Saturday, December 14, 2019

AWS Resource Groups - KnowHow(s) - Series 1



Welcome to the exploration series of AWS Resource Groups !!
Who can create AWS Resource Group:
  1. Resource Groups are at account level
  2. Other accounts/users accessing should have relevant IAM user permissions to access the resource based on groups
  3. Below listed permissions are required for the user in order to create and use AWS Resource Groups 
  • resource-groups:*
  • cloudformation:DescribeStacks
  • cloudformation:ListStackResources
  • tag:GetResources
  • tag:TagResources
  • tag:UntagResources
  • tag:getTagKeys
  • tag:getTagValues
  • resource-explorer:*
 
What actually contains a Resource Group:
  • Like any other resources in AWS, Resource groups too, have name and ARN(Amazon Resource Names)
Supported AWS Services:
  • Almost all of the AWS Services whichever has tagging feature enabled will be supported for grouping under AWS Resource Groups
How can Resource Groups be created:
  1. From AWS Management Console
  2. API calls
  3. AWS CLI
  4. AWS SDK framework
What can be done for AWS Resource Groups:
  1. Create resource group based on Tags or AWS Cloudformation stacks in current region
  2. Edit or upgrade tags to identify and auto-detect Resources across the account, from one single definition of Resource Groups(but the User/Role applying this actions needs to have access permissions to update or delete tags against the underlying resources)
  3. Delete tag values against the Resource Groups(grouped under this Resource Group)
Integrations for AWS cloud compliance:
  • As part of cloud compliance each and every action or changes to resources are captured by AWS Cloutrail in order account for audit and incident response remediation purposes. AWS Resource groups as are recorded for each change it applies as for creating groups, updating tags, deleting groups under AWS Cloud Trail

Let us explore in series of events about this!!

No comments:

Post a Comment