If you’re deploying an AWS PowerShell Lambda (which is PowerShell Core 6.0) in a build pipeline, you’ll likely come across the fact that the older PowerShell docker images don’t have Dotnet Core installed. The .NET Core 3.0 .NET Core 3.0 SDK Docker images now contain PowerShell Core, but since AWS still uses .NET Core 2.1 which is in Long Term Support, you’re out of luck. Therefore if you’re deploying your lambda from your CI pipeline using docker, then you need a build environment which has:
Amazon Web Services yesterday announced they now have Amazon Machine images available for Windows Server 2016. This includes Nano Server, a perfect solution for a roll your own IaaS server to host your .NET Core APIs. Windows Server 2016 Nano Server -A cloud-native, minimal install that takes up a modest amount of disk space and boots more swiftly than the Datacenter version, while leaving more system resources (memory, storage, and CPU) available to run apps and services.
Now the madness with ADFS2 SAML assertions via WS-Trust 1.3 – and how they are not valid for use with Amazon Web Services (AWS). lexx:saml$ aws sts assume-role-with-saml --role-arn $role --principal-arn $principal --saml-assertion $assertion<br /> A client error (InvalidIdentityToken) occurred when calling the AssumeRoleWithSAML operation: Responses must contain SubjectConfirmatonData with a Recipient and NotOnOrAfter This failed due to a missing Recipient attribute on the SubjectConfirmationData element. Of course; I can’t modify the assertion to add the missing Recipient; as the SAML token is signed:
According to Wikipedia, Microsoft Active Directory Federation Services (ADFS) is: … a software component developed by Microsoft that can be installed on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated identity. ADFS can provide Single sign as an identity provider to users, but what if a developer needs the same sign on outside of “browser land”?
I’ve recently been working more day to day on Amazon Web Services, and I found it a little unwieldy to navigate around policy documents assigned to IAM groups. Sometimes you just want to have a local copy of the policies to edit/play with/look at. Therefore, I came up with a quick script to solve this. Enjoy… Of course, the AWS SDK for Powershell is required.