cloud sysadmin

Granting AWS billing access to IAM (non-root account) users

By default, IAM users will not be allowed to access the Billing dashboard. This is true even if the user has AdministratorAccess permission. If you use AWS as a non-root/owner account user, but require access to billing and payment, here’s how you can do it.

Create billing IAM policies

  1. Go to IAM:
  2. Select Policies > Create policy
    1. Choose a service > Enter “Billing”
    2. Check All billing actions
  3. Review > name it “BillingFullAccess” > Create policy

Attach billing policy

You can attach billing policy to users or user groups. For simplicity, let’s assume we are applying it a user.

  1. Go to IAM:
  2. Select users > choose the user that you want to apply
  3. Select Add permissions > Attach existing policies directly
  4. Check BillingFullAccess
  5. Review > Add permission

Activating access to the AWS billing console

From AWS documentation,

By default, IAM users and roles within an AWS account can’t access the Billing console pages. This is true even if the IAM user or role has IAM policies that grant access to certain Billing features.

The last step is to enable this permission. To do so,

  1. Sign in as root/account owner
  2. Click on your username on the top right and select Account
  3. Scroll down to IAM User and Role Access to Billing Information
  4. Click Edit, check Activate IAM Access
  5. Update

And it’s done. You can now login as the IAM user and access the billing dashboard.

cloud security sysadmin

New for Amazon GuardDuty – Malware Detection for Amazon EBS Volumes | AWS News Blog

Once configured, AWS GuardDuty will now scan EBS volumes for malware and report its findings when it detects suspicious activities. If you haven’t enable it already, you should do so.

When you have GuardDuty Malware Protection enabled, a malware scan is initiated when GuardDuty detects that one of your EC2 instances or container workloads running on EC2 is doing something suspicious.

cloud sysadmin

AWS Perspective | Implementations | AWS Solutions

AWS just released AWS Perspective, a new tool to help you create diagrams about your AWS workload/architecture.

In a way this is long overdue. There are quite a number of companies in this space already. AWS’ version supposedly is better integrated and allows you to link to the resource directly in AWS console.

It seems to be quite useful, though it doesn’t come cheap. Someone posted on Twitter that the cost estimate comes up to USD500+ (every month) to use it.

network sysadmin

Is Your Cat 6 Cable a Dog? — Blue Jeans Cable

The state of Cat 6 cables sold in the market is appallingly bad.

Plainly enough, most of these cables aren’t designed to meet Cat 6 or 6a specifications, and they’re certainly not tested for compliance before leaving the plant.

Source: Is Your Cat 6 Cable a Dog? — Blue Jeans Cable

security sysadmin


A collection of eye-opening NTFS tricks to do things that you normally can’t.

TRICK 1: CREATE FOLDERS WITHOUT PERMISSIONS (CVE-2018-1036/NTFS EOP) On Windows you can assign “special permissions” to folders like permissions that a user is allowed to create files in a folder, …

Source: MOV AX, BX Code depilation salon: Articles, Code samples, Processor code documentation, Low-level programming, Working with debuggers WINDOWS NTFS TRICKS COLLECTION


Apache vs Nginx: Practical Considerations | DigitalOcean

A comparison of Apache vs Nginx and what they are suitable for.

Apache and Nginx are the two most common open source web servers in the world. Together, they are responsible for serving over 50% of traffic on the internet. Both solutions are capable of handling diverse workloads and working with other software to

Source: Apache vs Nginx: Practical Considerations | DigitalOcean

cloud sysadmin

AWS EC2 Virtualization 2017

A very good summary of the advancement of virtualization technologies used in AWS EC2. The newest instance type offered is simply AWS Bare Metal, which provides all the hardware access with little performance overhead, while still retaining the benefits of cloud – elasticity etc.

AWS EC2 Virtualization 2017: explaining the different virtualization types, from emulation and binary substitution, paravirtualization and Xen, PV, HVM, and PVHVM modes, and the new Nitro hypervisor


Amazon AWS S3 outage is breaking things for a lot of websites and apps

One of Amazon AWS service – specifically S3 – goes down (and recovers eventually) but many sites are affected. It’s not as bad as the Dyn DDoS attack but it’s a reminder how many companies now rely on Amazon to power their services.

Amazon’s S3 web-based storage service is experiencing widespread issues, leading to service that’s either partially or fully broken on websites, apps and..

Source: Amazon AWS S3 outage is breaking things for a lot of websites and apps

Edit (2017-03-03): Amazon released a summary of what happened. The tl;dr version is this: fat-fingered engineer.

programming sysadmin

AWS and Azure in Plain English

If you are not an architect-level user of AWS you will probably be lost in the ever growing list of AWS services. The non-obvious names (Cognito, Athena, anyone?) for the services doesn’t help. Now someone is attempting to provide a – sometimes tongue-in-cheek – explanation of those services. Well, it’s not exactly plain english, but good attempt anyway. An Azure version is also available.

  1. AWS in Plain English
  2. Azure in Plain English

Visual Studio Code September 2016 1.6

LOL. Microsoft accidentally “DDoS” in the new VS Code release. This is due to a feature in VS Code 1.7 sending a lot of non-cacheable requests. Thankfully they responded quickly and reverted VS Code to the old version.

These typings files drive the IntelliSense (code completions) experience in VS Code. The feature was so great that we started to overload the service.

Source: Visual Studio Code September 2016 1.6