HI, I have question off topic, when switching role , does the user need to be provided some policy to allow which roles that user can assume/switch to ?
@unmaskITnow Жыл бұрын
Hi there. To assume a role, the user needs to have sts:AssumeRole permissions for the respective role ARN created. Apologies, the video didn't demonstrate that correctly with respect to user permissions but hope this helps! docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html
@ManishJindalmanisism Жыл бұрын
@@unmaskITnow thanks for replying. In many other demos there was no such thing as switching role. I guess that maybe because the demo was using admin account or account already have required policy attached?
@Ihteshamulhaq296 Жыл бұрын
Thank you for the detailed informative and step by step video!
@grainofmustardseed Жыл бұрын
your video was of great help.. especially the SG & IAM setup..
@gerardvalverde5179 Жыл бұрын
amazing everything from this video
@unmaskITnow Жыл бұрын
Thanks for the compliment. Please don't forget to subscribe and support the channel 🙏
@arjunb182511 ай бұрын
Thank you! This was a lifesaver.
@readbetweenthelines8484 Жыл бұрын
Well Organized ... I loved it
@unmaskITnow Жыл бұрын
Thank you so much 🙂 glad you loved it. Please do subscribe for more such content.
@dostoievski2 Жыл бұрын
I love how you organized and presented the content! I will definitely subscribe. Thank you!
@unmaskITnow Жыл бұрын
Thank you for subscribing. So thoughtful of you to recognize that. My intention is to organize & simplify so you dont end up having to search multiple places.
@utkarshdeep2031 Жыл бұрын
The presentation and organisation of content is excellent. The concepts are covered in great details. Keep up the good work!!
@lemonwithswag2593 Жыл бұрын
Your content is well organized. Keep up the good work.
@unmaskITnow Жыл бұрын
Thanks mate, means a lot
@KunjaBihariJena Жыл бұрын
Thank you Mam, we learn new concept
@unmaskITnow Жыл бұрын
Glad to hear that it was helpful. I post new content every week. Please do subscribe for more such content
@ayan_bhuin10 ай бұрын
Thank you very much for this video.. this was very helpful for my project.
@gunduthadiyan11 ай бұрын
A very well paced clearly explained video, thank you for taking the time to produce it. A quick question, how do I modify this IAM role, so that it is applicable for all ec2 instances in a given VPC or cidr block?
@farhangunawan Жыл бұрын
Follow the steps, but having difficult when trying to Assume Role An error occurred (AccessDenied) when calling the AssumeRole operation: User: is not authorized to perform: sts:AssumeRole on resource: Roles and Policy hade been setup already
@unmaskITnow Жыл бұрын
Hi there. To assume a role, the user needs to have sts:AssumeRole permissions for the respective role ARN created. Apologies, the video didn't demonstrate that correctly with respect to user permissions but hope this helps! docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html
@nrvishnu37647 ай бұрын
Hi I have a mssql ec2 instance running on a similar configuration in the demo you showed can i connect via SQL server management studio
@mohannadsamir5601 Жыл бұрын
Thank you so much for this well demonstrated video, I have a question "Can those instances have an access to internet using NAT GW?"
@unmaskITnow Жыл бұрын
Hi there, thank you for watching. The answer to your question is yes. EC2 instance connect endpoint is for inbound access to instances in private subnet. You can still create a NAT gateway in public subnet and have a default route to the NAT gateway in private subnet for outbound internet access. Please do share and subscribe as it encourages me to make more such content.
@mohannadsamir5601 Жыл бұрын
@@unmaskITnow Thanks for your response and consideration. Keep your great work ♥.
@DhirajGosavi-x4y Жыл бұрын
Hello , We are able to connect linux server by ec2 connect. but how we can copy the file from the local machine to the ec2 instance by ec2 connect ?
@karthikpt6110 Жыл бұрын
Hi, I have a one question, I am using that third one "Allow users to connect only from a specified source IP address range" Here i mentioned my local machine public IP but it was connected to any machine. How can i fix it?
@awskaran3 ай бұрын
I want to use this for my Business users. But caveat is they don't have AWS Account. Traditionally they used to connect via RDP. How can my business users connect in such cases?
@yaseen4916 Жыл бұрын
Thank you. Now I am need to scp to the private instance. How can we use this to copy files from local directory to private instance
@unmaskITnow Жыл бұрын
Hi Yaseen, thank you for the question. If you're able to follow the process in the video to SSH to private instance, you should be able to use SCP utility to copy files to the private instance. Please find the link below with the AWS document for your reference. docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html#AccessingInstancesLinuxSCP
@yaseen4916 Жыл бұрын
@@unmaskITnow Yeah I tried this. I believe there is documentation still remaining about this.
@yaseen4916 Жыл бұрын
Currently used this but getting error that unable to find credentials. Please try it out and let me know. If you could find something.
@gokulp202 Жыл бұрын
Very useful video, can you add the difference between ECI endpoint and SSM, because SSM also offers similar feature.
@unmaskITnow Жыл бұрын
Yes, SSM offers Session Manager to connect to the instance. And that's a really good suggestion to compare the two.. I'll aim to do that next. Do subscribe so you're notified when I release it.
@gokulp202 Жыл бұрын
@@unmaskITnow Subscribed already, I have one doubt, For Single Account, Why IAM Role ? IAM Policy can be attached directly to the IAM user group right. Are you referring here cross account access using ECI endpoint? I am trying to replicate the same thing using SSO, Dev account user --> accessing prod account instance.
@unmaskITnow Жыл бұрын
Yes, you can attach IAM policy directly to an IAM user but that requires you to download Access key ID and Secret access key which are long lived credentials for the user. Its AWS recommended best practice for an IAM user to assume IAM role with temporary credentials to grant necessary permissions whether it is in the same account or cross account
@BharathKumar-jm8gl Жыл бұрын
Hi , I have launched a ec2 in private subnet and created ec2 endpoint with ec2sg and endpoint sg and attached them accordingly but without creating any role I was able to connect ec2 through ec2 endpoint. Is role required here ? I was able to connect without any role
@srinidhinag263111 ай бұрын
True, It works without switching the role.
@nrvishnu3764 Жыл бұрын
awscli.customizations.ec2instanceconnect.websocket - ERROR - [1] Encountered error with websocket: (10053, 'An established connection was aborted by the software in your host machine', None, 10053, None) [1] Closing tcp connection. i am facing this above error while trying to windows ec2