Forem: Masaki Okuda The latest articles on Forem by Masaki Okuda (@masakiokuda). https://forem.com/masakiokuda https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2263154%2Fca28949e-9d09-4044-87b1-12610b448d29.jpeg Forem: Masaki Okuda https://forem.com/masakiokuda en Testing AWS DevOps Agent with Multi-Account Masaki Okuda Sun, 01 Mar 2026 13:50:15 +0000 https://forem.com/masakiokuda/testing-aws-devops-agent-with-multi-account-2l78 https://forem.com/masakiokuda/testing-aws-devops-agent-with-multi-account-2l78 <p>One of the key features of AWS DevOps Agent is <strong>multi-account support</strong>. In this hands-on article, we'll verify the multi-account functionality and discuss practical considerations for real-world implementation.</p> <h2> Disclaimer </h2> <p>This blog content is based on testing during the preview phase.<br> The information may change as updates are released.</p> <h2> Target Audience </h2> <ul> <li>Those who want to explore AWS DevOps Agent's multi-account functionality</li> <li>Those who want to understand considerations when testing multi-account setups</li> </ul> <h2> Key Takeaways </h2> <ul> <li>Fault detection in multi-account configurations is achievable</li> <li>Multi-account setup itself is straightforward, but practical implementation requires careful consideration</li> <li>IAM role names and permission management need to be determined before implementing DevOps Agent</li> </ul> <h2> About the Test Environment </h2> <p>We'll conduct verification using the test sample code from the AWS DevOps Agent official documentation. (The sample code allows you to test EC2 stress tests and Lambda processing performance)</p> <p><a href="https://docs.aws.amazon.com/devopsagent/latest/userguide/getting-started-with-aws-devops-agent-creating-a-test-environment.html#test-option-a-ec2-cpu-capacity-test" rel="noopener noreferrer">Creating a Test Environment</a></p> <p>The implementation steps are described in the guide, so we'll omit them from this blog.</p> <p><strong>Note: Since AWS DevOps Agent is in preview, please create resources in the US East (N. Virginia) region</strong></p> <p><strong>Note: Indentation corrections are required for Test A/Test B YAML files</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4gr9ao6firpck1jukhlb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4gr9ao6firpck1jukhlb.png" alt=" " width="800" height="437"></a></p> <p><strong><em>Test A</em></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2010-09-09'</span> <span class="na">Description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS</span><span class="nv"> </span><span class="s">DevOps</span><span class="nv"> </span><span class="s">Agent</span><span class="nv"> </span><span class="s">EC2</span><span class="nv"> </span><span class="s">CPU</span><span class="nv"> </span><span class="s">Test</span><span class="nv"> </span><span class="s">Stack'</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">MyIP</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Your current IP address for SSH access (find at https://whatismyipaddress.com)</span> <span class="na">Default</span><span class="pi">:</span> <span class="s1">'</span><span class="s">0.0.0.0/0'</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># Security Group for SSH access</span> <span class="na">TestSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-test-sg</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">AWS DevOps Agent beta testing security group</span> <span class="na">SecurityGroupIngress</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">22</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">22</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyIP</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">SSH access from your IP</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-Test-SG</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Purpose</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-Testing</span> <span class="c1"># Key Pair for SSH access</span> <span class="na">TestKeyPair</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::KeyPair</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">KeyName</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-test-key</span> <span class="na">KeyType</span><span class="pi">:</span> <span class="s">rsa</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-Test-Key</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Purpose</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-Testing</span> <span class="c1"># EC2 Instance for CPU testing</span> <span class="na">TestInstance</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="s">t3.micro</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="s1">'</span><span class="s">{{resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64}}'</span> <span class="na">KeyName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TestKeyPair</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">TestSecurityGroup</span> <span class="na">UserData</span><span class="pi">:</span> <span class="na">Fn::Base64</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="pi">|</span> <span class="s">#!/bin/bash</span> <span class="s">yum update -y</span> <span class="s">yum install -y htop</span> <span class="s"># Create the CPU stress test script</span> <span class="s">cat &gt; /home/ec2-user/cpu-stress-test.sh &lt;&lt; 'EOF'</span> <span class="s">#!/bin/bash</span> <span class="s">echo "Starting AWS DevOpsAgent CPU Stress Test"</span> <span class="s">echo "Time: $(date)"</span> <span class="s">echo "Instance: $(curl -s http://169.254.169.254/latest/meta-data/instance-id)"</span> <span class="s">echo ""</span> <span class="s"># Get number of CPU cores</span> <span class="s">CORES=$(nproc)</span> <span class="s">echo "CPU Cores: $CORES"</span> <span class="s">echo ""</span> <span class="s">echo "Starting stress test (5 minutes)..."</span> <span class="s">echo "This will generate &gt;70% CPU usage to trigger CloudWatch alarm"</span> <span class="s">echo ""</span> <span class="s"># Create CPU load using yes command</span> <span class="s">echo "Starting CPU load processes..."</span> <span class="s">for i in $(seq 1 $CORES); do</span> <span class="s">(yes &gt; /dev/null) &amp;</span> <span class="s">CPU_PID=$!</span> <span class="s">echo "Started CPU load process $i (PID: $CPU_PID)"</span> <span class="s">echo $CPU_PID &gt;&gt; /tmp/cpu_test_pids</span> <span class="s">done</span> <span class="s"># Auto-cleanup after 5 minutes</span> <span class="s">(sleep 300 &amp;&amp; echo "Stopping CPU load processes..." &amp;&amp; kill $(cat /tmp/cpu_test_pids 2&gt;/dev/null) 2&gt;/dev/null &amp;&amp; rm -f /tmp/cpu_test_pids) &amp;</span> <span class="s">echo ""</span> <span class="s">echo "CPU load processes started for 5 minutes"</span> <span class="s">echo "Check CloudWatch for alarm trigger in 3-5 minutes"</span> <span class="s">EOF</span> <span class="s">chmod +x /home/ec2-user/cpu-stress-test.sh</span> <span class="s">chown ec2-user:ec2-user /home/ec2-user/cpu-stress-test.sh</span> <span class="s"># Create auto-shutdown script (safety mechanism)</span> <span class="s">cat &gt; /home/ec2-user/auto-shutdown.sh &lt;&lt; 'SHUTDOWN_EOF'</span> <span class="s">#!/bin/bash</span> <span class="s">echo "Auto-shutdown scheduled for 2 hours from now: $(date)"</span> <span class="s">sleep 7200</span> <span class="s">echo "Auto-shutdown executing at: $(date)"</span> <span class="s">sudo shutdown -h now</span> <span class="s">SHUTDOWN_EOF</span> <span class="s">chmod +x /home/ec2-user/auto-shutdown.sh</span> <span class="s">nohup /home/ec2-user/auto-shutdown.sh &gt; /home/ec2-user/auto-shutdown.log 2&gt;&amp;1 &amp;</span> <span class="s">echo "AWS DevOpsAgent test setup completed at $(date)" &gt; /home/ec2-user/setup-complete.txt</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-Test-Instance</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Purpose</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-Testing</span> <span class="c1"># CloudWatch Alarm for CPU utilization</span> <span class="na">CPUAlarm</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::CloudWatch::Alarm</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AlarmName</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-EC2-CPU-Test</span> <span class="na">AlarmDescription</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent beta test - EC2 CPU utilization alarm</span> <span class="na">MetricName</span><span class="pi">:</span> <span class="s">CPUUtilization</span> <span class="na">Namespace</span><span class="pi">:</span> <span class="s">AWS/EC2</span> <span class="na">Statistic</span><span class="pi">:</span> <span class="s">Average</span> <span class="na">Period</span><span class="pi">:</span> <span class="m">60</span> <span class="na">EvaluationPeriods</span><span class="pi">:</span> <span class="m">1</span> <span class="na">Threshold</span><span class="pi">:</span> <span class="m">70</span> <span class="na">ComparisonOperator</span><span class="pi">:</span> <span class="s">GreaterThanThreshold</span> <span class="na">Dimensions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">InstanceId</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TestInstance</span> <span class="na">TreatMissingData</span><span class="pi">:</span> <span class="s">notBreaching</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">InstanceId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">EC2 Instance ID for testing</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TestInstance</span> <span class="na">SecurityGroupId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Security Group ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TestSecurityGroup</span> <span class="na">AlarmName</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">CloudWatch Alarm Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">CPUAlarm</span> <span class="na">SSHCommand</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">SSH command to connect to instance</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s1">'</span><span class="s">ssh</span><span class="nv"> </span><span class="s">-i</span><span class="nv"> </span><span class="s">"AWS-DevOpsAgent-test-key.pem"</span><span class="nv"> </span><span class="s">ec2-user@${TestInstance.PublicDnsName}'</span> </code></pre> </div> <p><strong>Test B</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2010-09-09'</span> <span class="na">Description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS</span><span class="nv"> </span><span class="s">DevOpsAgent</span><span class="nv"> </span><span class="s">Lambda</span><span class="nv"> </span><span class="s">Error</span><span class="nv"> </span><span class="s">Test</span><span class="nv"> </span><span class="s">Stack'</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># IAM Role for Lambda function</span> <span class="na">LambdaExecutionRole</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RoleName</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgentLambdaTestRole</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2012-10-17'</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="s">lambda.amazonaws.com</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-Lambda-Test-Role</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Purpose</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-Testing</span> <span class="c1"># Lambda function that generates errors</span> <span class="na">TestLambdaFunction</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Lambda::Function</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FunctionName</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-test-lambda</span> <span class="na">Runtime</span><span class="pi">:</span> <span class="s">python3.12</span> <span class="na">Handler</span><span class="pi">:</span> <span class="s">index.lambda_handler</span> <span class="na">Role</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">LambdaExecutionRole.Arn</span> <span class="na">Code</span><span class="pi">:</span> <span class="na">ZipFile</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">import json</span> <span class="s">import random</span> <span class="s">import time</span> <span class="s">from datetime import datetime</span> <span class="s">def lambda_handler(event, context):</span> <span class="s">print(f"AWS DevOpsAgent Test Lambda - {datetime.now()}")</span> <span class="s">print(f"Event: {json.dumps(event)}")</span> <span class="s"># Intentionally generate errors for testing</span> <span class="s">error_scenarios = [</span> <span class="s">"Simulated database connection timeout",</span> <span class="s">"Test API rate limit exceeded",</span> <span class="s">"Intentional validation error for AWS DevOpsAgent testing"</span> <span class="s">]</span> <span class="s"># Always throw an error for testing purposes</span> <span class="s">error_message = random.choice(error_scenarios)</span> <span class="s">print(f"Generating test error: {error_message}")</span> <span class="s"># This will create a Lambda error that CloudWatch will detect</span> <span class="s">raise Exception(f"AWS DevOpsAgent Test Error: {error_message}")</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">AWS DevOpsAgent beta test function - intentionally generates errors</span> <span class="na">Timeout</span><span class="pi">:</span> <span class="m">30</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-Test-Lambda</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Purpose</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-Testing</span> <span class="c1"># CloudWatch Alarm for Lambda errors</span> <span class="na">LambdaErrorAlarm</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::CloudWatch::Alarm</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AlarmName</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent-Lambda-Error-Test</span> <span class="na">AlarmDescription</span><span class="pi">:</span> <span class="s">AWS-DevOpsAgent beta test - Lambda error rate alarm</span> <span class="na">MetricName</span><span class="pi">:</span> <span class="s">Errors</span> <span class="na">Namespace</span><span class="pi">:</span> <span class="s">AWS/Lambda</span> <span class="na">Statistic</span><span class="pi">:</span> <span class="s">Sum</span> <span class="na">Period</span><span class="pi">:</span> <span class="m">60</span> <span class="na">EvaluationPeriods</span><span class="pi">:</span> <span class="m">1</span> <span class="na">Threshold</span><span class="pi">:</span> <span class="m">0</span> <span class="na">ComparisonOperator</span><span class="pi">:</span> <span class="s">GreaterThanThreshold</span> <span class="na">Dimensions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">FunctionName</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TestLambdaFunction</span> <span class="na">TreatMissingData</span><span class="pi">:</span> <span class="s">notBreaching</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">LambdaFunctionName</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Lambda Function Name for testing</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TestLambdaFunction</span> <span class="na">LambdaFunctionArn</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Lambda Function ARN</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">TestLambdaFunction.Arn</span> <span class="na">AlarmName</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">CloudWatch Alarm Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">LambdaErrorAlarm</span> <span class="na">TestCommand</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">AWS CLI command to test the function</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s1">'</span><span class="s">aws</span><span class="nv"> </span><span class="s">lambda</span><span class="nv"> </span><span class="s">invoke</span><span class="nv"> </span><span class="s">--function-name</span><span class="nv"> </span><span class="s">${TestLambdaFunction}</span><span class="nv"> </span><span class="s">--payload</span><span class="nv"> </span><span class="s">"{\"test\":\"AWS</span><span class="nv"> </span><span class="s">DevOpsAgent</span><span class="nv"> </span><span class="s">validation\"}"</span><span class="nv"> </span><span class="s">response.json'</span> </code></pre> </div> <p>Once the CloudFormation processing completes successfully, the test environment is ready.<br> Since it takes time for error conditions to occur, let's configure AWS DevOps Agent in the meantime.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fym1mtascp002bevc77v7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fym1mtascp002bevc77v7.png" alt=" " width="800" height="189"></a></p> <h2> AWS DevOps Agent Multi-Account Configuration </h2> <p>First, create an AWS DevOps Agent for multi-account integration.<br> By the way, the top screen when creating an Agentspace has changed.<br> Since it's a preview version, breaking changes are likely occurring.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffgmez2nh1szfkgxdpkbq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffgmez2nh1szfkgxdpkbq.png" alt=" " width="800" height="395"></a></p> <p>Link the target AWS account to the Secondary Source.<br> Click the <strong>Add button</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh1j1067aqpbmylookpa0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh1j1067aqpbmylookpa0.png" alt=" " width="800" height="407"></a></p> <p>After clicking, IAM role information to be created in the target account is displayed. Navigate to the target AWS account and create the IAM role.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff5f5x67o5p2m1ud5ovps.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff5f5x67o5p2m1ud5ovps.png" alt=" " width="800" height="397"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbaj03dmtgsju8yys9dch.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbaj03dmtgsju8yys9dch.png" alt=" " width="800" height="262"></a></p> <p><strong><em>Let's try creating the role with a name different from the initially instructed name</em></strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4wx1x3eal77rdo6r7fph.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4wx1x3eal77rdo6r7fph.png" alt=" " width="800" height="380"></a></p> <p>The IAM role has been created, but don't forget to configure the inline policy.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9sow5ko0fzljbyurhslz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9sow5ko0fzljbyurhslz.png" alt=" " width="800" height="377"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyi2rg3ak5s2r8a3rn0rt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyi2rg3ak5s2r8a3rn0rt.png" alt=" " width="800" height="408"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F46wnivns4fld703568q5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F46wnivns4fld703568q5.png" alt=" " width="800" height="410"></a></p> <p>Looking at the inline policy configuration, only minimal resource settings are permitted. For example, if you have needs like <strong>storing logs in S3</strong> or <strong>wanting to monitor Control Tower</strong>, you'll need to tune the inline policy configuration.