Chris Farris

I passed the AWS Certified Solutions Architect – Professional Level exam this morning. The combination of all the reading and Vegas’s dry air has given me major eye aches.

My VP, Michael Koetter, gave a presentation in the Media Track at re:Invent on the AWS-based Content Supply Chain we’re building. You can check it out here: Plus a Link to SlideShare.net where you can see one of my diagrams: http://www.slideshare.net/AmazonWebServices/aws-reinvent-2016-turners-cloud-native-media-supply-chain-for-tnt-tbs-adult-swim-cartoon-network-cnn-mae302

AWS API Keys are powerful things that you don’t want to leave lying around. Amazon’s suggestion is to keep them in ~/.aws/config. I’m not a fan of that. OSX has KeyChain, which is a secure repository for credentials and what most OSX Apps use for caching your login to various websites. This might not be the ideal solution, but it’s better than an unencrypted file in your home directory.

I’ve built a set of three scripts that will use OSX Keychain to store your AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, and retrieve them into environment variables when needed to use the AWS API or any script that honors those environment variables.

We’re getting ready to deploy our first production workload in AWS, and our AWS account team recommended we enable a bunch of auditing on our accounts in each region. That is a lot of clicking for 9 regions across three accounts. This script will configure AWS CloudTrail and AWS Config Service in all regions, configure the logging bucket, and establish a reasonable password policy. Amazon is about to release 3 (or four) more regions in Ohio, England, Korea and India.