Unlimited Leave
Posts
🚤 Navigate CloudTrail Lake with this Library of Queries 📚

🚤 Navigate CloudTrail Lake with this Library of Queries 📚

and a framework for a 'real' account vending machine.

Ross Wickman
April 14, 2023

Good day. This is Unlimited Leave, the AWS Management and Governance newsletter desperate for some AWS Management and Governance updates.

Keeping you entertained with minimal Cloud Ops and Management updates is hard. The calm before the storm I hope. Q3 🤞

Not to mention I’ve seen a huge influx of content which from personal experience I can only imagine being generated by some service backed by GPT. There are many of them, and in all fairness, I use them daily as well.

Today I share a few under-appreciated announcements, blog posts, and changes to the Greenfield Course pre-sale pricing.

You’ll have an opportunity to see if I’m bluffing later on.

This week's topics

Some traction on Account Factory Customizations (AFC)
Accelerate AWS CodePipelines by using AWS Service Catalog Factory
Resources for querying CloudTrail for everything you can imagine
Greenfield course is getting plenty of water

Account Factory Customizations (AFC)

I’m not surprised or offended. Just as I’ve deployed a robust ‘Customizations for Control Tower (CfCT)’ foundation for 4 Organizations I’m managing in parallel to each other, AWS throws out future updates to the solution and puts all of its eggs in a new basket.

This is, however, a great move as Service Catalog now supports Terraform.

AFC is essentially AWS Accounts, resources, and configurations as pre-packaged Service Catalog Portfolio Products. A product is an account Blueprint. You can create custom blueprints for yourself, use AWS Partner-provided blueprints, or leverage a library of well-architected solutions.

This blog post shows at a high level how this can be implemented and the best part is, you can draw a line in the sand and start using this now regardless of how you have configured Control Tower in the past.

I have not kicked the tired on this but it is high on my priority list. This likely will not be included in the immediate release of the Greenfield Organizations Deployment course, but it will be included at no additional cost.

Automate account customization using Account Factory Customization in AWS Control Tower | Amazon Web Services

An Introduction to Account Factory Customizations (AFC) for Control Tower

aws.amazon.com/blogs/mt/automate-account-customization-using-account-factory-customization-in-aws-control-tower

AFC is going to be a true account ‘vending machine’. Think of your Service Catalog Portfolio Products as A1 - D6 options. Point and click or send an API call to deploy accounts of any flavor of your choosing.

Use Service Catalog Factory to Accelerate CodePipeline

Not directly related, but to go along with the deployment of AFC, is a solution recently shared with me that would support the accelerated and scalable management of the previously mentioned blueprints for AFC. Service Catalog supports the deployment of more than AWS Account Templates, but this workshop looks fantastic when viewed through the lens of configuring account blueprints for multi-account and multi-organization management and governance.

service-catalog-tools-workshop.com/

AWS Service Catalog Tools Workshop

service-catalog-tools-workshop.com/tools/factory.html

CloudTrail (Lake) Queries

A pretty self-explanatory resource that has saved me boatloads of time.

GitHub - aws-samples/cloud-trail-lake-query-samples

Contribute to aws-samples/cloud-trail-lake-query-samples development by creating an account on GitHub.

github.com/aws-samples/cloud-trail-lake-query-samples

To aid in future query needs, https://www.text2sql.ai/ is a new resource I’ll be kicking the tires on as well.

Here is the most recent AWS Security Blog post:

Investigate security events by using AWS CloudTrail Lake advanced queries

Greenfield Course (pre-sale) price hike 📈

As I wrote in last week’s issue, I’m no internet marketer. However, there are tried and true methods for internet sales.

Build following, trust, and authority
…
Profit

A key component of Phase 2 is scarcity and a sense of urgency.
I’m not going to bullshit, anyone. This is all something I might like to turn into a real business. Newsletters, servers, equipment, etc. all cost money. So my schtick is transparency.

Over the next few weeks leading to the launch, the pre-sale price of the course is going to increase by $10 each week. As we get closer to launch, $20 per week. Until the launch of the course at $299.

March 31st - $99
April 7th. - $99
April 14th - $99
April 21st - $109

Will it stay at $299? And for how long? Hard telling.

I can promise you this, there will be times after launch to buy at a discounted rate and bundles with other content, but I have no idea right now what that is going to look like.

What I do know is I’m making this course and while the production quality might not be award-winning, I promise, if this is the work you do regularly, you will get $299 worth of value out of it.

Since the course is still in pre-sale, I can’t enable a free preview of the first Module so I’ve uploaded it here: https://youtu.be/cYujZHzuWC8

Sign up today! 👇

Greenfield AWS Organization Deployment

Learn how to properly deploy a new AWS Organization for easier management and governance from the ground up. Use tools like Customizations for Control Tower (CfCT) and Account Factory for Terraform (AFT).

unlimitedleave.thinkific.com/courses/greenfield-aws-organization-deployment

Review past issues HERE | Share with others HERE

Disclaimer: The resources and topics shared within this newsletter are for informational use only. Any resources deployed or tools implemented are done so at your own risk. Do your research and testing before the implementation of any resource or service deployed for any workload.