</p> <p>The IAM role for AWS DevOps Agent should follow these rules:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs4r56aqu5gy4ouxkeyjz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs4r56aqu5gy4ouxkeyjz.png" alt=" " width="800" height="404"></a></p> <p>You should see alarms displayed, so let's check them.<br> The Lambda alarm went into alarm state, but no alarm occurred for EC2. The script itself didn't seem to be running either, so it might be better to create your own verification resources.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F85yzsd7jtwx3qhjrbq8p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F85yzsd7jtwx3qhjrbq8p.png" alt=" " width="800" height="426"></a></p> <p>Return to the AWS console on the AWS DevOps Agent side and configure multi-account settings. Configure the following:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz940nrmo193v7wx7mfda.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz940nrmo193v7wx7mfda.png" alt=" " width="800" height="303"></a></p> <p>Once configuration is complete, the AWS account for multi-account setup will be displayed in the Secondary Source.</p> <p><strong><em>An error will occur if the IAM role name doesn't match</em></strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo79rufxgeeo1bjn6v1uu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo79rufxgeeo1bjn6v1uu.png" alt=" " width="800" height="403"></a></p> <p>By correcting the IAM role name, it becomes Valid.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flo87ovz0vxj93wc3ksop.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flo87ovz0vxj93wc3ksop.png" alt=" " width="800" height="403"></a></p> <h2> Testing with AWS DevOps Agent </h2> <p>Now let's verify whether AWS DevOps Agent can detect Lambda failures.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F59nq047ea0l67oydo0vn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F59nq047ea0l67oydo0vn.png" alt=" " width="800" height="425"></a></p> <p>The test alarm name is appearing, so multi-account is functioning properly.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5cxoed47e9az1bp4ba8f.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5cxoed47e9az1bp4ba8f.png" alt=" " width="800" height="410"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmxilzghxbjnwy41vjkns.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmxilzghxbjnwy41vjkns.png" alt=" " width="800" height="412"></a></p> <p>The following was output as the investigation result.<br> The cause was identified as <strong>intentional Lambda code designed to output test errors</strong>, confirming that detection is working properly.</p> <blockquote> <p>The Lambda function AWS-DevOpsAgent-test-lambda, intentionally designed to generate test errors, experienced a 100% error rate (4 errors out of 4 invocations) between 13:40:00 and 13:41:00 UTC. This function was deployed via CloudFormation at 13:15:04 UTC with the description "AWS DevOpsAgent beta test function - intentionally generates errors". Log analysis revealed that the function code (index.py, line 21) intentionally raises exceptions with three different test scenarios: "Test API rate limit exceeded", "Intentional validation error for AWS DevOpsAgent testing", and "Simulated database connection timeout". All errors follow the pattern "AWS DevOpsAgent Test Error: {error_message}". Metrics confirmed these were immediate failures (5-19 millisecond durations) without throttling or timeout issues, consistent with intentional error generation. The CloudWatch alarm "AWS-DevOpsAgent-Lambda-Error-Test" triggered as designed when detecting these errors. This is expected behavior for this test function and not an incident requiring remediation in production.</p> </blockquote> <h2> Insights Gained Through Verification </h2> <p>Through multi-account configuration verification, we gained several insights.</p> <h3> Insight 1: Configuration itself is not difficult with the guide </h3> <p>Since the AWS DevOps Agent multi-account configuration screen provides guidance on what policies and roles to configure, even beginners can handle the setup. However, the default policy permissions are minimal, so customization may be necessary depending on the project.</p> <h3> Insight 2: There are risks with current specifications when configuring for user environments </h3> <p>When performing operational support or monitoring configuration, settings are likely needed for both the vendor's AWS account (where DevOps Agent is set up) and the user's AWS account (where IAM roles are configured). In such cases, if <strong>IAM role names and permission settings</strong> are not discussed in advance, there's a possibility that the desired troubleshooting cannot be achieved.</p> <h3> Insight 3: Introducing multi-account makes DevOps Agent operations more complex </h3> <p>In this case, we're targeting <strong>one AWS account</strong>, so management isn't too complex, but when managing multiple AWS accounts with a single DevOps Agent, it becomes difficult to track which AgentSpace manages which AWS account. (You need to check each AgentSpace's accounts one by one)</p> <h2> Future Outlook </h2> <p>Writing this blog has raised the need to consider the following:</p> <ul> <li>Permission management considering multi-account configuration (IAM Identity Center)</li> <li>DevOps Agent management itself considering IaC</li> <li>Accuracy verification when registering multiple multi-accounts + same failure occurs simultaneously</li> </ul> <p>Additionally, we'd like to conduct verification from these perspectives:</p> <ul> <li>Integration with unsupported observability tools</li> <li>Implementation ideas for enterprise environments</li> </ul> aws devops testing tutorial Adding Cognito authentication to AWS DevOps Agent Masaki Okuda Sun, 18 Jan 2026 07:24:44 +0000 https://forem.com/masakiokuda/adding-cognito-authentication-to-aws-devops-agent-1c93 https://forem.com/masakiokuda/adding-cognito-authentication-to-aws-devops-agent-1c93 <h4> Original Blogs </h4> <p><a href="https://zenn.dev/mob_engineer/articles/10fe4d426f7e85" rel="noopener noreferrer">AWS DevOps AgentにCognito認証を追加する</a></p> <p>One of the benefits of AWS DevOps Agent is that it allows you to separate the AWS console from the console for AWS DevOps Agent. This eliminates the need for operations personnel to log in to the AWS console, preventing unexpected resource deletion.</p> <p>However, there are security concerns when sharing the console URL for AWS DevOps Agent. Although it is difficult to guess because the domain name contains random characters, it is recommended to add at least some authentication functionality as a security measure.</p> <p>In this article, we will implement a method to control access to the console for AWS DevOps Agent using Cognito authentication.</p> <h2> Notes </h2> <p>The official documentation recommends using the IAM Identity Center for authentication. If you cannot use the IAM Identity Center in the US (Northern Virginia) region, please use this procedure.</p> <h2> Target Audience </h2> <ul> <li>Those using the AWS DevOps Agent</li> <li>Those who want to implement an authentication mechanism for practical use</li> </ul> <h2> Leaning Outcome </h2> <ul> <li>Cognito can be used instead if IAM Identity Center is not available.</li> <li>Because Cognito makes it difficult to provide fine-grained permission control, we recommend using IAM Identity Center.</li> </ul> <h2> Preparation for implementation </h2> <ul> <li>Have an AWS account</li> </ul> <p>Open AWS DevOps Agent Space</p> <ul> <li>Open the AWS Management Console</li> <li>Make sure your region is set to US (N. Virginia)</li> <li>Type AWS DevOps Agent in the search box</li> <li>Click AWS DevOps Agent in the search results</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpulqg4xj9ry1im8x4dlc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpulqg4xj9ry1im8x4dlc.png" alt=" " width="800" height="422"></a></p> <ul> <li>The AWS DevOps Agent menu screen will appear.</li> <li>Click the "Create Agent Space" button in the upper right corner of the screen.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5xthjwwl496vb7h1k8cv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5xthjwwl496vb7h1k8cv.png" alt=" " width="800" height="405"></a></p> <ul> <li>Enter a name for your Agent Space in the Name and Description fields.</li> <li>Leave all other fields as default.</li> <li>Scroll to the bottom and click the Create button.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs9k3sv4ll8p66sq0409b.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs9k3sv4ll8p66sq0409b.png" alt=" " width="800" height="369"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffgc12530qc3h1069spw0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffgc12530qc3h1069spw0.png" alt=" " width="800" height="398"></a></p> <ul> <li>After a few minutes, the AWS DevOps Agent will be created.</li> <li>Click the Operator Access button.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Furriwaddhk11pirvqc5y.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Furriwaddhk11pirvqc5y.png" alt=" " width="800" height="414"></a></p> <ul> <li>The AWS DevOps Agent console screen will be displayed.</li> <li>Copy and paste the URL into a text file.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0ntgh7ujgcgje9sz2ugs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0ntgh7ujgcgje9sz2ugs.png" alt=" " width="800" height="475"></a></p> <h2> Prepare Cognito for AWS DevOps Agent </h2> <ul> <li>Return to the AWS console screen</li> <li>Type Cognito in the search box</li> <li>Click Cognito in the search results</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwy9w2fh7d1kvduzhukaa.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwy9w2fh7d1kvduzhukaa.png" alt=" " width="800" height="415"></a></p> <ul> <li>Click the hamburger menu on the left to display the menu.</li> <li>Click User Pool.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl6zds7xdqfc7uvayb9dn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl6zds7xdqfc7uvayb9dn.png" alt=" " width="800" height="417"></a></p> <ul> <li>Click the Create User Pool button</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcnwczw21oftegiq7b2x5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcnwczw21oftegiq7b2x5.png" alt=" " width="800" height="366"></a></p> <ul> <li>Enter a name for the application</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faz4agmlks5qkxtcylkiz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faz4agmlks5qkxtcylkiz.png" alt=" " width="800" height="412"></a></p> <ul> <li>Set the following options:</li> <li>Sign-in Identifier Option: Email Address</li> <li>Self-Registration: Unchecked</li> <li>Required Sign-in Attribute: Email Address</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnzficclwyoacdzh9xkao.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnzficclwyoacdzh9xkao.png" alt=" " width="800" height="334"></a></p> <ul> <li>Paste the AWS DevOps Agent URL you copied earlier into the return URL.</li> <li>Click the button to create a user directory.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmsdtwic5kbhnd09zenh5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmsdtwic5kbhnd09zenh5.png" alt=" " width="800" height="172"></a></p> <ul> <li>Click User Pools in the left menu.</li> <li>Click the user pool you just created.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo0aykhkezn17f9ojujz9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo0aykhkezn17f9ojujz9.png" alt=" " width="800" height="414"></a></p> <ul> <li>Click on Users in the left menu</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyci5h9a3bchztnmnnyg6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyci5h9a3bchztnmnnyg6.png" alt=" " width="800" height="412"></a></p> <ul> <li>Click the "Create User" button</li> <li>Enter the following information:</li> <li>Email Address: Your preferred email address</li> <li>Temporary Password: Your preferred password</li> <li>Password: Your preferred password</li> <li>After entering the information, click the "Create User" button.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk1kkwqiqmjfrnwx3zuqn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk1kkwqiqmjfrnwx3zuqn.png" alt=" " width="800" height="188"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkf275931lhyvafstd483.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkf275931lhyvafstd483.png" alt=" " width="800" height="407"></a></p> <h2> Login test </h2> <ul> <li>Click "Application Client" in the left menu.</li> <li>Click the application you created.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F37o9p2mjrv3e7yl0p8ew.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F37o9p2mjrv3e7yl0p8ew.png" alt=" " width="800" height="339"></a></p> <ul> <li>Click the "Login Page" tab</li> <li>Click the "Show Login Page" button</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F61p1rj1ttx6sitxj26tz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F61p1rj1ttx6sitxj26tz.png" alt=" " width="800" height="410"></a></p> <ul> <li>Enter the email address of the user you just created</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcev5zf80b2gzgos3yfh5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcev5zf80b2gzgos3yfh5.png" alt=" " width="661" height="392"></a></p> <ul> <li>If a password is required, enter it</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqd49ks29psqgq6569wka.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqd49ks29psqgq6569wka.png" alt=" " width="616" height="419"></a></p> <ul> <li>You will be asked to change your password, so enter a suitable password.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fggiogr30q0tz4flh96rp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fggiogr30q0tz4flh96rp.png" alt=" " width="661" height="826"></a></p> <ul> <li>After logging in, you will be redirected to the AWS DevOps Agent screen.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmghaz05lwi8m3r0bbxyi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmghaz05lwi8m3r0bbxyi.png" alt=" " width="800" height="410"></a></p> <h2> Impressions </h2> <p>I was able to add authentication functionality to AWS DevOps Agent with Cognito without using IAM Identity Center. However, since accounts are managed by Cognito, user management can become complicated.</p> <p>It's sufficient if you require minimal authentication functionality, but if you want to control permissions more precisely for each operator, we recommend using the IAM Identity Center. Currently, AWS DevOps Agent is a preview service, so it only supports the IAM Identity Center in the US (Northern Virginia) region. We expect support for other regions will follow when it becomes generally available.</p> <p>The implementation itself is relatively simple, so if you are considering strengthening the security of your AWS DevOps Agent, give it a try.</p> <h2> Additional Note </h2> <p>If you are using IAM Identity Center management, you will lose access to the AWS DevOps Agent if your session expires. Session management is a topic for future consideration.</p> aws devops security tutorial [Tips] [Podman] What to do if you get an "insufficient space" error when loading an image Masaki Okuda Wed, 08 Oct 2025 23:13:48 +0000 https://forem.com/masakiokuda/tips-podman-what-to-do-if-you-get-an-insufficient-space-error-when-loading-an-image-32mp https://forem.com/masakiokuda/tips-podman-what-to-do-if-you-get-an-insufficient-space-error-when-loading-an-image-32mp <p>Thank you for reading this article.<br> This is Mob Engineer (@mob-engineer).</p> <p>When building a container using Podman, I encountered an error due to insufficient space in the default image storage directory. I found a workaround, so I'm posting it here for future reference.</p> <h2> Use case </h2> <ul> <li>When temporarily saving images to a directory with a large capacity</li> </ul> <h2> work around </h2> <p>By executing it with the --root option, it will be saved to the option specified destination.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ podman load -i &lt;image path&gt; --root &lt;destination&gt; </code></pre> </div> <h2> Points to note </h2> <p>If you load using the above command, the loaded image will not be displayed unless you add the --root option.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Image information not displayed $ podman images # Image displayed $ podman images --root </code></pre> </div> <h3> Warnig </h3> <p>This is just a workaround, so it should only be used temporarily (delete the image stored locally after pushing it to any repository). If you want to permanently change the storage folder, change the settings in "~/.config/containers/storage.conf".</p> <h2> Summary </h2> <p>Podman itself is easy to use, so I will continue to output any tips I find about podman.</p> <h2> Docs </h2> <p><a href="https://docs.podman.io/en/stable/markdown/podman-system-prune.1.html" rel="noopener noreferrer">podman-system-prune (Removing Unnecessary Resources)</a></p> <p><a href="https://docs.podman.io/en/stable/markdown/podman-system-df.1.html" rel="noopener noreferrer">podman-system-df (Checking Disk Usage)</a></p> <p><a href="https://docs.podman.io/en/stable/markdown/podman.1.html" rel="noopener noreferrer">podman (Main Page - Storage Settings)</a></p> <p><a href="https://docs.podman.io/en/stable/markdown/podman-system-reset.1.html" rel="noopener noreferrer">podman-system-reset (Full Storage Reset)</a></p> <p><a href="https://github.com/containers/podman/blob/main/troubleshooting.md" rel="noopener noreferrer">Troubleshooting</a></p> tips podman containers Deep Dive into AWS Cloud WAN Core Network Policy: Configuration, Examples, and Strategy Masaki Okuda Sun, 05 Oct 2025 13:29:06 +0000 https://forem.com/masakiokuda/deep-dive-into-aws-cloud-wan-core-network-policy-configuration-examples-and-strategy-30eo https://forem.com/masakiokuda/deep-dive-into-aws-cloud-wan-core-network-policy-configuration-examples-and-strategy-30eo <h1> Deep Dive into AWS Cloud WAN Core Network Policy: Configuration, Examples, and Strategy </h1> <p>Thank you for reading this article.<br> I'm mob-engineer (<a href="https://qiita.com/mob_engineer" rel="noopener noreferrer">@mob-engineer</a>).</p> <p>The core network policy is the heart of the Cloud WAN service, but configuring it can seem daunting for network beginners. In this article, I'll organize and summarize the policy structure, configuration examples, and strategies for Cloud WAN core networks.