AWS Cloud Operations Blog
Category: AWS PrivateLink
How to grant least privilege access to third-parties on your private EC2 instances with AWS Systems Manager
AWS Systems Manager Session Manager provides a more secure way to manage your Amazon Elastic Compute Cloud (EC2) instances without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. Furthermore, you can use it with a combination of AWS services to give access to external third-parties. Due to business requirements, you […]
Automate time series network visualizations for AWS PrivateLink using Amazon CloudWatch Contributor Insights
AWS PrivateLink is a highly available, scalable technology that lets you connect your Amazon Virtual Private Cloud (VPC) to supported AWS services without requiring public internet traversal. It also lets you privately connect to services hosted by other AWS accounts (VPC endpoint services) and supported AWS Marketplace partner services. Amazon CloudWatch Contributor Insights is a […]
Automated configuration of Session Manager without an internet gateway
Session Manager is a fully managed AWS Systems Manager capability that you can use to manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS CLI. Session Manager also provides secure and auditable instance management without the need to open […]
Amazon EC2 instance port forwarding with AWS Systems Manager
Port forwarding is a useful way to redirect network traffic from one IP address and port number combination to another. With port forwarding, you can access an EC2 instance located in a private subnet from your workstation. In this post, we walk through a use case where customers have a strict security requirement for their […]
Signaling AWS CloudFormation WaitConditions using AWS PrivateLink
I’m excited to finally answer a question I’ve been hearing from both Infrastructure as Code developers and security practitioners for years: “How do I send a signal back to my CloudFormation stack from within a private VPC without going across the public internet?”