Reputation: 31
Launch Configurations Created using AWS-Console VS Programmatically
I would like to find out if there is an easy way to find out whether given launch configuration is created using AWS Console or Programmatically?
Usecase:
We are planning to avoid copying/creating launch configuration using AWS-Console, so we would like to implement some alert system if there is any launch configuration created using AWS-Console.
So is there any way we can look at a flag on the launch configuration and differentiate if the launch configuration is created using AWS Console or not?
Upvotes: 1
Views: 67
Answers (2)
Reputation: 5888
My suggestion would be: Use only CloudFormation to create the LaunchConfigs and then check for the existence of relevant CF-tags.
Added bonus: you can create a specific role for CF to launch EC2 instances and then revoke all permissions for your users.
Upvotes: 0
Reputation: 3259
Quick thought
Approach 1
- Revoke permissions to launch configuration from all users with the console access.
- Use separate user for the program, who has permission to launch configuration.
Approach 2
Write a program which is monitoring CloutTrail logs. because all the things we do whether via console or API are/can_be logged in CloudTrail
Upvotes: 0
Related Questions
- LaunchConfiguration Userdata vs AWS::CloudFormation::Init
- Creating a LaunchConfiguration and updating the ASG
- How to get Launch Configuration through ASG
- AWS CLI v.s AWS Console for developement
- AWS EC2 Launchtemplate vs Launchconfiguration
- EC2 launch configuration user data is not executed
- What is the difference between Run-instances and create-instances in aws-cli?
- Why there is a difference in the number of launch configurations received from the python script and AWS CLI?
- What is better: configure instance on launch or launch a pre-backed image?
- Generating configuration for an EC2 instance using Amazon AWS CLI