</p> <h2> Target Audience </h2> <p>This article is written for readers facing the following challenges:</p> <ol> <li>Those using Cloud WAN in practice but lacking deep understanding</li> <li>Those wanting to develop strategies for core network policies</li> </ol> <h2> Core Network Policy Structure </h2> <p>The core network policy structure is well documented in the official AWS documentation.</p> <p><a href="https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-policies-json.html" rel="noopener noreferrer">Official Documentation</a></p> <p>The core network policy consists of the following components:</p> <ul> <li>Core network configuration (IP addresses, AS numbers, etc.)</li> <li>Segments (filtering settings, etc.)</li> <li>Network function groups (used when configuring firewalls, etc.)</li> <li>Segment actions (specifying what processing to perform for each segment)</li> <li>Attachment policies (rules for attaching network resources)</li> </ul> <p>That said, correctly understanding and configuring these rules can be challenging.<br> (Segment actions in particular seem to be a major hurdle)</p> <h2> Core Network Policy Samples </h2> <p>AWS provides several official samples.</p> <h3> 1 Segment + 1 Region </h3> <p><a href="https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-policy-examples-one-segment-region.html" rel="noopener noreferrer">AWS Documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2021.12"</span><span class="p">,</span><span class="w"> </span><span class="nl">"core-network-configuration"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"asn-ranges"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"64512-65534"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"edge-locations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"segments"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"mynetwork"</span><span class="p">,</span><span class="w"> </span><span class="nl">"require-attachment-acceptance"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"attachment-policies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"condition-logic"</span><span class="p">:</span><span class="w"> </span><span class="s2">"and"</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"any"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"constant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"mynetwork"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This is a very simple core network policy that should be easy to understand.<br> For those touching Cloud WAN for the first time, starting with this policy is the quickest way to learn.</p> <h3> 2 Segments + Multiple Regions </h3> <p><a href="https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-policy-examples-two-segments-regions.html" rel="noopener noreferrer">Official Documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2021.12"</span><span class="p">,</span><span class="w"> </span><span class="nl">"core-network-configuration"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"asn-ranges"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"64512-65534"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"edge-locations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-2"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eu-west-1"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"segments"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"secured"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"nonSecured"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"attachment-policies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tag-value"</span><span class="p">,</span><span class="w"> </span><span class="nl">"key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Network"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Secured"</span><span class="p">,</span><span class="w"> </span><span class="nl">"operator"</span><span class="p">:</span><span class="w"> </span><span class="s2">"equals"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"constant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"secured"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">200</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tag-value"</span><span class="p">,</span><span class="w"> </span><span class="nl">"key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Network"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Non-Secured"</span><span class="p">,</span><span class="w"> </span><span class="nl">"operator"</span><span class="p">:</span><span class="w"> </span><span class="s2">"equals"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"constant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"non-secured"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This is more complex than the previous example, but it becomes easier to understand if you imagine "completely separating networks for Tokyo and Osaka locations."<br> (Secured = Tokyo location, Non-Secured = Osaka location)</p> <h3> When Including Specific Segment Settings </h3> <p><a href="https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-policy-examples-edge-consolidation.html" rel="noopener noreferrer">Official Documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2021.12"</span><span class="p">,</span><span class="w"> </span><span class="nl">"core-network-configuration"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"asn-ranges"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"64512-65534"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"edge-locations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eu-west-1"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"segments"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"development"</span><span class="p">,</span><span class="w"> </span><span class="nl">"isolate-attachments"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"require-attachment-acceptance"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"hybrid"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"segment-actions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"share"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"attachment-route"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"development"</span><span class="p">,</span><span class="w"> </span><span class="nl">"share-with"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"hybrid"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"create-route"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destination-cidr-blocks"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"0.0.0.0/0"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"development"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destinations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"attachment-12355678901234567"</span><span class="p">,</span><span class="w"> </span><span class="s2">"attachment-23456789012345678"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"attachment-policies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">10</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"attachment-type"</span><span class="p">,</span><span class="w"> </span><span class="nl">"operator"</span><span class="p">:</span><span class="w"> </span><span class="s2">"equals"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"vpc"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"constant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"development"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">20</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"attachment-type"</span><span class="p">,</span><span class="w"> </span><span class="nl">"operator"</span><span class="p">:</span><span class="w"> </span><span class="s2">"equals"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"vpn"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"constant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"hybrid"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This configuration is slightly different from the previous ones. It's used when you want to "restrict connections even within networks designated for development." (This is the kind of setting you'd use when multiple products are developing in the same environment)</p> <h3> Network Configuration Considering Development Process </h3> <p><a href="https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-policy-examples-three-stage.html" rel="noopener noreferrer">Official Documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2021.12"</span><span class="p">,</span><span class="w"> </span><span class="nl">"core-network-configuration"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"asn-ranges"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"64512-65534"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"edge-locations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-west-2"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"segments"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"development"</span><span class="p">,</span><span class="w"> </span><span class="nl">"isolate-attachments"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"require-attachment-acceptance"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testing"</span><span class="p">,</span><span class="w"> </span><span class="nl">"isolate-attachments"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"require-attachment-acceptance"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"production"</span><span class="p">,</span><span class="w"> </span><span class="nl">"isolate-attachments"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"require-attachment-acceptance"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sharedServices"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"segment-actions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"share"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"attachment-route"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sharedservices"</span><span class="p">,</span><span class="w"> </span><span class="nl">"share-with"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"attachment-policies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">1000</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tag-exists"</span><span class="p">,</span><span class="w"> </span><span class="nl">"key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Stage"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tag"</span><span class="p">,</span><span class="w"> </span><span class="nl">"tag-value-of-key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Stage"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">1500</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"resource-id"</span><span class="p">,</span><span class="w"> </span><span class="nl">"operator"</span><span class="p">:</span><span class="w"> </span><span class="s2">"equals"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"vpc-1234567890123456"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"constant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sharedservices"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">1600</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"resource-id"</span><span class="p">,</span><span class="w"> </span><span class="nl">"operator"</span><span class="p">:</span><span class="w"> </span><span class="s2">"equals"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"vpn-1234567890123456"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"constant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sharedservices"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This is probably the most common use case for Cloud WAN. It's used when separating development, staging, and production environments by tag name. (You can also do tricky things like specifying only relatively inexpensive regions for the development environment)</p> <h3> For Environments Not Using VPC </h3> <p><a href="https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-policy-examples-distributed-wan.html" rel="noopener noreferrer">Official Documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2021.12"</span><span class="p">,</span><span class="w"> </span><span class="nl">"core-network-configuration"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"asn-ranges"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"64512-65534"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"inside-cidr-blocks"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"100.65.0.0/16"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"edge-locations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eu-central-1"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-west-2"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eu-west-1"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"segments"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sales"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testing"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"iot"</span><span class="p">,</span><span class="w"> </span><span class="nl">"isolate-attachments"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"internet"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"engineering"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"segment-actions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"share"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"attachment-route"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"internet"</span><span class="p">,</span><span class="w"> </span><span class="nl">"share-with"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"sales"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"share"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"attachment-route"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"iot"</span><span class="p">,</span><span class="w"> </span><span class="nl">"share-with"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"engineering"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"create-route"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destination-cidr-blocks"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"0.0.0.0/0"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sales"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destinations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"attachment-12355678901234567"</span><span class="p">,</span><span class="w"> </span><span class="s2">"attachment-23456789012345678"</span><span class="p">,</span><span class="w"> </span><span class="s2">"attachment-35567890123456790"</span><span class="p">,</span><span class="w"> </span><span class="s2">"attachment-4567890123456789a"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"attachment-policies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">1000</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tag-exists"</span><span class="p">,</span><span class="w"> </span><span class="nl">"key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Assign-to"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tag"</span><span class="p">,</span><span class="w"> </span><span class="nl">"tag-value-of-key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Assign-to"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This is used when configuring connectivity between departments in each region. When complexity reaches this level, it's advisable to establish a dedicated organization to manage it. (Complex configurations are possible, but management becomes more challenging)</p> <h3> Placing a Firewall Between Networks </h3> <p><a href="https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-policy-examples-firewalls.html" rel="noopener noreferrer">Official Documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2021.12"</span><span class="p">,</span><span class="w"> </span><span class="nl">"core-network-configuration"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"asn-ranges"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"64512-65534"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"edge-locations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-west-2"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"segments"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"internalApps"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"firewall"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"onPremises"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"segment-actions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"create-route"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destination-cidr-blocks"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"0.0.0.0/0"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"internalApps"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destinations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"attachment-deadbeef901234567"</span><span class="p">,</span><span class="w"> </span><span class="s2">"attachment-eeeeee00000000000"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Send all internet headed on-premises through the firewall"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"create-route"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destination-cidr-blocks"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"0.0.0.0/0"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"onPremises"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destinations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"attachment-deadbeef901234567"</span><span class="p">,</span><span class="w"> </span><span class="s2">"attachment-eeeeee00000000000"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Send all traffic received from the VPN through the firewall"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"share"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"attachment-route"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"firewall"</span><span class="p">,</span><span class="w"> </span><span class="nl">"share-with"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"internalAapps"</span><span class="p">,</span><span class="w"> </span><span class="s2">"onPremises"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"attachment-policies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">500</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"We'll do our specific policies before we do attachment types."