflow it is managed by AWS it integrates well with other services like Amazon Redshift and Amazon simple storage service. It leverages its capability to intergrate with services out of AWS through API references. AWS provides a list of different platforms that integrate with AWS Appflow in the link below
https://docs.aws.amazon.com/appflow/latest/userguide/app-specific.html

Content

**AWS AppFlow provides an easy and straight forward way to process data, enable data to be kept together in a synchronize, secure, organized and able to develop custom connectors.
AWS highlights various advantages and use cases in the link below.

https://docs.aws.amazon.com/appflow/latest/userguide/what-is-appflow.html

There are a number of Prerequisites when starting to use AWS Appflow. It leverages flow approach which can be achieved through the AWS console, AWS CLI, through APIs and also
cloudformation templates. AWS provides a step to step guide of the different approaches
https://docs.aws.amazon.com/appflow/latest/userguide/create-flow.html

After the implementation of the AppFlow it is necessary to manage the flow below is a link that provides a guide to go about it.
https://docs.aws.amazon.com/appflow/latest/userguide/flows-manage.html

The data goes through data cataloging this are metadata such as schema, format and data types. It is unified irregadles of the data belonging to different datasets.
AWS provides a briefed step on how cataloging is achieving Amazon S3 and AWS Glue data catalog, link below give's you a detailed approach
https://docs.aws.amazon.com/appflow/latest/userguide/flows-catalog.html.
There are a number of other steps that the service provides when the flow undergo partitioning and aggregation according to AWS this is used to optimize query performance for applications that access data, AWS provides a step to step guide on how to go about it in the link below.
https://docs.aws.amazon.com/appflow/latest/userguide/flows-partition.html

AWS AppFlow provides a system known as triggers that determines how a flow runs.It provides three types of flow triggers this are: on demand, on event and on schedule each suited for the application needs.
The on demand requires a manual run while the on event responses to events in software as a service application (SaaS) and an on schedule runs on a recurring schedule.

AWS Appflow also creates a private flow through a privatelink
to route data over AWS infrastructure without exposing it to public internet. This is used to provide access to SaaS applications.

AWS AppFlow offers notifications by intergrating with EventBridge to publish events related to the status of a flow aws highlights a number of step and common fields assosiated to this in the link
https://docs.aws.amazon.com/appflow/latest/userguide/flow-notifications.html

Conclusion
In any desired effect well calculated measures have to be put in place, in this case data is the ingredient that can be used to bring the desired effect, this is made possible by leveraging AWS Appflow with ease. I will see you next time, enjoy your AWS experience.
Authored by
Sospeter Gathungu, Aws community builder member

One step with Application manager

sosmation — Thu, 15 Feb 2024 00:01:27 +0000

AWs system manager is a complex and comprehensive service that is essential in your management of resources in AWS and hybrid systems, its management abilities are categorized into different subsets, i will be highlighting Application Management.

Application Management

This is essential for DevOps team, it offers a comprehensive way to identify issues in your applications and clusters making it effective to solve issues that arise from the operation information generated. It leverages on the logical of AWS resources that one may need to operate as a unit based on your application needs. It supports AWS container services like Elastic Kubernetes service (EKS) and elastic container clusters (ECS).

It is also Leverages in providing essential metadate from resources created from AWS CloudFormation, AWS Launch Wizard and the container services EKS and ECS.

Application manager imports metadata about your resources into resource groups, listing them into unique custom applications.

To leverage Application manager one has to first set up related services, configure permissions, add applications and clusters to application manager
Application manager outlines different step to take when setting up. Some of the services include Resource groups, use of tags, which make managing, monitoring, and automate tasks on many resources at one time in the case when you use resource groups.
CloudFormation stacks category are formed from information automatically imported by Application manager from resources launched through CloudFormation. AWS Launch wizard, elastic Kubernetes service and elastic container service can be optionally used to setup tasks using application service.

Application manager can also be leverages in setting up tasks helping you view operations information about your AWS resources.
It allows cost explorer by enabling it, one can view cost information, cost history, and cost optimization for your application's resources in the Application Manager console. CloudWatch logs and alarms through configuring and setting up with application manager making it possible to collect and access all your performance and operational data in the form of logs and metrics from a single platform.

