2022/02/28
If you want to get a list of aws:principalTags/* values that can be used in your IAM conditions, search CloudTrail events for Event Name: AssumeRoleWithSaml.
tags
2022/05/03
aws policy documents can change the order of items within permissions arrays, but that’s safe to ignore:
- Order is lost for data
aws_iam_policy_document - Policy elements that are syntactically lists but semantically sets should have their order ignored
- Perpetual diffs / Objects have changed outside of Terraform tracking ticket
Also, that & types take 8 bytes = 64 bits on 64-bit systems
use std::mem;
pub struct Foo {
bar: String, // 24
baz: usize, // 8
}
pub struct Quux<'a> {
foo: &'a Foo,
bar: usize,
}
fn main() {
println!("Foo: {}", mem::size_of::<Foo>()); // 32
println!("&Foo: {}", mem::size_of::<&Foo>()); // 8 -- a pointer?
println!("Quux: {}", mem::size_of::<Quux>()); // 16 -- a pointer + a usize!
println!("&Quux: {}", mem::size_of::<&Quux>()); // 8 -- another pointer
}
2022/08/22
About IfExists AWS IAM conditions: if a condition key might not exist (the resource doesn’t have it built-in, or a tag isn’t set), you can append IfExists to the condition test.
For example StringEquals -> StringEqualsIfExists.
2022/08/30
That the max duration for any AWS assumed role session is 12h.
--duration-seconds (integer)
The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to the maximum session duration set for the role. **The maximum session duration setting can have a value from 1 hour to 12 hours.** If you specify a value higher than this setting or the administrator setting (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails.
Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of one hour. When you use the AssumeRole API operation to assume a role, you can specify the duration of your role session with the DurationSeconds parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a DurationSeconds parameter value greater than one hour, the operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide .
By default, the value is set to 3600 seconds.
see https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html#options
Also: I learned that is0-8601 defines formats for durations (like PT2H) and time intervals
2022/11/07
that AWS ALB target groups support HTTPS healthcheck targets: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html
That FQDN stands for Fully Qualified Domain Name. For example sub.domain.tld. is a FQDN.
2022/11/08
That the aws_ec2_tag
resource can be used to add tags to AWS RAM-shared VPCs and subnets:
This resource should only be used in cases where EC2 resources are created outside Terraform (e.g., AMIs), being shared via Resource Access Manager (RAM), or implicitly created by other means (e.g., Transit Gateway VPN Attachments).
Also, that
When the source of a module is a version control repository or archive file (generically, a “package”), the module itself may be in a sub-directory relative to the root of the package. A special double-slash syntax is interpreted by Terraform to indicate that the remaining path after that point is a sub-directory within the package. For example:
git::https://example.com/network.git//modules/vpc?ref=v1.2.0