</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tag-value"</span><span class="p">,</span><span class="w"> </span><span class="nl">"key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"core-network"</span><span class="p">,</span><span class="w"> </span><span class="nl">"operator"</span><span class="p">:</span><span class="w"> </span><span class="s2">"equals"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"firewall"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"constant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"firewall"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">1000</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Let's assume all VPCs are internal apps"</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"attachment-type"</span><span class="p">,</span><span class="w"> </span><span class="nl">"operator"</span><span class="p">:</span><span class="w"> </span><span class="s2">"equals"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"vpc"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"constant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"internalApps"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rule-number"</span><span class="p">:</span><span class="w"> </span><span class="mi">1500</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Let's also assume all VPNs are from on-premises"</span><span class="p">,</span><span class="w"> </span><span class="nl">"conditions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"attachment-type"</span><span class="p">,</span><span class="w"> </span><span class="nl">"operator"</span><span class="p">:</span><span class="w"> </span><span class="s2">"equals"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"site-to-site-vpn"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"association-method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"constant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"segment"</span><span class="p">:</span><span class="w"> </span><span class="s2">"onPremises"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>While the configuration is tedious, it's essentially used when "configuring a firewall between networks." However, with recent updates to Transit Gateway and Firewall integration, it's hard to imagine cases where you'd specifically configure a firewall with Cloud WAN.</p> <h2> Policy Strategy Considerations </h2> <p>The more complex the network becomes, the more complex the configuration gets. Here are some points to keep in mind:</p> <ol> <li>Keep policy descriptions simple and representative of the configuration content <ol> <li>This may seem obvious, but if descriptions are simple, even first-time viewers can understand what the policy means</li> </ol> </li> <li>Establish and document policy management rules <ol> <li>(It would be easier if there were GitHub integration features) By establishing policy management rules, you can prevent inadvertent changes</li> </ol> </li> <li>Use meaningful segment names <ol> <li>Consider referencing naming conventions from "Readable Code"</li> </ol> </li> <li>Prepare an environment identical to production <ol> <li>If you mistakenly modify the core network policy, some communication impact will occur</li> <li>It's a matter of cost, but if possible, it's recommended to prepare an environment identical to production for testing</li> </ol> </li> </ol> <h2> Summary </h2> <p>Personally, I think it's safer to establish a strategy for segment naming during the design phase. For those who have some experience with SD-WAN services, Cloud WAN should be an approachable service.</p> <h2> PS </h2> <p>Even looking at the Government Cloud Usage Guide, there's no mention of Cloud WAN, so it's unlikely to be used. (While it's convenient if mastered, there are few domestic cases and the difficulty level is high...)</p> <p><a href="https://guide.gcas.cloud.go.jp/aws/how-to-connect-network#%E4%BB%96%E6%8B%A0%E7%82%B9%E3%81%8B%E3%82%89vpc%E3%81%B8%E3%81%AE%E6%8E%A5%E7%B6%9A%E6%96%B9%E6%B3%95" rel="noopener noreferrer">Network Connection Methods (AWS Edition)</a></p> network aws [RHEL]Supports upgrading from RHEL9 to RHEL10 on AWS EC2 instances Masaki Okuda Thu, 31 Jul 2025 08:14:23 +0000 https://forem.com/masakiokuda/rhelsupports-upgrading-from-rhel9-to-rhel10-on-aws-ec2-instances-4o05 https://forem.com/masakiokuda/rhelsupports-upgrading-from-rhel9-to-rhel10-on-aws-ec2-instances-4o05 <p>I previously wrote an article about installing RHEL10,<br> but this time I'll be leaving it here as an article about verifying an upgrade from RHEL9 to RHEL10 on an AWS EC2 instance.</p> <h2> Table of Contents </h2> <ul> <li>Purpose of this Article</li> <li>Target Audience</li> <li>Prerequisites</li> <li>Upgrade</li> <li>Preliminary Verification</li> <li>Workflow</li> <li>Postmortem Verification</li> <li>Impressions</li> </ul> <h2> Purpose of this article </h2> <p>This article aims to help solve the following problems:</p> <ol> <li>Verifying the upgrade from RHEL9 to RHEL10 in an AWS environment (EC2 instance)</li> <li>Verifying behavior before and after the upgrade in an environment simulating a real user environment</li> <li>Identifying current anticipated issues during the upgrade</li> </ol> <h2> Target audience </h2> <p>I would appreciate it if this article could be of use to people facing the following challenges:</p> <ol> <li>Those verifying an upgrade from RHEL9 to RHEL10</li> <li>Those who want to understand the points that need to be considered when conducting the verification</li> </ol> <blockquote> <p>These are the results of testing in a personal environment.<br> If you are upgrading in a production environment, please test and confirm that there are no issues before proceeding. Please note that the procedure performed here is not recommended by Red Hat, so please use it at your own risk.</p> <p>Upgrading from RHEL9 to RHEL10 is not supported in an EC2 instance environment. <br> (This is because in-place upgrades in the RHUI environment are not supported.)</p> </blockquote> <h2> Implementation flow </h2> <p>The process will be "Pre-verification" ⇒ "Upgrade support" ⇒ "Post-verification". After that, we will set up the EC2 instance for the actual environment.</p> <h3> Part 0: Setup </h3> <p>The configuration of the EC2 instance we created is as follows:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F388ejp55g3ltvwv9v6kg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F388ejp55g3ltvwv9v6kg.png" alt=" " width="800" height="499"></a></p> <p>Before setting up, please Downloads the materials from the following GitHub:</p> <p><a href="https://github.com/MASAKIOKUDA-eng/RHEL10_aws_upgrade" rel="noopener noreferrer">https://github.com/MASAKIOKUDA-eng/RHEL10_aws_upgrade</a></p> <ul> <li>First, log in to your EC2 instance.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv82aqpyhigk3g9ybkp8i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv82aqpyhigk3g9ybkp8i.png" alt=" " width="800" height="324"></a></p> <ul> <li>Transfer the materials downloaded from GitHub using SCP.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F747502u8lpymzn5pleqx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F747502u8lpymzn5pleqx.png" alt=" " width="697" height="330"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp260ar3q8p4mviaeeoi0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp260ar3q8p4mviaeeoi0.png" alt=" " width="696" height="322"></a></p> <ul> <li>Run the command [ls -la /tmp]</li> <li>Verify that [check.sh] and [setup.sh] exist</li> </ul> <p><code>ls -la /tmp</code></p> <blockquote> <p>Currently, the file does not have execution permissions, so you need to grant it permission.</p> </blockquote> <ul> <li>Run the command [chmod +x /tmp/*.sh]</li> </ul> <p><code>chmod +x /tmp/*.sh</code></p> <ul> <li>Run the command [ls -la /tmp] again.</li> <li>Make sure that [check.sh] and [setup.sh] are displayed in green.</li> </ul> <p><code>ls -la /tmp</code></p> <blockquote> <p>Currently when I run the script I get a line break error.</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqid2cf2t5vzbx5mag1k3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqid2cf2t5vzbx5mag1k3.png" alt=" " width="800" height="137"></a></p> <ul> <li>Run [sed -i 's/\r$//' /tmp/*.sh] to fix the line breaks in the script.</li> </ul> <p><code>sed -i 's/\r$//' /tmp/*.sh</code></p> <ul> <li>After execution, run setup.sh with sudo privileges</li> </ul> <blockquote> <p>If you do not run it with sudo privileges, the following error will occur:</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbnoms8b6h1r9hhejjb7i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbnoms8b6h1r9hhejjb7i.png" alt=" " width="800" height="146"></a></p> <ul> <li>After a certain amount of time has passed, the package installation will be completed.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2fdjne1vkf7dgwwvoppf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2fdjne1vkf7dgwwvoppf.png" alt=" " width="800" height="740"></a></p> <h3> Preliminary verification </h3> <p>There is no problem if you run check.sh for preliminary verification.</p> <p><code>sudo /tmp/check.sh</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi584kzlgwtda9uswwy8z.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi584kzlgwtda9uswwy8z.png" alt=" " width="800" height="286"></a></p> <ul> <li>You can perform post-mortem verification by downloading the file created using SCP.</li> </ul> <h3> Work details </h3> <p>Since this cannot be handled using normal upgrade methods, we will use the Blue-Green deployment method (creating a new RHEL10 instance and deleting the old instance) to handle the upgrade.</p> <blockquote> <p>This procedure is not recommended by Red Hat or AWS.<br> If you are performing this in a production environment, please verify that there are no issues before proceeding.</p> </blockquote> <ul> <li>Click the checkbox to the left of the instance you want to upgrade.</li> <li>Click Actions &gt; Images and Templates &gt; Launch Similar at the top of the screen.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdvhhyuw3p0rj1c7mne6i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdvhhyuw3p0rj1c7mne6i.png" alt=" " width="800" height="216"></a></p> <ul> <li>The EC2 instance launch screen will be displayed.</li> <li>Click the Quick Start tab</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkjkcs6i48ds1jc983kwv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkjkcs6i48ds1jc983kwv.png" alt=" " width="800" height="435"></a></p> <ul> <li>The following pop-up will appear, so click [Confirm changes].</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwimj0kzm858ucuvi05s4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwimj0kzm858ucuvi05s4.png" alt=" " width="800" height="283"></a></p> <blockquote> <p>Since custom volumes will be deleted or changed, you must back up your data beforehand.</p> </blockquote> <ul> <li>Click the Red Hat icon</li> <li>Make sure the Amazon Machine Image is set to Red Hat Enterprise Linux 10.</li> <li>Click the [Launch Instance] button</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl82p4n7hka405fu9ctei.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl82p4n7hka405fu9ctei.png" alt=" " width="800" height="293"></a></p> <ul> <li>Now you can build a RHEL10 instance with the same settings.</li> </ul> <h3> Post-mortem verification </h3> <p>As with the pre-verification, check the settings using check.sh.<br> After executing, check using a Diff tool or similar.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh7iycgrwowmrutjhh164.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh7iycgrwowmrutjhh164.png" alt=" " width="800" height="287"></a></p> <h2> Impressions </h2> <p>As a premise, <strong>upgrade procedures specialized for RHEL used in AWS services (EC2 instances, etc.) have not been officially announced</strong>, so when implementing, it is necessary to conduct verification using support, etc.</p> <p>Furthermore, since upgrade operations can only be performed using a Blue-Green deployment method (building multiple instances ⇒ deleting method), it is recommended to store data in services such as EFS in advance before performing upgrade operations for data stored in EBS.</p> <p>Additionally, when creating verification scripts this time, I used Claude for creation, and since it can generate the desired output, I think there are scenes where it can be utilized in script creation for infrastructure verification as well.</p> <p>I think upgrade procedures for AWS environments will also be officially published in the future, so if you want to proceed with migration, it would be better to put it on hold.</p> <p>I hope this article will be helpful for upgrade operations.</p> <h2> Reference Sites </h2> <p><a href="https://docs.redhat.com/ja/documentation/red_hat_enterprise_linux/10/html-single/upgrading_from_rhel_9_to_rhel_10/index" rel="noopener noreferrer">https://docs.redhat.com/ja/documentation/red_hat_enterprise_linux/10/html-single/upgrading_from_rhel_9_to_rhel_10/index</a></p> <p><a href="https://qiita.com/duelist2020jp/items/90df38bfdad62591423f" rel="noopener noreferrer">https://qiita.com/duelist2020jp/items/90df38bfdad62591423f</a></p> <p><a href="https://openstandia.jp/oss_info/redhatenterpriselinux/version/" rel="noopener noreferrer">https://openstandia.jp/oss_info/redhatenterpriselinux/version/</a></p> aws rhel [AWS]We have summarized the domain costs that can be purchased through AWS Route53 (as of July 5, 2025) Masaki Okuda Sun, 06 Jul 2025 00:11:58 +0000 https://forem.com/masakiokuda/awswe-have-summarized-the-domain-costs-that-can-be-purchased-through-aws-route53-as-of-july-5-40me https://forem.com/masakiokuda/awswe-have-summarized-the-domain-costs-that-can-be-purchased-through-aws-route53-as-of-july-5-40me <blockquote> <p>*This article is an English translation of the following article:<br> <a href="https://qiita.com/mob_engineer/items/3e6804d86b88a401a8cd" rel="noopener noreferrer">https://qiita.com/mob_engineer/items/3e6804d86b88a401a8cd</a></p> </blockquote> <p>you for always reading our articles!<br> My name is Mob-engineer!!</p> <p>During my new graduate training, I had to research Route53 domain costs, but I realized that there was no comprehensive information on the costs per domain, so I put together a quick summary.</p> <p>This is just a little tidbit of information, but I hope you'll enjoy reading it.</p> <h4> (Reference) How to buy a domain on Route 53 </h4> <p>Many of you may already know this, but I'll give a brief summary.</p> <ul> <li>Enter [Route53] in the search box at the top of the console screen.</li> <li>Click [Route53] from the search results.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwtm1our4h6ifoqqe2aic.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwtm1our4h6ifoqqe2aic.png" alt=" " width="800" height="237"></a></p> <ul> <li>The Route53 menu screen will be displayed. Click [Registered Domains] on the left Menu.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz1a79azrdcau8wiwhgxc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz1a79azrdcau8wiwhgxc.png" alt=" " width="800" height="760"></a></p> <ul> <li>A screen listing domains managed on AWS will be displayed. Click [Register Domain] at the top of the screen.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhpxakb14fk33zyxj0ofl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhpxakb14fk33zyxj0ofl.png" alt=" " width="636" height="172"></a></p> <ul> <li>A list of domains will be displayed</li> <li>Enter any name and search to display available domain names.</li> <li>Click on "Selected" and then on the "Proceed to Checkout" button</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5ts8q8lgk845s2ao9mi6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5ts8q8lgk845s2ao9mi6.png" alt=" " width="800" height="384"></a></p> <ul> <li>You can specify whether to turn automatic updates on or off, so change it according to your requirements.</li> <li>Click the Next button</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1lsc7nl7v4ck1blrpy6u.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1lsc7nl7v4ck1blrpy6u.png" alt=" " width="800" height="258"></a></p> <ul> <li>The Contact Information will be displayed.</li> <li>Configure any information and privacy protection settings and click the [Next] button.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe4v2gsuvu49pnd95nsbj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe4v2gsuvu49pnd95nsbj.png" alt=" " width="800" height="315"></a></p> <p>[Good Point👍]<br> It's nice to see privacy protection enabled by default.</p> <ul> <li>Check the box for the terms of use and click the [Submit] button to create a domain that can be managed by Route53.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdsg9u4jitlzm4q720var.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdsg9u4jitlzm4q720var.png" alt=" " width="800" height="173"></a></p> <p>[Notice📝]<br> If you need to change your registration information due to organizational restructuring, you can do so through Route53.</p> <h2> domain cost </h2> <p>Now I would like to summarize the main domain costs.<br> To make it easier to understand, I will summarize them in table format, ranking them in order of cheapest annual cost.