AWS Config which is an evaluation tool for your AWS resources allows Application manager to show configuration reports from rules in AWS Config. Opcenter can be set up and configured
it leverages on the configuration of Amazon CloudWatch and Amazon EventBridge to automatically send OpsItems to OpsCenter based on
alarms and events. Each service has its own configuration steps.
Application management also recommends Verifying runbook permissions in state manager, one can optionally creating State Manager associations from system manager which is offered at not additional cost.
For a more comprehensive deep dive on the options highlighted visit: https://docs.aws.amazon.com/systems-manager/latest/userguide/application-manager-getting-started-related-services.html

Adopting Cloud Organization

sosmation — Fri, 27 Oct 2023 10:01:08 +0000

As an organization grows its needs change so as its cloud infrastructure. With the presence of AWS Identity and Access Management (IAM) a role, user account or even temporary access to a resource on an account level this would be the best fit, as more and more accounts are added it becomes harder to manage.

Aws provides a solution that centrally manages all the and yet to be added aws accounts providing a different features based on a hierarchy approach to enable you to

1.Apply policies to standardize tags used in by accounts in the organization

configure automatic backups for the resources in your organization's accounts

3.Enhance policy implementation with AWS Identity and Access Management (IAM)

With this you are able to

1.Centrally manage all your AWS Accounts

Consolidated billing for all member accounts
Integrate with other AWS services
integrating with AWS artificial intelligence (AI) and machine learning services to collect and store data.

with a single endpoint AWS Organization is not region specific and can be access in any AWS region making it fault tolerant. It is also browser based, requiring no application installation.

It provides access through

AWS Command Line Tools i.e a). AWS CLI https://aws.amazon.com/cli/
b). AWS Tools for powershell
https://aws.amazon.com/powershell/
The above links provide the relevant documentation to get started.
AWS software development kit
They consist of libraries and sample code for various programming languages and platforms
To check your desired programming language is supported check
https://aws.amazon.com/tools/#sdk
AWS Organization HTTP Query API
The HTTPS Query API provides one HTTPS requests directly to the service.
To learn more on Organization HTTP query API
https://docs.aws.amazon.com/organizations/latest/API Reference/

This is one of the essential tools that any sysops Administrator and other governance stakeholders using AWS cloud implement.
for more understanding on AWS organization visit
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
for a full coverage of the service
this article is authored by
Sospeter Gathungu

Why should i use tags

sosmation — Tue, 24 Oct 2023 08:16:15 +0000

Some of us will remember playing a game of tag, this is the first time we got to relate the word as an identity.
When setting up resources in AWS tags are used as identifier.
They contain metadata about the resource, it makes easier to manage, filter and organize resources based on its purpose, ownership, department, environment and other criteria.

A tag has two parts, a tag key and a tag value.
The tag key contains information about who, what or which owns or will use the resource. common names used are department, Environment, or Project.
A tag value adds for information to the tag key adding more information about what the resource example version n.o,
_Both tag key and value are case sensitive _

There are a number of things to keep in mind before adding a tag there are best practices.

consider future consequences
Your tags should adapt to changes with the development of your project, in the case of an organization your tags should follow this convention as changes are always bound to happen an example in the change of access policies your tags should be able to follow suit, this is one of the cases that is all to common.
More tags are better than few to no tags
Yes, tags improve the productivity by making searching to filter results faster, minimizing resource conflict as they are labelled with their use case.
_standardize tags _
As you use more tags you should develop a system that should make it easy and transparent even for someone new who joins the team later.
Tags should not contain sensitive information like access keys, ssh keys or other private information.

Understanding and implementing steps for Cost Optimization and in cloud

sosmation — Tue, 19 Sep 2023 16:53:46 +0000

In any personal, SME, mid-size and huge enterprises cost plays a huge role in the decision make process. in the case of IT infrastructure cloud provides a wide range of paying options, as it is build on satisfying the customer needs first, this includes guiding and educating on getting value for your money when using their services.
There are a number of key pointers that highlight and shed light on steps to implement in order to grow financial awareness to key stack holders in the business or organization that take part in implementing, adopting and operating day to day tasks on cloud.

Financial implementation awareness
with the establishment of most departments that deal with operations and also to some extend security, the finance sector should also be equipped with equal measure if not more, as it is a core player in the life support for the other departments.

Fit consumer model
There is no one fit for all model for all businesses adopting cloud, as operations varies, size and needs. This factors shape the needs of a business to use tailor made infrastructure resources for instance compute type and size, a company that has memory intensive workload is not like another with general purpose tasks.

Efficiency is key
While having identified your needs, adopting and implementing the cloud resources it is also key to measure its effectiveness based on also cost delivery for example avoiding over provisioning at the expense of cost, this may lead to unsustainability and costly in the long run.

