Tag Archives: aws

EBS Default Encryption Enables Launching Encrypted Instances From Unencrypted AMI Snapshots

Previously (before end of May 2019), you had to encrypt the snapshot backing an AMI if you wanted to launch an instance with encrypted root volumes. This had some consequences for sharing AMIs: not only had AMIs to be shared … Continue reading

Posted in AWS, Cloud | Tagged , , , | Comments Off on EBS Default Encryption Enables Launching Encrypted Instances From Unencrypted AMI Snapshots

AWS IAM Version and SID traps

In a IAM policy JSON, if you omit the version string, you are heading for trouble: If you do not include a Version element, the value defaults to 2008-10-17, but newer features, such as policy variables, will not work with … Continue reading

Posted in AWS, Uncategorized | Tagged , | Comments Off on AWS IAM Version and SID traps

Using kops and AWS Bastion Hosts Correctly

You have correctly provisioned your AWS infrastructure using AWS Bastion Quickstart or with kops and want to connect to your private instances using the bastion hosts. First some principles: Terminate your bastion host after using it (set autoscaling to 0). … Continue reading

Posted in DevOps | Tagged , , | Comments Off on Using kops and AWS Bastion Hosts Correctly