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Rank</th> <th>Domain Name</th> <th>Cost (USD)</th> </tr> </thead> <tbody> <tr> <td>1</td> <td>.click</td> <td>$3</td> </tr> <tr> <td>2</td> <td>.link</td> <td>$5</td> </tr> <tr> <td>3</td> <td>.co.za</td> <td>$8</td> </tr> <tr> <td>3</td> <td>.eu</td> <td>$8</td> </tr> <tr> <td>3</td> <td>.fyi</td> <td>$8</td> </tr> <tr> <td>3</td> <td>.in</td> <td>$8</td> </tr> <tr> <td>3</td> <td>.me.uk</td> <td>$8</td> </tr> <tr> <td>8</td> <td>.casa</td> <td>$9</td> </tr> <tr> <td>8</td> <td>.co.uk</td> <td>$9</td> </tr> <tr> <td>8</td> <td>.de</td> <td>$9</td> </tr> <tr> <td>8</td> <td>.org.uk</td> <td>$9</td> </tr> <tr> <td>8</td> <td>.uk</td> <td>$9</td> </tr> <tr> <td>13</td> <td>.es</td> <td>$10</td> </tr> <tr> <td>13</td> <td>.name</td> <td>$10</td> </tr> <tr> <td>13</td> <td>.nl</td> <td>$10</td> </tr> <tr> <td>16</td> <td>.be</td> <td>$11</td> </tr> <tr> <td>16</td> <td>.cz</td> <td>$11</td> </tr> <tr> <td>16</td> <td>.it</td> <td>$11</td> </tr> <tr> <td>16</td> <td>.us</td> <td>$11</td> </tr> <tr> <td>20</td> <td>.cc</td> <td>$12</td> </tr> <tr> <td>20</td> <td>.fr</td> <td>$12</td> </tr> <tr> <td>20</td> <td>.work</td> <td>$12</td> </tr> <tr> <td>23</td> <td>.academy</td> <td>$13</td> </tr> <tr> <td>23</td> <td>.boutique</td> <td>$13</td> </tr> <tr> <td>23</td> <td>.consulting</td> <td>$13</td> </tr> <tr> <td>23</td> <td>.life</td> <td>$13</td> </tr> <tr> <td>23</td> <td>.live</td> <td>$13</td> </tr> <tr> <td>23</td> <td>.media</td> <td>$13</td> </tr> <tr> <td>23</td> <td>.news</td> <td>$13</td> </tr> <tr> <td>23</td> <td>.services</td> <td>$13</td> </tr> <tr> <td>23</td> <td>.social</td> <td>$13</td> </tr> <tr> <td>23</td> <td>.solutions</td> <td>$13</td> </tr> <tr> <td>23</td> <td>.studio</td> <td>$13</td> </tr> <tr> <td>23</td> <td>.world</td> <td>$13</td> </tr> <tr> <td>35</td> <td>.ca</td> <td>$14</td> </tr> <tr> <td>35</td> <td>.ch</td> <td>$14</td> </tr> <tr> <td>37</td> <td>.com</td> <td>$15</td> </tr> <tr> <td>37</td> <td>.org</td> <td>$15</td> </tr> <tr> <td>37</td> <td>.pictures</td> <td>$15</td> </tr> <tr> <td>37</td> <td>.pw</td> <td>$15</td> </tr> <tr> <td>37</td> <td>.uno</td> <td>$15</td> </tr> <tr> <td>42</td> <td>.contact</td> <td>$16</td> </tr> <tr> <td>42</td> <td>.help</td> <td>$16</td> </tr> <tr> <td>42</td> <td>.lol</td> <td>$16</td> </tr> <tr> <td>42</td> <td>.photo</td> <td>$16</td> </tr> <tr> <td>42</td> <td>.pics</td> <td>$16</td> </tr> <tr> <td>42</td> <td>.tattoo</td> <td>$16</td> </tr> <tr> <td>48</td> <td>.fi</td> <td>$17</td> </tr> <tr> <td>48</td> <td>.net</td> <td>$17</td> </tr> <tr> <td>50</td> <td>.business</td> <td>$18</td> </tr> <tr> <td>50</td> <td>.company</td> <td>$18</td> </tr> <tr> <td>50</td> <td>.xyz</td> <td>$18</td> </tr> <tr> <td>53</td> <td>.club</td> <td>$19</td> </tr> <tr> <td>53</td> <td>.futbol</td> <td>$19</td> </tr> <tr> <td>53</td> <td>.shiksha</td> <td>$19</td> </tr> <tr> <td>53</td> <td>.vip</td> <td>$19</td> </tr> <tr> <td>57</td> <td>.co.nz</td> <td>$20</td> </tr> <tr> <td>57</td> <td>.gift</td> <td>$20</td> </tr> <tr> <td>57</td> <td>.im</td> <td>$20</td> </tr> <tr> <td>57</td> <td>.net.nz</td> <td>$20</td> </tr> <tr> <td>57</td> <td>.org.nz</td> <td>$20</td> </tr> <tr> <td>57</td> <td>.reisen</td> <td>$20</td> </tr> <tr> <td>57</td> <td>.space</td> <td>$20</td> </tr> <tr> <td>57</td> <td>.website</td> <td>$20</td> </tr> <tr> <td>65</td> <td>.au</td> <td>$21</td> </tr> <tr> <td>65</td> <td>.com.au</td> <td>$21</td> </tr> <tr> <td>65</td> <td>.net.au</td> <td>$21</td> </tr> <tr> <td>68</td> <td>.exposed</td> <td>$22</td> </tr> <tr> <td>68</td> <td>.irish</td> <td>$22</td> </tr> <tr> <td>68</td> <td>.kim</td> <td>$22</td> </tr> <tr> <td>68</td> <td>.place</td> <td>$22</td> </tr> <tr> <td>68</td> <td>.rocks</td> <td>$22</td> </tr> <tr> <td>73</td> <td>.biz</td> <td>$23</td> </tr> <tr> <td>73</td> <td>.gratis</td> <td>$23</td> </tr> <tr> <td>73</td> <td>.jetzt</td> <td>$23</td> </tr> <tr> <td>73</td> <td>.red</td> <td>$23</td> </tr> <tr> <td>73</td> <td>.rip</td> <td>$23</td> </tr> <tr> <td>78</td> <td>.blue</td> <td>$25</td> </tr> <tr> <td>78</td> <td>.equipment</td> <td>$25</td> </tr> <tr> <td>78</td> <td>.fun</td> <td>$25</td> </tr> <tr> <td>78</td> <td>.online</td> <td>$25</td> </tr> <tr> <td>78</td> <td>.pink</td> <td>$25</td> </tr> <tr> <td>78</td> <td>.report</td> <td>$25</td> </tr> <tr> <td>78</td> <td>.site</td> <td>$25</td> </tr> <tr> <td>78</td> <td>.soccer</td> <td>$25</td> </tr> <tr> <td>78</td> <td>.supplies</td> <td>$25</td> </tr> <tr> <td>87</td> <td>.bet</td> <td>$26</td> </tr> <tr> <td>87</td> <td>.city</td> <td>$26</td> </tr> <tr> <td>87</td> <td>.cloud</td> <td>$26</td> </tr> <tr> <td>87</td> <td>.directory</td> <td>$26</td> </tr> <tr> <td>87</td> <td>.football</td> <td>$26</td> </tr> <tr> <td>87</td> <td>.graphics</td> <td>$26</td> </tr> <tr> <td>87</td> <td>.group</td> <td>$26</td> </tr> <tr> <td>87</td> <td>.lighting</td> <td>$26</td> </tr> <tr> <td>87</td> <td>.management</td> <td>$26</td> </tr> <tr> <td>87</td> <td>.onl</td> <td>$26</td> </tr> <tr> <td>87</td> <td>.run</td> <td>$26</td> </tr> <tr> <td>87</td> <td>.supply</td> <td>$26</td> </tr> <tr> <td>99</td> <td>.dance</td> <td>$28</td> </tr> <tr> <td>99</td> <td>.gallery</td> <td>$28</td> </tr> <tr> <td>99</td> <td>.info</td> <td>$28</td> </tr> <tr> <td>99</td> <td>.institute</td> <td>$28</td> </tr> <tr> <td>99</td> <td>.photos</td> <td>$28</td> </tr> <tr> <td>99</td> <td>.pro</td> <td>$28</td> </tr> <tr> <td>99</td> <td>.support</td> <td>$28</td> </tr> <tr> <td>106</td> <td>.bid</td> <td>$29</td> </tr> <tr> <td>106</td> <td>.com.mx</td> <td>$29</td> </tr> <tr> <td>106</td> <td>.ink</td> <td>$29</td> </tr> <tr> <td>106</td> <td>.loan</td> <td>$29</td> </tr> <tr> <td>106</td> <td>.property</td> <td>$29</td> </tr> <tr> <td>106</td> <td>.qpon</td> <td>$29</td> </tr> <tr> <td>106</td> <td>.schule</td> <td>$29</td> </tr> <tr> <td>106</td> <td>.stream</td> <td>$29</td> </tr> <tr> <td>106</td> <td>.technology</td> <td>$29</td> </tr> <tr> <td>106</td> <td>.today</td> <td>$29</td> </tr> <tr> <td>106</td> <td>.trade</td> <td>$29</td> </tr> <tr> <td>117</td> <td>.agency</td> <td>$30</td> </tr> <tr> <td>117</td> <td>.email</td> <td>$30</td> </tr> <tr> <td>117</td> <td>.ltd</td> <td>$30</td> </tr> <tr> <td>117</td> <td>.ninja</td> <td>$30</td> </tr> <tr> <td>117</td> <td>.tips</td> <td>$30</td> </tr> <tr> <td>117</td> <td>.wiki</td> <td>$30</td> </tr> <tr> <td>123</td> <td>.foundation</td> <td>$31</td> </tr> <tr> <td>123</td> <td>.gives</td> <td>$31</td> </tr> <tr> <td>123</td> <td>.me</td> <td>$31</td> </tr> <tr> <td>126</td> <td>.band</td> <td>$32</td> </tr> <tr> <td>126</td> <td>.center</td> <td>$32</td> </tr> <tr> <td>126</td> <td>.international</td> <td>$32</td> </tr> <tr> <td>126</td> <td>.se</td> <td>$32</td> </tr> <tr> <td>130</td> <td>.bargains</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.cab</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.contractors</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.democrat</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.discount</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.games</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.gifts</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.gripe</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.haus</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.kaufen</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.kiwi</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.sarl</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.shopping</td> <td>$33</td> </tr> <tr> <td>130</td> <td>.singles</td> <td>$33</td> </tr> <tr> <td>144</td> <td>.beer</td> <td>$35</td> </tr> <tr> <td>144</td> <td>.education</td> <td>$35</td> </tr> <tr> <td>144</td> <td>.fashion</td> <td>$35</td> </tr> <tr> <td>144</td> <td>.garden</td> <td>$35</td> </tr> <tr> <td>144</td> <td>.immo</td> <td>$35</td> </tr> <tr> <td>144</td> <td>.network</td> <td>$35</td> </tr> <tr> <td>144</td> <td>.ruhr</td> <td>$35</td> </tr> <tr> <td>144</td> <td>.systems</td> <td>$35</td> </tr> <tr> <td>144</td> <td>.wedding</td> <td>$35</td> </tr> <tr> <td>144</td> <td>.yoga</td> <td>$35</td> </tr> <tr> <td>154</td> <td>.airforce</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.auction</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.cash</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.cheap</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.clothing</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.fail</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.florist</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.forsale</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.limited</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.photography</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.rehab</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.repair</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.republican</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.software</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.tools</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.tv</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.video</td> <td>$36</td> </tr> <tr> <td>154</td> <td>.wtf</td> <td>$36</td> </tr> <tr> <td>172</td> <td>.buzz</td> <td>$37</td> </tr> <tr> <td>173</td> <td>.co</td> <td>$38</td> </tr> <tr> <td>173</td> <td>.immobilien</td> <td>$38</td> </tr> <tr> <td>173</td> <td>.team</td> <td>$38</td> </tr> <tr> <td>173</td> <td>.town</td> <td>$38</td> </tr> <tr> <td>177</td> <td>.army</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.bike</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.builders</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.cards</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.catering</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.chat</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.coffee</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.computer</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.construction</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.cool</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.deals</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.direct</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.engineer</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.enterprises</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.estate</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.exchange</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.express</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.family</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.farm</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.mba</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.money</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.properties</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.sale</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.school</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.style</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.vacations</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.vision</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.works</td> <td>$39</td> </tr> <tr> <td>177</td> <td>.zone</td> <td>$39</td> </tr> <tr> <td>205</td> <td>.associates</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.community</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.fitness</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.gmbh</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.land</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.marketing</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.moda</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.navy</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.parts</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.productions</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.pub</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.store</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.tech</td> <td>$40</td> </tr> <tr> <td>205</td> <td>.training</td> <td>$40</td> </tr> <tr> <td>219</td> <td>.digital</td> <td>$42</td> </tr> <tr> <td>219</td> <td>.guide</td> <td>$42</td> </tr> <tr> <td>219</td> <td>.guru</td> <td>$42</td> </tr> <tr> <td>219</td> <td>.llc</td> <td>$42</td> </tr> <tr> <td>219</td> <td>.vc</td> <td>$42</td> </tr> <tr> <td>219</td> <td>.vet</td> <td>$42</td> </tr> <tr> <td>219</td> <td>.vg</td> <td>$42</td> </tr> <tr> <td>226</td> <td>.care</td> <td>$43</td> </tr> <tr> <td>226</td> <td>.christmas</td> <td>$43</td> </tr> <tr> <td>226</td> <td>.domains</td> <td>$43</td> </tr> <tr> <td>226</td> <td>.events</td> <td>$43</td> </tr> <tr> <td>226</td> <td>.fish</td> <td>$43</td> </tr> <tr> <td>226</td> <td>.mobi</td> <td>$43</td> </tr> <tr> <td>226</td> <td>.show</td> <td>$43</td> </tr> <tr> <td>226</td> <td>.watch</td> <td>$43</td> </tr> <tr> <td>234</td> <td>.actor</td> <td>$45</td> </tr> <tr> <td>234</td> <td>.church</td> <td>$45</td> </tr> <tr> <td>234</td> <td>.house</td> <td>$45</td> </tr> <tr> <td>234</td> <td>.rentals</td> <td>$45</td> </tr> <tr> <td>238</td> <td>.cafe</td> <td>$46</td> </tr> <tr> <td>238</td> <td>.industries</td> <td>$46</td> </tr> <tr> <td>238</td> <td>.market</td> <td>$46</td> </tr> <tr> <td>238</td> <td>.plus</td> <td>$46</td> </tr> <tr> <td>242</td> <td>.degree</td> <td>$49</td> </tr> <tr> <td>242</td> <td>.press</td> <td>$49</td> </tr> <tr> <td>244</td> <td>.viajes</td> <td>$50</td> </tr> <tr> <td>244</td> <td>.wien</td> <td>$50</td> </tr> <tr> <td>246</td> <td>.memorial</td> <td>$51</td> </tr> <tr> <td>247</td> <td>.jp</td> <td>$54</td> </tr> <tr> <td>248</td> <td>.coupons</td> <td>$55</td> </tr> <tr> <td>248</td> <td>.diamonds</td> <td>$55</td> </tr> <tr> <td>248</td> <td>.fan</td> <td>$55</td> </tr> <tr> <td>248</td> <td>.lease</td> <td>$55</td> </tr> <tr> <td>248</td> <td>.limo</td> <td>$55</td> </tr> <tr> <td>248</td> <td>.surgery</td> <td>$55</td> </tr> <tr> <td>254</td> <td>.apartments</td> <td>$58</td> </tr> <tr> <td>254</td> <td>.camera</td> <td>$58</td> </tr> <tr> <td>254</td> <td>.condos</td> <td>$58</td> </tr> <tr> <td>254</td> <td>.design</td> <td>$58</td> </tr> <tr> <td>254</td> <td>.financial</td> <td>$58</td> </tr> <tr> <td>254</td> <td>.flights</td> <td>$58</td> </tr> <tr> <td>254</td> <td>.vegas</td> <td>$58</td> </tr> <tr> <td>261</td> <td>.bingo</td> <td>$59</td> </tr> <tr> <td>261</td> <td>.camp</td> <td>$59</td> </tr> <tr> <td>261</td> <td>.delivery</td> <td>$59</td> </tr> <tr> <td>261</td> <td>.hockey</td> <td>$59</td> </tr> <tr> <td>261</td> <td>.maison</td> <td>$59</td> </tr> <tr> <td>261</td> <td>.tienda</td> <td>$59</td> </tr> <tr> <td>261</td> <td>.ventures</td> <td>$59</td> </tr> <tr> <td>261</td> <td>.vin</td> <td>$59</td> </tr> <tr> <td>261</td> <td>.voyage</td> <td>$59</td> </tr> <tr> <td>261</td> <td>.wine</td> <td>$59</td> </tr> <tr> <td>271</td> <td>.expert</td> <td>$60</td> </tr> <tr> <td>272</td> <td>.villas</td> <td>$61</td> </tr> <tr> <td>273</td> <td>.attorney</td> <td>$62</td> </tr> <tr> <td>273</td> <td>.cruises</td> <td>$62</td> </tr> <tr> <td>273</td> <td>.lawyer</td> <td>$62</td> </tr> <tr> <td>273</td> <td>.mortgage</td> <td>$62</td> </tr> <tr> <td>273</td> <td>.reviews</td> <td>$62</td> </tr> <tr> <td>273</td> <td>.university</td> <td>$62</td> </tr> <tr> <td>279</td> <td>.dog</td> <td>$63</td> </tr> <tr> <td>279</td> <td>.glass</td> <td>$63</td> </tr> <tr> <td>279</td> <td>.holiday</td> <td>$63</td> </tr> <tr> <td>279</td> <td>.hospital</td> <td>$63</td> </tr> <tr> <td>279</td> <td>.restaurant</td> <td>$63</td> </tr> <tr> <td>279</td> <td>.salon</td> <td>$63</td> </tr> <tr> <td>279</td> <td>.shoes</td> <td>$63</td> </tr> <tr> <td>279</td> <td>.solar</td> <td>$63</td> </tr> <tr> <td>279</td> <td>.theater</td> <td>$63</td> </tr> <tr> <td>279</td> <td>.tours</td> <td>$63</td> </tr> <tr> <td>289</td> <td>.clinic</td> <td>$65</td> </tr> <tr> <td>289</td> <td>.dating</td> <td>$65</td> </tr> <tr> <td>289</td> <td>.finance</td> <td>$65</td> </tr> <tr> <td>289</td> <td>.golf</td> <td>$65</td> </tr> <tr> <td>289</td> <td>.holdings</td> <td>$65</td> </tr> <tr> <td>289</td> <td>.host</td> <td>$65</td> </tr> <tr> <td>289</td> <td>.jewelry</td> <td>$65</td> </tr> <tr> <td>289</td> <td>.kitchen</td> <td>$65</td> </tr> <tr> <td>289</td> <td>.pizza</td> <td>$65</td> </tr> <tr> <td>289</td> <td>.taxi</td> <td>$65</td> </tr> <tr> <td>289</td> <td>.toys</td> <td>$65</td> </tr> <tr> <td>300</td> <td>.black</td> <td>$66</td> </tr> <tr> <td>300</td> <td>.claims</td> <td>$66</td> </tr> <tr> <td>300</td> <td>.codes</td> <td>$66</td> </tr> <tr> <td>300</td> <td>.engineering</td> <td>$66</td> </tr> <tr> <td>300</td> <td>.poker</td> <td>$66</td> </tr> <tr> <td>300</td> <td>.ski</td> <td>$66</td> </tr> <tr> <td>300</td> <td>.tennis</td> <td>$66</td> </tr> <tr> <td>307</td> <td>.mx</td> <td>$67</td> </tr> <tr> <td>308</td> <td>.capital</td> <td>$70</td> </tr> <tr> <td>308</td> <td>.coach</td> <td>$70</td> </tr> <tr> <td>308</td> <td>.fund</td> <td>$70</td> </tr> <tr> <td>308</td> <td>.legal</td> <td>$70</td> </tr> <tr> <td>308</td> <td>.partners</td> <td>$70</td> </tr> <tr> <td>308</td> <td>.tax</td> <td>$70</td> </tr> <tr> <td>314</td> <td>.io</td> <td>$71</td> </tr> <tr> <td>315</td> <td>.careers</td> <td>$72</td> </tr> <tr> <td>315</td> <td>.college</td> <td>$72</td> </tr> <tr> <td>315</td> <td>.dental</td> <td>$72</td> </tr> <tr> <td>315</td> <td>.dentist</td> <td>$72</td> </tr> <tr> <td>315</td> <td>.insure</td> <td>$72</td> </tr> <tr> <td>315</td> <td>.plumbing</td> <td>$72</td> </tr> <tr> <td>321</td> <td>.cleaning</td> <td>$75</td> </tr> <tr> <td>322</td> <td>.berlin</td> <td>$76</td> </tr> <tr> <td>322</td> <td>.bio</td> <td>$76</td> </tr> <tr> <td>322</td> <td>.sh</td> <td>$76</td> </tr> <tr> <td>325</td> <td>.recipes</td> <td>$79</td> </tr> <tr> <td>326</td> <td>.lgbt</td> <td>$80</td> </tr> <tr> <td>327</td> <td>.green</td> <td>$82</td> </tr> <tr> <td>328</td> <td>.gg</td> <td>$83</td> </tr> <tr> <td>329</td> <td>.healthcare</td> <td>$86</td> </tr> <tr> <td>330</td> <td>.global</td> <td>$92</td> </tr> <tr> <td>330</td> <td>.vote</td> <td>$92</td> </tr> <tr> <td>332</td> <td>.reise</td> <td>$95</td> </tr> <tr> <td>333</td> <td>.ac</td> <td>$99</td> </tr> <tr> <td>334</td> <td>.tires</td> <td>$100</td> </tr> <tr> <td>335</td> <td>.credit</td> <td>$108</td> </tr> <tr> <td>335</td> <td>.gold</td> <td>$108</td> </tr> <tr> <td>337</td> <td>.doctor</td> <td>$115</td> </tr> <tr> <td>337</td> <td>.furniture</td> <td>$115</td> </tr> <tr> <td>337</td> <td>.law</td> <td>$115</td> </tr> <tr> <td>337</td> <td>.loans</td> <td>$115</td> </tr> <tr> <td>341</td> <td>.accountants</td> <td>$116</td> </tr> <tr> <td>341</td> <td>.energy</td> <td>$116</td> </tr> <tr> <td>343</td> <td>.adult</td> <td>$122</td> </tr> <tr> <td>343</td> <td>.ceo</td> <td>$122</td> </tr> <tr> <td>343</td> <td>.fm</td> <td>$122</td> </tr> <tr> <td>343</td> <td>.porn</td> <td>$122</td> </tr> <tr> <td>343</td> <td>.sex</td> <td>$122</td> </tr> <tr> <td>343</td> <td>.xxx</td> <td>$122</td> </tr> <tr> <td>349</td> <td>.investments</td> <td>$129</td> </tr> <tr> <td>350</td> <td>.casino</td> <td>$169</td> </tr> <tr> <td>351</td> <td>.creditcard</td> <td>$179</td> </tr> <tr> <td>352</td> <td>.hiv</td> <td>$256</td> </tr> <tr> <td>353</td> <td>.sucks</td> <td>$285</td> </tr> <tr> <td>354</td> <td>.movie</td> <td>$329</td> </tr> </tbody> </table></div> <h2> Conclusion </h2> <p>I summarized the domain costs related to Route53, and I got the impression that it was cheaper than I expected. On top of that, since it can be managed centrally on AWS, it is easy to combine it with other services, so I thought that transferring existing domains to Route53 would be a good option.</p> <p>This is just a small article, but thank you for reading to the end!</p> <h4> Reference site </h4> <p><a href="https://docs.aws.amazon.com/ja_jp/Route53/latest/DeveloperGuide/best-practices.html" rel="noopener noreferrer">https://docs.aws.amazon.com/ja_jp/Route53/latest/DeveloperGuide/best-practices.html</a></p> <p><a href="https://business.ntt-east.co.jp/content/cloudsolution/column-122.html" rel="noopener noreferrer">https://business.ntt-east.co.jp/content/cloudsolution/column-122.html</a></p> aws route53 finops [AWS]Building an AWS Security Learning Tetris Puzzle Game with Amazon Q Developer CLI Masaki Okuda Mon, 23 Jun 2025 23:48:03 +0000 https://forem.com/masakiokuda/awsbuilding-an-aws-security-learning-tetris-puzzle-game-with-amazon-q-developer-cli-c67 https://forem.com/masakiokuda/awsbuilding-an-aws-security-learning-tetris-puzzle-game-with-amazon-q-developer-cli-c67 <h2> Introduction </h2> <p>Thank you for always reading my articles! I'm a mob engineer who previously created simple games through Amazon Q Developer for CLI projects. This time, I wanted to implement a game that could be used for educational activities both inside and outside the company, so I decided to create a second iteration.