Transparency on expenditure
The cloud offers a breakdown of all the resources used and the total cost incurred when using them, each department should work towards an aware use of resources that will be billed centrally.
It is a collective responsibility for each department to work towards the same goal, and the finance part is not left behind.

conclusion
Few steps and things to be aware are key determiners of the "successful" adoption of the cloud, this does not mean they should be held to the latter but should used as pointers when navigating to the adoption of cloud.

finding and Synchronizing AWS Hybrid Storage

sosmation — Tue, 12 Sep 2023 11:02:11 +0000

When an AWS cloud enthusiast gets to sit down and share services like S3, Elastic block storage and elastic file storage will be the most talked about as each service provides its own set of attributes for different use cases.
I stumbled upon a service in AWS that tailor made to facilitate on-premise to cloud storage sharing with different storage options for those seeking to extend their storage, data availability to the cloud.

This service offers consumers the ability to link their on-premise data to cloud in different linking options, enabling convenience, flexibility in upload of different file formats. Some supported formats for files are iSCSI, SMB, and NFS
It integrates with services like S3, Amazon FSx for Windows File Server cloud storage enabling you to link your on-premise windows active directory to link and sync for data transfer to AWS cloud

One might be wondering how to leverage this service may it be for

Easing the on-premise storage by uploading and archiving content to cloud.
Being able to access files from AWS from on-premise with low latency.

With one's use case AWS storage gateway offers three storage interfaces for on-premise applications: file, volume, and tape.
it offers different modes to support your data

1.Amazon FSx File Gateway
This option is designed to enhance on-premise access of windows files at low-latency through amazon fsx share.
for a comprehensive deep dive on how it work visit
https://docs.aws.amazon.com/filegateway/latest/filefsxw/file-gateway-fsx-concepts.html

2.Tape Gateway
It provides backup application with an iSCSI virtual tape library (VTL) interface. They consist of virtual media changer, virtual tape drives, and virtual tapes.
This service is utilized through the snowball
for it features visit : https://aws.amazon.com/storagegateway/features/?nc=sn&loc=2&dn=1

Volume Gateway This option provides block storage to your on-premises applications using iSCSI connectivity. it uploads compressed files from on-premise, this reduces both latency and file size minimizing on storage cost.

it runs on either cached or stored mode, where cached primary data is written to s3 while frequently accessed data is retained locally.
in the case of stored mode the primary data and all its dataset is locally as it is also asynchronously backed up to AWS.
in getting started with volume gateway visit: https://aws.amazon.com/storagegateway/volume

Based on your preferred use case AWS has you covered.

see you on the next one
this article is authored by
Sospeter Gathungu

Creating your first IAM User in AWS

sosmation — Sun, 17 Jul 2022 06:11:34 +0000

AWS Identity and Access Management (IAM) is an AWS web service that helps you securely control access to resources in an AWS account.
When one first creates an AWS account you are by default the root user. It has a single sign-in identity and is accessed by signing in with the email address and password that you used to create the account.
It is best practice to create an IAM user account for your day-to-day operations and only use the root account privileges when needed.
https://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html#aws_tasks-that-require-root

There are a number of benefits features and benefits that come with setting up an IAM User.
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users.

This article focuses on how to create your first IAM user via the AWS console.

Create an Administrative Account from the root user account

** AWS Identity and Access Management**

Navigate to the search bar and search IAM.

This will open to a new page which provides the settings to create your user.

In this case since the account is new the user will have administrative privileges'.

"It is best practice to make an administrative user account to run your operational tasks than using the root account due to security issues"

There are a number of settings to configure.
Access type guides in how the user will access the AWS account
in this case you allow access programmatic access and AWS management console access

There is also the option of password auto generate or you can also provide a password

3.Set permissions
Permissons are a set of rules that restrict an user to a set of tasks and roles.

There are three options to choose from
1.Add user to a group
This is where a set of users are placed together under uniform permissions.

Coping rules from an existing user
In this case an permissions are borrowed from an existing user.
Attaching existing policies
This are a set of predefined permissions to choose from provided by AWS.

It is best practice to use groups for consistency, as it is less prone from mismatch which may occur when using policies.

In this case create a group and name it "Admins", grant it the admin permissions job function.

Click on create group and it should successfully create it.

Add tags Tags are used to easily identify, track or control access to a user. They may include user information like employee ID n.o or email address.

After you are done click on review at the bottom right section and to then to the create page.

You are provided with the access ID, secret access key password and the email you register with. A download csv link is provided and should be stored in a safe and secure place as it has the login credentials.

A log in link is provided by Amazon at the successful pop message in which you use to log in to the new account.

I hope this article is insightfully as you begin your AWS journey