</p> <h2> Basic Development Approach </h2> <p>I implemented this project primarily using instructions to Amazon Q Developer for CLI. The concept I had in mind during implementation was:</p> <ul> <li><strong>AWS Security Learning Tetris Puzzle</strong></li> <li><strong>Including security elements from Government Cloud</strong></li> <li><strong>Supporting both Japanese and English languages</strong></li> </ul> <h2> Game Overview </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu2j8hs3n1csxcqtznkcf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu2j8hs3n1csxcqtznkcf.png" alt=" " width="800" height="536"></a></p> <p>I've published the implemented game on GitHub.io. You can play it at the following URL:</p> <p><strong>Game URL</strong>: [<a href="https://masakiokuda-eng.github.io/cloud-guardian-puzzle" rel="noopener noreferrer">https://masakiokuda-eng.github.io/cloud-guardian-puzzle</a>]</p> <h3> Key Features: </h3> <ul> <li> <strong>English Support</strong> <em>(Some Japanese text remains and needs tuning)</em> </li> <li> <strong>Tutorial Screen</strong> <em>(Placement examples are animated)</em> </li> <li><strong>Gameplay Screen</strong></li> </ul> <p>Tutorial screen with animated placement examples</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F04mmwxhpdhrvzy6g2fzc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F04mmwxhpdhrvzy6g2fzc.png" alt=" " width="800" height="736"></a></p> <p>Main gameplay interface</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F991ync2yxroxfxx536wi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F991ync2yxroxfxx536wi.png" alt=" " width="800" height="601"></a></p> <p>The game is implemented so that you can achieve high scores by considering security countermeasures in your gameplay strategy.</p> <h2> Development Architecture &amp; Approach </h2> <p>You can check the repository at the following URL:<br> <strong>Repository</strong>: [<a href="https://github.com/MASAKIOKUDA-eng/cloud-guardian-puzzle" rel="noopener noreferrer">https://github.com/MASAKIOKUDA-eng/cloud-guardian-puzzle</a>]</p> <h3> Directory Structure </h3> <p>I created the following directory structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>├── assets/ # Static assets │ ├── images/ # Image files │ │ └── aws/ # AWS service icons │ ├── sounds/ # Audio files │ └── styles/ # CSS stylesheets ├── dist/ # Build artifacts ├── public/ # Public files │ ├── assets/ # Public assets │ └── index.html # Main HTML file ├── src/ # Source code │ ├── components/ # React components │ │ ├── common/ # Common components │ │ ├── game/ # Game-related components │ │ └── pages/ # Page components │ ├── core/ # Core functionality │ ├── i18n/ # Internationalization │ ├── levels/ # Level definitions │ ├── models/ # Data models │ ├── puzzles/ # Puzzle definitions │ ├── tetris/ # 2D Tetris implementation │ │ ├── components/ # Tetris components │ │ ├── engine/ # Game engine │ │ └── models/ # Tetris models │ ├── tetris3d/ # 3D Tetris implementation │ │ ├── components/ # 3D Tetris components │ │ ├── engine/ # 3D Game engine │ │ └── models/ # 3D Tetris models │ └── utils/ # Utility functions └── tests/ # Test files </code></pre> </div> <h3> Deployment Strategy </h3> <p>Since this implementation uses Node.js, I needed a build → deploy process using npm commands. While playing locally would simply require setting up a server, I aimed to publish on GitHub.io, which took considerable implementation time.</p> <p>I adopted a deployment strategy using GitHub Actions to place build artifacts on a deployment branch. The <code>Deploy.yml</code> I created is as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to GitHub Pages</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="na">permissions</span><span class="pi">:</span> <span class="na">contents</span><span class="pi">:</span> <span class="s">write</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build-and-deploy</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout 🛎️</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup Node.js ⚙️</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-node@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">node-version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">18'</span> <span class="na">cache</span><span class="pi">:</span> <span class="s1">'</span><span class="s">npm'</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install dependencies 📦</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm ci</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Copy assets to public directory</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">mkdir -p public/assets/images/aws</span> <span class="s">cp -r assets/images/aws/*.png public/assets/images/aws/</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build 🔧</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm run build</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Create .nojekyll file</span> <span class="na">run</span><span class="pi">:</span> <span class="s">touch dist/.nojekyll</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy 🚀</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">JamesIves/github-pages-deploy-action@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">folder</span><span class="pi">:</span> <span class="s">dist</span> <span class="na">branch</span><span class="pi">:</span> <span class="s">gh-pages</span> <span class="na">clean</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h3> Package Configuration </h3> <p>The <code>package.json</code> generation also required careful consideration and took implementation time:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cloud-guardian-puzzle"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0.1.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AWS GovCloud security and compliance themed Tetris game"</span><span class="p">,</span><span class="w"> </span><span class="nl">"main"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/index.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"start"</span><span class="p">:</span><span class="w"> </span><span class="s2">"webpack serve --mode development --port 3001"</span><span class="p">,</span><span class="w"> </span><span class="nl">"build"</span><span class="p">:</span><span class="w"> </span><span class="s2">"webpack --mode production"</span><span class="p">,</span><span class="w"> </span><span class="nl">"test"</span><span class="p">:</span><span class="w"> </span><span class="s2">"jest"</span><span class="p">,</span><span class="w"> </span><span class="nl">"predeploy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"npm run build"</span><span class="p">,</span><span class="w"> </span><span class="nl">"deploy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"gh-pages -d dist"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"repository"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"git"</span><span class="p">,</span><span class="w"> </span><span class="nl">"url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"git+https://github.com/MASAKIOKUDA-eng/cloud-guardian-puzzle.git"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"keywords"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"aws"</span><span class="p">,</span><span class="w"> </span><span class="s2">"govcloud"</span><span class="p">,</span><span class="w"> </span><span class="s2">"security"</span><span class="p">,</span><span class="w"> </span><span class="s2">"puzzle"</span><span class="p">,</span><span class="w"> </span><span class="s2">"game"</span><span class="p">,</span><span class="w"> </span><span class="s2">"tetris"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"author"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="nl">"license"</span><span class="p">:</span><span class="w"> </span><span class="s2">"MIT"</span><span class="p">,</span><span class="w"> </span><span class="nl">"bugs"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://github.com/MASAKIOKUDA-eng/cloud-guardian-puzzle/issues"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"homepage"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://MASAKIOKUDA-eng.github.io/cloud-guardian-puzzle"</span><span class="p">,</span><span class="w"> </span><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"phaser"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^3.55.2"</span><span class="p">,</span><span class="w"> </span><span class="nl">"react"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^18.2.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"react-dom"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^18.2.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"react-router-dom"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^6.10.0"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"devDependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"@babel/core"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^7.21.4"</span><span class="p">,</span><span class="w"> </span><span class="nl">"@babel/preset-env"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^7.21.4"</span><span class="p">,</span><span class="w"> </span><span class="nl">"@babel/preset-react"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^7.18.6"</span><span class="p">,</span><span class="w"> </span><span class="nl">"babel-loader"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^9.1.2"</span><span class="p">,</span><span class="w"> </span><span class="nl">"copy-webpack-plugin"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^13.0.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"css-loader"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^6.7.3"</span><span class="p">,</span><span class="w"> </span><span class="nl">"file-loader"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^6.2.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"gh-pages"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^6.3.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"html-webpack-plugin"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^5.5.1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"jest"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^29.5.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"style-loader"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^3.3.2"</span><span class="p">,</span><span class="w"> </span><span class="nl">"webpack"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^5.80.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"webpack-cli"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^5.0.2"</span><span class="p">,</span><span class="w"> </span><span class="nl">"webpack-dev-server"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^4.13.3"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Implementation Challenges </h2> <p>While games that complete with HTML only can be implemented quickly, I found that there are many elements to consider when creating dynamic games using Node.js that can be published via GitHub.io. Additionally, I felt there's a risk of generating code that deviates from requirements if you don't properly check the diff.</p> <p>Therefore, I think minimal understanding of the programming language is necessary to properly use Amazon Q Developer for CLI. (If the requirement was just to play on a local server, the implementation difficulty wouldn't be that high.)</p> <h2> Areas for Improvement </h2> <p>Through gameplay, I identified several improvement points:</p> <h3> Current Issues: </h3> <ol> <li> <strong>Language Switching</strong>: Some strings don't reflect when switching between English ↔ Japanese</li> <li> <strong>Performance</strong>: Screen stutters during gameplay</li> <li> <strong>Gameplay Mechanics</strong>: It's a simple Tetris game, so I'd like to enable player characters</li> <li> <strong>Development Flexibility</strong>: The specification only starts on port 3001, lacking flexibility</li> </ol> <h2> Future Prospects </h2> <p>I want to continue utilizing Amazon Q Developer for CLI not only for game creation but also for hands-on tutorial creation and practical business applications. I'm also interested in jsii (a library that converts TypeScript to other development languages), so I'm thinking of making a "pseudo-jsii" as my next target.</p> <h2> Key Takeaways </h2> <ol> <li> <strong>AI-Assisted Development</strong>: Amazon Q Developer for CLI can significantly accelerate game development</li> <li> <strong>Deployment Complexity</strong>: Publishing Node.js applications to GitHub Pages requires careful build pipeline configuration</li> <li> <strong>Educational Value</strong>: Combining gaming with technical education creates engaging learning experiences</li> <li> <strong>Iterative Improvement</strong>: AI-generated code requires human oversight and iterative refinement</li> </ol> <h2> Technical Stack </h2> <ul> <li> <strong>Frontend</strong>: React, Phaser.js for game engine</li> <li> <strong>Build Tools</strong>: Webpack, Babel</li> <li> <strong>Deployment</strong>: GitHub Actions, GitHub Pages</li> <li> <strong>Development</strong>: Amazon Q Developer for CLI</li> <li> <strong>Languages</strong>: JavaScript/TypeScript with internationalization support</li> </ul> <h2> Learning Outcomes </h2> <p>This project demonstrated the potential of AI-assisted development while highlighting the importance of:</p> <ul> <li>Understanding the underlying technology stack</li> <li>Proper code review and validation</li> <li>Incremental development and testing</li> <li>Balancing automation with human expertise</li> </ul> <p><em>This was a rough overview, but thank you for reading to the end! I hope this inspires others to explore AI-assisted development for educational gaming projects.</em></p> <h2> Related Resources </h2> <ul> <li> <strong>Campaign Information Page</strong> (until 6/20)</li> <li><strong>Amazon Q Developer Documentation</strong></li> <li><strong>Amazon Q CLI Related Articles</strong></li> </ul> <p><em>I personally think it could also be useful for OSS maintenance.</em></p> aws amazonqcli development [AWS]Hands-on: Building a Simple Web Server with CodeBuild + CodeDeploy (Sphinx) Masaki Okuda Mon, 23 Jun 2025 22:47:01 +0000 https://forem.com/masakiokuda/awshands-on-building-a-simple-web-server-with-codebuild-codedeploy-sphinx-3h7b https://forem.com/masakiokuda/awshands-on-building-a-simple-web-server-with-codebuild-codedeploy-sphinx-3h7b <h2> Introduction </h2> <p>Thank you for reading my articles! I'm a mob engineer who has been working on understanding CodeBuild → CodeDeploy pipeline construction in my work. Since I was having some difficulties with this, I decided to create a hands-on article to improve my skills and share the knowledge.</p> <p>I've written this article in simple terms so that even first-time readers can easily follow along. I hope you find it helpful!</p> <h2> Table of Contents </h2> <ul> <li>Target Audience</li> <li>Completion Image</li> <li> Hands-on Tutorial <ul> <li>Step 0: Prerequisites</li> <li>Step 1: IAM Roles &amp; S3 Setup</li> <li>Step 2: EC2 Construction (RHEL10)</li> <li>Step 3: CodeBuild Configuration</li> <li>Step 4: CodeDeploy Configuration</li> <li>Step 5: Execution Results</li> </ul> </li> <li>Insights</li> </ul> <h2> Target Audience </h2> <p>This article is intended for those who have the following challenges:</p> <ul> <li>Those who feel intimidated by AWS pipelines</li> <li>Those who want to strengthen their pipeline-related skills</li> <li>Those who want to deepen their understanding of pipelines through hands-on experience</li> </ul> <h2> Completion Image </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdde1maxs2ec54c2kuiy4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdde1maxs2ec54c2kuiy4.png" alt=" " width="800" height="400"></a></p> <p>The completed architecture will look like this:</p> <ul> <li> <strong>GitHub</strong>: Frontend code management (Sphinx)</li> <li> <strong>CodeBuild</strong>: Build process (Sphinx generation)</li> <li> <strong>CodeDeploy</strong>: Deployment (deploy build artifacts to EC2)</li> <li> <strong>S3</strong>: Store build artifacts</li> </ul> <h2> Hands-on Tutorial </h2> <h3> Step 0: Prerequisites </h3> <p><a href="https://github.com/MASAKIOKUDA-eng/sphinx-aws-demo/blob/main/buildspec.yml" rel="noopener noreferrer">https://github.com/MASAKIOKUDA-eng/sphinx-aws-demo/blob/main/buildspec.yml</a></p> <p>Please fork the sample code to your own GitHub account.</p> <h3> Step 1: IAM Roles &amp; S3 Setup </h3> <p>First, let's create an S3 bucket:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frs2ct5sqvz96m6qhy31w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frs2ct5sqvz96m6qhy31w.png" alt=" " width="800" height="400"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5db8iohsu0zim2ce7nt4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5db8iohsu0zim2ce7nt4.png" alt=" " width="800" height="201"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1egs7vr8n09aap31gfe2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1egs7vr8n09aap31gfe2.png" alt=" " width="800" height="268"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxrt3leczg110y0y0992t.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxrt3leczg110y0y0992t.png" alt=" " width="800" height="230"></a></p> <ol> <li>Enter "S3" in the search box</li> <li>Click S3 from the search results</li> <li>Click the "Create bucket" button in the center of the screen</li> <li>Enter an arbitrary name for the bucket name</li> <li>Scroll to the bottom and click the "Create bucket" button</li> <li>Confirm that the created bucket is displayed</li> </ol> <p>The S3 bucket creation is now complete.</p> <p>Next, let's create IAM roles and policies:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwirbsadboabn9iqvs4v8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwirbsadboabn9iqvs4v8.png" alt=" " width="800" height="400"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzi0218t5itshw5h03e43.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzi0218t5itshw5h03e43.png" alt=" " width="800" height="379"></a></p> <ol> <li>Enter "IAM" in the search box</li> <li>Click IAM from the search results</li> <li>Click "Policies" in the left pane</li> <li>Click "Create policy" on the right side of the screen</li> <li>Create the following policies from the policy creation screen:</li> </ol> <h4> AWSCodePipelineServiceRole Policy </h4> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:GetBucketAcl"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetBucketLocation"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetObject"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetObjectAcl"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetObjectVersion"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:ListBucket"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:PutObject"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:PutObjectAcl"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"arn:aws:s3:::your-codepipeline-artifacts-bucket"</span><span class="p">,</span><span class="w"> </span><span class="s2">"arn:aws:s3:::your-codepipeline-artifacts-bucket/*"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"codebuild:BatchGetBuilds"</span><span class="p">,</span><span class="w"> </span><span class="s2">"codebuild:StartBuild"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"codedeploy:CreateDeployment"</span><span class="p">,</span><span class="w"> </span><span class="s2">"codedeploy:GetApplication"</span><span class="p">,</span><span class="w"> </span><span class="s2">"codedeploy:GetApplicationRevision"</span><span class="p">,</span><span class="w"> </span><span class="s2">"codedeploy:GetDeployment"</span><span class="p">,</span><span class="w"> </span><span class="s2">"codedeploy:GetDeploymentConfig"</span><span class="p">,</span><span class="w"> </span><span class="s2">"codedeploy:RegisterApplicationRevision"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"codestar-connections:UseConnection"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h4> AWSCodeBuildServiceRole Policy </h4> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"logs:CreateLogGroup"</span><span class="p">,</span><span class="w"> </span><span class="s2">"logs:CreateLogStream"</span><span class="p">,</span><span class="w"> </span><span class="s2">"logs:PutLogEvents"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:GetObject"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetObjectVersion"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:PutObject"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"arn:aws:s3:::your-codepipeline-artifacts-bucket"</span><span class="p">,</span><span class="w"> </span><span class="s2">"arn:aws:s3:::your-codepipeline-artifacts-bucket/*"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>After creating the policies, create the following roles:</p> <ul> <li> <strong>EC2InstanceRole</strong> (for EC2 instances)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiainc0kt1tkzt36a973a.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiainc0kt1tkzt36a973a.png" alt=" " width="800" height="400"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb36ihp9buuepnalr7cv1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb36ihp9buuepnalr7cv1.png" alt=" " width="800" height="398"></a></p> <ul> <li> <strong>AWSCodePipelineServiceRole</strong> (for CodePipeline)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkqher26wxms1mamf2vie.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkqher26wxms1mamf2vie.png" alt=" " width="800" height="401"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flu66xn9lmxtkqdi7fnyt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flu66xn9lmxtkqdi7fnyt.png" alt=" " width="800" height="441"></a></p> <ul> <li> <strong>AWSCodeBuildServiceRole</strong> (for CodeBuild)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7h22q0gq6wij462yplqc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7h22q0gq6wij462yplqc.png" alt=" " width="800" height="397"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdbq2js9f8mxdkmxb6p0f.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdbq2js9f8mxdkmxb6p0f.png" alt=" " width="800" height="434"></a></p> <ul> <li> <strong>AWSCodeDeployServiceRole</strong> (for CodeDeploy)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8722zgqvl0jdhzmhtakv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8722zgqvl0jdhzmhtakv.png" alt=" " width="800" height="400"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftki36z8txbwy7r6qkom9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftki36z8txbwy7r6qkom9.png" alt=" " width="800" height="441"></a></p> <h3> Step 2: EC2 Construction (RHEL10) </h3> <p>Before building EC2, let's create a security group in advance:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnweebk7qtu0guvsnv8l0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnweebk7qtu0guvsnv8l0.png" alt=" " width="800" height="510"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F26x3k2wdgj0a7rcj272d.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F26x3k2wdgj0a7rcj272d.png" alt=" " width="800" height="392"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbf56l0mabzuvc8tojjsh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbf56l0mabzuvc8tojjsh.png" alt=" " width="800" height="400"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fljwx7u5y9tp4tf6loci1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fljwx7u5y9tp4tf6loci1.png" alt=" " width="741" height="302"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2wq8w4bfch8dcxmnxetk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2wq8w4bfch8dcxmnxetk.png" alt=" " width="800" height="400"></a></p> <ol> <li>Enter "EC2" in the search box</li> <li>Click EC2 from the search results</li> <li>Click "Security Groups" in the left pane</li> <li>Click the "Create security group" button on the right side</li> <li>Fill in arbitrary values on the security group creation screen</li> <li>Configure inbound and outbound rules as follows:</li> </ol> <p>EC2 creation is mostly default except for the security group, so I'll omit the detailed steps.</p> <p>After launch completion, connect to the web server via Teraterm and execute the following commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>yum update <span class="nt">-y</span> <span class="nb">sudo </span>yum <span class="nb">install</span> <span class="nt">-y</span> ruby wget httpd <span class="nb">cd</span> /home/ec2-user wget https://aws-codedeploy-ap-northeast-1.s3.ap-northeast-1.amazonaws.com/latest/codedeploy-agent.noarch.rpm <span class="nb">sudo </span>yum <span class="nb">install</span> <span class="nt">-y</span> ./codedeploy-agent.noarch.rpm <span class="nb">sudo </span>systemctl start codedeploy-agent <span class="nb">sudo </span>systemctl status codedeploy-agent <span class="nb">sudo </span>systemctl start httpd <span class="nb">sudo </span>systemctl <span class="nb">enable </span>httpd <span class="nb">sudo </span>systemctl status httpd </code></pre> </div> <p>After configuration, please assign the EC2InstanceRole to the instance.</p> <h3> Step 3: CodeBuild Configuration </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftc44m6j1bcelxn97us8n.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftc44m6j1bcelxn97us8n.png" alt=" " width="800" height="619"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4lhhehyxflyp0ekhxdvl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4lhhehyxflyp0ekhxdvl.png" alt=" " width="800" height="317"></a></p> <p>Configure CodeBuild with the following settings:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5tmz59po2h1v3jnt9ncb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5tmz59po2h1v3jnt9ncb.png" alt=" " width="800" height="725"></a></p> <h3> Step 4: CodeDeploy Configuration </h3> <p>Create a CodeDeploy application as follows:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjlp1dgbqg58hnsqif8ya.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjlp1dgbqg58hnsqif8ya.png" alt=" " width="800" height="189"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fybf5qg4fsoyfai8o0rzo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fybf5qg4fsoyfai8o0rzo.png" alt=" " width="800" height="590"></a></p> <p>Create a deployment group as shown:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7u95m2584aj5u6qd8e14.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7u95m2584aj5u6qd8e14.png" alt=" " width="800" height="722"></a></p> <h3> Step 5: Execution Results </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcgevpcrjjocnaxif9qkb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcgevpcrjjocnaxif9qkb.png" alt=" " width="800" height="284"></a></p> <p>During execution, the following error appeared:</p> <h4> Issue 1: Policy Permission Shortage </h4> <p>I discovered insufficient policy permissions, so I added the following policy to AWSCodePipelineServiceRole:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:GetBucketAcl"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetBucketLocation"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetBucketVersioning"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetObject"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetObjectAcl"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetObjectVersion"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:ListBucket"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:PutObject"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:PutObjectAcl"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"arn:aws:s3:::codepipeline-ap-northeast-1-71a30834a9be-4ec0-a2b9-981224e19677"</span><span class="p">,</span><span class="w"> </span><span class="s2">"arn:aws:s3:::codepipeline-ap-northeast-1-71a30834a9be-4ec0-a2b9-981224e19677/*"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h4> Issue 2: EC2 Permission Error </h4> <p>During deployment, an EC2 permission shortage error occurred, so I added the following inline policy to EC2InstanceRole:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:GetObject"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetObjectVersion"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:ListBucket"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"arn:aws:s3:::sphinx-handson-20250526"</span><span class="p">,</span><span class="w"> </span><span class="s2">"arn:aws:s3:::sphinx-handson-20250526/*"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"codedeploy:CreateDeployment"</span><span class="p">,</span><span class="w"> </span><span class="s2">"codedeploy:GetApplication"</span><span class="p">,</span><span class="w"> </span><span class="s2">"codedeploy:GetDeployment"</span><span class="p">,</span><span class="w"> </span><span class="s2">"codedeploy:GetDeploymentConfig"</span><span class="p">,</span><span class="w"> </span><span class="s2">"codedeploy:ListApplications"</span><span class="p">,</span><span class="w"> </span><span class="s2">"codedeploy:ListDeployments"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ec2:DescribeInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeInstanceStatus"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"tag:GetResources"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fstzuhw4yxis4phinihcl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fstzuhw4yxis4phinihcl.png" alt=" " width="800" height="284"></a></p> <p>After re-execution, the errors were resolved.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0mrxsf0kmqnncdhoala0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0mrxsf0kmqnncdhoala0.png" alt=" " width="800" height="484"></a></p> <p>Let's access the host! We were able to access it successfully.</p> <p>The goal for this time has been achieved!</p> <h2> Insights </h2> <p>Personally, troubleshooting CodeDeploy errors took some time, but I got the impression that once you do it a few times, it can be implemented without much effort.</p> <p>Moreover, since the case implemented this time is a minimal configuration, I felt that it could be operated with high scalability by combining it with other services.</p> <p>I still feel that I need to catch up on pipeline-related topics, so I would like to continue outputting activities.</p> <h2> Key Takeaways </h2> <ol> <li> <strong>IAM Permissions</strong>: Proper IAM role and policy configuration is crucial for successful pipeline execution</li> <li> <strong>Troubleshooting</strong>: CodeDeploy errors can be resolved systematically by checking permissions step by step</li> <li> <strong>Scalability</strong>: This minimal configuration can be extended with additional AWS services</li> <li> <strong>Learning</strong>: Hands-on practice is the best way to understand pipeline concepts</li> </ol> <h2> Next Steps </h2> <ul> <li>Explore more complex pipeline configurations</li> <li>Integrate with other AWS services (Lambda, CloudWatch, etc.)</li> <li>Implement automated testing in the pipeline</li> <li>Set up monitoring and alerting</li> </ul> <p><em>Thank you for reading this article to the end! Feel free to share your experiences with AWS pipelines in the comments below.</em></p> aws sphinx [Research][AWS]Investigating Transit Gateway Routes with VPC Reachability Analyzer Masaki Okuda Mon, 23 Jun 2025 22:17:02 +0000 https://forem.com/masakiokuda/researchawsinvestigating-transit-gateway-routes-with-vpc-reachability-analyzer-44kk https://forem.com/masakiokuda/researchawsinvestigating-transit-gateway-routes-with-vpc-reachability-analyzer-44kk <h2> Introduction </h2> <p>Thank you for reading this article! I'm a mob engineer who previously wrote about Transit Gateway configurations. After successfully completing an AWS hands-on lab involving Transit Gateway, I wanted to share my findings about analyzing Transit Gateway communication paths using VPC Reachability Analyzer.</p> <h2> Background </h2> <p>This article builds upon the <strong>AWS Official Hands-on Lab</strong> for Transit Gateway configurations. I'll be investigating the network reachability between different VPC configurations through the Transit Gateway setup.</p> <p><a href="https://catalog.us-east-1.prod.workshops.aws/workshops/e0d1c19d-c80b-4695-a3fc-5c4a25132f47/ja-JP/2-hands-on/2-5-lab5" rel="noopener noreferrer">https://catalog.us-east-1.prod.workshops.aws/workshops/e0d1c19d-c80b-4695-a3fc-5c4a25132f47/ja-JP/2-hands-on/2-5-lab5</a></p> <h2> Current Architecture Overview </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjougdu0zg7tes3hlkpw4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjougdu0zg7tes3hlkpw4.png" alt=" " width="800" height="447"></a></p> <p>The current setup consists of:</p> <ul> <li>Boundary VPC with EC2 instances</li> <li>Private VPC1 with EC2 instances </li> <li>Private VPC2 with Transit Gateway attachments</li> <li>Private VPC3 with Transit Gateway attachments</li> </ul> <p>All connected through a Transit Gateway infrastructure.</p> <h2> Investigation Scope </h2> <p>I wanted to analyze the following connectivity scenarios:</p> <ol> <li><strong>Boundary VPC EC2 ↔ Private VPC1 EC2</strong></li> <li><strong>Boundary VPC EC2 ↔ Private VPC2 TGW Attachment</strong></li> <li><strong>Boundary VPC EC2 ↔ Private VPC3 TGW Attachment</strong></li> </ol> <h2> Current Ping Connectivity Status </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2d6ifz0ccykps32vdicr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2d6ifz0ccykps32vdicr.png" alt=" " width="800" height="806"></a></p> <p>Before diving into the VPC Reachability Analyzer results, I verified the current ping connectivity status between the instances to establish a baseline.</p> <h2> VPC Reachability Analyzer Results </h2> <h3> Test 1: Boundary VPC EC2 ↔ Private VPC1 EC2 </h3> <p><strong>Analysis Configuration:</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq9zih7ounn6flpbe1nfo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq9zih7ounn6flpbe1nfo.png" alt=" " width="800" height="784"></a></p> <ul> <li>Source: EC2 instance in Boundary VPC</li> <li>Destination: EC2 instance in Private VPC1</li> </ul> <p><strong>Result:</strong> Unreachable</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff3zlq3gf11nstrhm76q7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff3zlq3gf11nstrhm76q7.png" alt=" " width="800" height="236"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcvabp22ebhsi50hp17rd.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcvabp22ebhsi50hp17rd.png" alt=" " width="800" height="711"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn3hg0e7mab3s9xncju3e.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn3hg0e7mab3s9xncju3e.png" alt=" " width="800" height="556"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxyesyt6e4q2jzr81vdnv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxyesyt6e4q2jzr81vdnv.png" alt=" " width="800" height="127"></a></p> <p>The analysis showed that the path was not reachable between these two instances.</p> <h3> Test 2: Boundary VPC EC2 ↔ Private VPC2 TGW Attachment </h3> <p><strong>Analysis Configuration:</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdgge7xlr9qeadczodb8d.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdgge7xlr9qeadczodb8d.png" alt=" " width="800" height="777"></a></p> <ul> <li>Source: EC2 instance in Boundary VPC </li> <li>Destination: Transit Gateway attachment in Private VPC2</li> </ul> <p><strong>Result:</strong> Unreachable</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu9cnf0kr1hiefuks3bx0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu9cnf0kr1hiefuks3bx0.png" alt=" " width="800" height="113"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flpd666a3vcaqg3yvskkq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flpd666a3vcaqg3yvskkq.png" alt=" " width="800" height="825"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcskgd337kunq4ubi67uc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcskgd337kunq4ubi67uc.png" alt=" " width="800" height="285"></a></p> <p>Similar to the previous test, this configuration also resulted in an unreachable status.</p> <h3> Test 3: Boundary VPC EC2 ↔ Private VPC3 TGW Attachment </h3> <p><strong>Analysis Configuration:</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwwm7orbxqerd9wih4iyf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwwm7orbxqerd9wih4iyf.png" alt=" " width="800" height="775"></a></p> <ul> <li>Source: EC2 instance in Boundary VPC</li> <li>Destination: Transit Gateway attachment in Private VPC3</li> </ul> <p><strong>Result:</strong> Unreachable</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fghi6qyub37hek0gblb1n.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fghi6qyub37hek0gblb1n.png" alt=" " width="800" height="111"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdoe16qmcw5qb3fkwfxz9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdoe16qmcw5qb3fkwfxz9.png" alt=" " width="800" height="791"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi6vyubyny4wkuv0qlous.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi6vyubyny4wkuv0qlous.png" alt=" " width="800" height="285"></a></p> <h2> Analysis and Insights </h2> <h3> Common Error Pattern </h3> <p>All three connectivity tests resulted in the same error: <code>TGW_RTB_NO_ROUTE_TO_TGW_ATTACHMENT</code></p> <p>This error indicates that the Transit Gateway route table doesn't have the necessary routes configured to reach the target attachments.</p> <h3> Root Cause Analysis </h3> <p>The primary reason for these connectivity issues appears to be related to the hands-on lab configuration. Specifically:</p> <ul> <li> <strong>Missing Route Table Entries</strong>: The Transit Gateway route tables lack the necessary routes to direct traffic to the target VPC attachments</li> <li> <strong>Configuration Gap</strong>: Without proper routing configuration, VPC Reachability Analyzer correctly identifies these paths as unreachable</li> </ul> <h3> Troubleshooting Resources </h3> <p>For teams encountering similar issues, AWS provides comprehensive documentation about VPC Reachability Analyzer error codes and their meanings. This documentation is invaluable for troubleshooting network connectivity issues in complex Transit Gateway environments.</p> <p><a href="https://docs.aws.amazon.com/vpc/latest/reachability/explanation-codes.html" rel="noopener noreferrer">https://docs.aws.amazon.com/vpc/latest/reachability/explanation-codes.html</a></p> <h3> Leveraging Amazon Q for Faster Resolution </h3> <p>To accelerate the troubleshooting process, I recommend using Amazon Q to:</p> <ul> <li>Quickly identify the root cause of routing issues</li> <li>Get specific guidance on Transit Gateway route table configurations</li> <li>Understand the relationship between different AWS networking components</li> </ul> <p>This AI-powered approach can significantly reduce the time needed to diagnose and resolve network connectivity problems.</p> <h2> Future Investigations </h2> <p>While this analysis focused on VPC Reachability Analyzer, I'm planning to explore <strong>Network Access Analyzer</strong> in future articles to provide even deeper insights into network communication patterns and security configurations.</p> <h2> Key Takeaways </h2> <ol> <li> <strong>VPC Reachability Analyzer</strong> is an excellent tool for validating network paths in Transit Gateway environments</li> <li> <strong>Route table configuration</strong> is critical for Transit Gateway connectivity</li> <li> <strong>Systematic analysis</strong> helps identify configuration gaps before they impact production workloads</li> <li> <strong>AI-powered troubleshooting</strong> (like Amazon Q) can accelerate problem resolution</li> </ol> <h2> Conclusion </h2> <p>This investigation demonstrated how VPC Reachability Analyzer can effectively identify routing issues in Transit Gateway configurations. While the current setup showed connectivity problems due to missing route table entries, this analysis provides a clear path forward for resolving these issues.</p> <p>The combination of traditional network analysis tools and modern AI-powered assistance creates a powerful troubleshooting workflow for complex AWS networking scenarios.</p> <p><em>Thank you for reading this article! Feel free to share your experiences with Transit Gateway routing and VPC Reachability Analyzer in the comments below.</em></p> aws network vpc [Research]Investigating the route set in Trangit Gateway with VPC Reachability Analyzer![AWS] Masaki Okuda Sat, 31 May 2025 14:47:46 +0000 https://forem.com/masakiokuda/researchinvestigating-the-route-set-in-trangit-gateway-with-vpc-reachability-analyzeraws-427p https://forem.com/masakiokuda/researchinvestigating-the-route-set-in-trangit-gateway-with-vpc-reachability-analyzeraws-427p <h1> Introduction </h1> <p>Thank you for reading the article!<br> I was able to verify all the AWS hands-on tests I used in my previous article on Trangit Gateway without any problems. In this article, I would like to discuss the results of testing communications via Trangit Gateway using the VPC Reachabiligy Analyzer.</p> <h4> Hands-on Documents(AWS) </h4> <p><a href="https://catalog.us-east-1.prod.workshops.aws/workshops/e0d1c19d-c80b-4695-a3fc-5c4a25132f47/ja-JP/2-hands-on/2-5-lab5" rel="noopener noreferrer">https://catalog.us-east-1.prod.workshops.aws/workshops/e0d1c19d-c80b-4695-a3fc-5c4a25132f47/ja-JP/2-hands-on/2-5-lab5</a></p> <p>The perspectives I would like to investigate this time are as follows:</p> <ul> <li>EC2 in Boundary VPC ↔ EC2 in Private VPC1</li> <li>EC2 in Boundary VPC ↔ TGW attachment in Private VPC2</li> <li>EC2 in Boundary VPC ↔ TGW attachment in Private VPC3</li> </ul> <p>The current Ping communication confirmation results are as follows.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkjkog433jf4f9m03r8py.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkjkog433jf4f9m03r8py.png" alt=" " width="800" height="806"></a></p> <h3> EC2 in Boundary VPC ↔ EC2 in Private VPC1 </h3> <p>Setting For VPC Reachability Analyzer</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6go7wa160jd8fodyi1ti.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6go7wa160jd8fodyi1ti.png" alt=" " width="800" height="784"></a></p> <p>Results</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7vhi6wa7zu5m6eq71kk9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7vhi6wa7zu5m6eq71kk9.png" alt=" " width="800" height="236"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkciwda41tna8vo720khu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkciwda41tna8vo720khu.png" alt=" " width="800" height="711"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F30l8ybze4ausva3kula9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F30l8ybze4ausva3kula9.png" alt=" " width="800" height="556"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frjo22gzau30w1ly42j10.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frjo22gzau30w1ly42j10.png" alt=" " width="800" height="127"></a></p> <h4> Information </h4> <p>It seems that it is not possible to display the reverse path when communicating via Trangit Gateway.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faqtwd08vvtt17dr97q38.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faqtwd08vvtt17dr97q38.png" alt=" " width="657" height="163"></a></p> <h3> EC2 in Boundary VPC ↔ TGW attachment in Private VPC2 </h3> <p>Setting For VPC Reachability Analyzer</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fba8qst1dx59a5vbmle99.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fba8qst1dx59a5vbmle99.png" alt=" " width="800" height="777"></a></p> <p>Results</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz5gblsvza28fwbu3ks3p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz5gblsvza28fwbu3ks3p.png" alt=" " width="800" height="113"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0xkp2hiuem0tpnz7cysu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0xkp2hiuem0tpnz7cysu.png" alt=" " width="800" height="825"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmhrovd1h74m21o9xajh7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmhrovd1h74m21o9xajh7.png" alt=" " width="800" height="285"></a></p> <h3> EC2 in Boundary VPC ↔ TGW attachment in Private VPC3 </h3> <p>Setting For VPC Reachability Analyzer</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2f26zw7j42r430l2n9he.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2f26zw7j42r430l2n9he.png" alt=" " width="800" height="775"></a></p> <p>Results</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcbuqo0nc7hphgiy6ds5z.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcbuqo0nc7hphgiy6ds5z.png" alt=" " width="800" height="111"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6b8pm4tw60mzu8monv60.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6b8pm4tw60mzu8monv60.png" alt=" " width="800" height="791"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbafnrhhsjjwndpnqh08k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbafnrhhsjjwndpnqh08k.png" alt=" " width="800" height="285"></a></p> <h2> Summary </h2> <p>The error TGW_RTB_NO_ROUTE_TO_TGW_ATTACHMENT was commonly displayed, which is thought to be due to the hands-on configuration used this time.</p> <p>Therefore, it is thought that the cause is that the route was not set in the route table, so detection by the VPC Reachability Analyzer was not possible.</p> <p>The error content is summarized in the following document, so please refer to it when troubleshooting.</p> <p><a href="https://docs.aws.amazon.com/vpc/latest/reachability/explanation-codes.html" rel="noopener noreferrer">https://docs.aws.amazon.com/vpc/latest/reachability/explanation-codes.html</a></p> <p>Furthermore, using Amazon Q to identify and address the cause of this error is expected to improve the speed of troubleshooting.</p> <p>Personally, I would have liked to analyze the communication settings using Network Access Analyzer, but I will try to verify this next time.</p> <p>This is a simple verification article, but thank you for reading to the end.</p> aws network vpc [AWS][Build Games]I created an AWS puzzle game using Amazon Q CLI! Masaki Okuda Wed, 28 May 2025 01:28:30 +0000 https://forem.com/masakiokuda/awsbuild-gamesi-created-an-aws-puzzle-game-using-amazon-q-cli-36m2 https://forem.com/masakiokuda/awsbuild-gamesi-created-an-aws-puzzle-game-using-amazon-q-cli-36m2 <h1> Introduction </h1> <p>Thank you for always reading our articles!!<br> I took on the challenge of "Making a game with Amazon Q CLI" which was posted as part of a Build Games project, so I wrote an article about it!</p> <div class="crayons-card c-embed text-styles text-styles--secondary"> <div class="c-embed__content"> <div class="c-embed__cover"> <a href="https://builder.aws.com/content/2xIoduO0xhkhUApQpVUIqBFGmAc/build-games-with-amazon-q-cli-and-score-a-t-shirt" class="c-link align-middle" rel="noopener noreferrer"> <img alt="" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fbuilder.aws.com%2Fassets%2Fog-hiXAX-on.png" height="auto" class="m-0"> </a> </div> <div class="c-embed__body"> <h2 class="fs-xl lh-tight"> <a href="https://builder.aws.com/content/2xIoduO0xhkhUApQpVUIqBFGmAc/build-games-with-amazon-q-cli-and-score-a-t-shirt" rel="noopener noreferrer" class="c-link"> AWS Builder Center </a> </h2> <p class="truncate-at-3"> Connect with builders who understand your journey. Share solutions, influence AWS product development, and access useful content that accelerates your growth. Your community starts here. </p> <div class="color-secondary fs-s flex items-center"> <img alt="favicon" class="c-embed__favicon m-0 mr-2 radius-0" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fbuilder.aws.com%2Fassets%2Fbuilder-favicon-sq0js-4n.svg"> builder.aws.com </div> </div> </div> </div> <h1> Install </h1> <p>The installation of the Amazon Q CLI is summarized in the official documentation.</p> <p><a href="https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/command-line-installing.html" rel="noopener noreferrer">https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/command-line-installing.html</a></p> <p>For Amazon Linux, I think the easiest way is to download the Zip file and install it.</p> <p>Once installed, the following screen will appear.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F97wiup9w9r035w708jmp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F97wiup9w9r035w708jmp.png" alt=" "></a></p> <h1> Game Image </h1> <p>The image of the game I'm trying to create this time is as follows:</p> <ul> <li>Games where you can freely build appropriate architectures like BuilderCards</li> <li>Make it playable on GitHub.io too</li> </ul> <p>Below is the game I created while querying Amazon Q CLI.</p> <ul> <li>This is the start screen</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5id3w6c13xhqebctybwe.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5id3w6c13xhqebctybwe.png" alt=" "></a></p> <ul> <li>Operation screen</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F31bllhdqs5ot2b2xbmvf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F31bllhdqs5ot2b2xbmvf.png" alt=" "></a></p> <ul> <li>Results screen</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ckj724wuxbqgrktcjj7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ckj724wuxbqgrktcjj7.png" alt=" "></a></p> <ul> <li>Hint function is also included</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffqn8a8gsuj0zwy9l4y4d.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffqn8a8gsuj0zwy9l4y4d.png" alt=" "></a></p> <ul> <li>We are also able to deliver results.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9pj8w7opum7q1qnw44q5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9pj8w7opum7q1qnw44q5.png" alt=" "></a></p> <h4> GitHub Code </h4> <p><a href="https://github.com/MASAKIOKUDA-eng/aws-puzzle" rel="noopener noreferrer">https://github.com/MASAKIOKUDA-eng/aws-puzzle</a></p> <h4> Apps </h4> <p><a href="https://masakiokuda-eng.github.io/aws-puzzle/" rel="noopener noreferrer">https://masakiokuda-eng.github.io/aws-puzzle/</a></p> <h2> Summary </h2> <p>I was surprised to see that I could generate a simple puzzle game by querying the Amazon Q CLI.<br> However, I noticed that the response time of the Amazon Q CLI was quite slow, and I'm not sure if this was because of the campaign period.</p> <p>The game I implemented this time can be implemented quickly in about 1-2 hours, so I thought I could do it in my spare time.</p> <p>Although it was a simple article, thank you for reading it💪💪</p> <h3> P.S. </h3> <p>By the way, the thing that took the longest time was resolving the error that kept popping up.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F03x0yem5ril9dj9sbav5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F03x0yem5ril9dj9sbav5.png" alt=" "></a></p> aws buildgames amazonqcli webdev [Research]simple test on VPC Reachability Analyzer[AWS] Masaki Okuda Mon, 19 May 2025 14:27:05 +0000 https://forem.com/masakiokuda/researchsimple-test-on-vpc-reachability-analyzeraws-43pm https://forem.com/masakiokuda/researchsimple-test-on-vpc-reachability-analyzeraws-43pm <h2> Introduction </h2> <p>Thank you for always reading our articles!<br> I was curious about VPC Reachability Analyzer, so I would like to do a simple technical investigation. I will write this article as easy to understand as possible, so I would appreciate it if you would read it.</p> <h2> Target audience </h2> <ul> <li>Those who want to know about the behavior of VPC Reachability Analyzer.</li> <li>Want to know more about usage scenarios</li> </ul> <h2> What's VPC Reachability Analyzer </h2> <p>This feature was released in December 2020. The official AWS blog states the following</p> <blockquote> <p>Amazon Virtual Private Cloud (VPC) allows customers to launch a logically isolated, dedicated virtual network on the AWS cloud. As customers expand their footprint on the cloud and deploy increasingly complex network architectures, network connectivity issues caused by misconfigurations become time-consuming to resolve. We are excited to announce VPC Reachability Analyzer, a network diagnostic tool that helps resolve reachability issues between two endpoints within a VPC or across multiple VPCs.</p> </blockquote> <p><a href="https://aws.amazon.com/jp/blogs/news/new-vpc-insights-analyzes-reachability-and-visibility-in-vpcs/" rel="noopener noreferrer">Blogs</a></p> <p>To put it very simply, it might be easier to understand if you think of it as a tool for analyzing the reachability of communication between resources.</p> <p>The usage fee is $0.10 per use.<br> Therefore, running it frequently can result in unexpected increases in costs.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgkekjwpo86an36qkmrk0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgkekjwpo86an36qkmrk0.png" alt=" " width="800" height="209"></a></p> <p>In addition, as stated in the official documentation, there are also some points to note regarding load balancers and firewalls.</p> <p><a href="https://docs.aws.amazon.com/vpc/latest/reachability/how-reachability-analyzer-works.html" rel="noopener noreferrer">Docs</a></p> <h2> Verification details </h2> <p>There are four things I would like to verify this time:</p> <ul> <li>1. VPC Peering in the same region (same account)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frvrjj9kri7ypd6ovwyrm.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frvrjj9kri7ypd6ovwyrm.png" alt=" " width="800" height="372"></a></p> <ul> <li>2: VPC Peering between different regions (same account)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftoznose6r4z1y4kn6hay.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftoznose6r4z1y4kn6hay.png" alt=" " width="800" height="423"></a></p> <ul> <li>3. VPC Peering in the same region (different accounts)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0kb8alli8kwc2t84aon4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0kb8alli8kwc2t84aon4.png" alt=" " width="800" height="396"></a></p> <ul> <li>4: VPC Peering between different regions (different accounts)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjuz0wfe50y1xtr7glje8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjuz0wfe50y1xtr7glje8.png" alt=" " width="800" height="403"></a></p> <h2> Verification </h2> <p>We will not go into the details of the preparations that were made prior to the verification, but we did set up the VPC and peering settings.</p> <p>After setting up, we set up the VPC Reachability Analyzer from TEST-A to each peering connection.<br> The results are as follows:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fworpvdre7edciy5sm0h9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fworpvdre7edciy5sm0h9.png" alt=" " width="800" height="192"></a></p> <h3> 1. VPC Peering in the same region (same account) </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhlerjgvpatriqh1j1o37.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhlerjgvpatriqh1j1o37.png" alt=" " width="800" height="469"></a></p> <h3> 2: VPC Peering between different regions (same account) </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6yutorvtq19rggc86vv0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6yutorvtq19rggc86vv0.png" alt=" " width="800" height="493"></a></p> <h3> 3. VPC Peering in the same region (different accounts) </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyyx223lkzc9m09awzo1o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyyx223lkzc9m09awzo1o.png" alt=" " width="800" height="493"></a></p> <h3> 4: VPC Peering between different regions (different accounts) </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy01o8gd60md5gcb8b7o0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy01o8gd60md5gcb8b7o0.png" alt=" " width="800" height="453"></a></p> <h2> Impressions </h2> <ul> <li>You can check in different regions or in the same region.</li> <li>Analysis costs $0.10 (per session), but the amount of information obtained is limited</li> <li>It is unclear which protocol is used by default (probably UDP)</li> </ul> <p>In my personal opinion, as an analysis tool it is expensive and provides little information, so I don't feel there is much value in using VPC Reachability Analyzer alone.</p> <p>However, I think that combining it with Amazon Q will help speed up the process of troubleshooting communication problems.<br> (However, I would like to see improvements made to the inability to troubleshoot BGP issues and check the health of the load balancer.)</p> <p>Since the scope of this verification was limited to AWS resources, I would like to verify whether it is possible to perform analysis that takes into account on-premises environments.</p> <p>Thank you for reading this article to the end!!</p> <h4> Digression </h4> <p>There were six updates to the VPC Reachability Analyzer.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9zg67h2bw5pbr6b8q82s.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9zg67h2bw5pbr6b8q82s.png" alt=" " width="800" height="452"></a></p> aws network vpc