cloud

Edge cases make for interesting TILs. Here's one on attempting to create an S3 bucket that already exists in your account.

The bucket you tried to create already exists, and you own it. Amazon S3 returns this error in all AWS Regions except in the North Virginia Region. For legacy compatibility, if you re-create an existing bucket that you already own in the North Virginia Region, Amazon S3 returns 200 OK and resets the bucket access control lists (ACLs).

Discovered via @whitequark on Mastodon.

How fly.io manages WireGuard peers and loads them just-in-time into the kernel speeding up kernel operations.

I've always used aws ec2 describe-regions and was never aware of the aws account list-regions command as shared by Paweł Grzybek in his post. The account command has a few other operations including enabling or disabling a region and changing contact details linked to the AWS account.

When requesting actions on AWS accounts or resources, AWS needs to verify if the principal (user, role, application, etc.) making the request is allowed to carry out the action. For single accounts with simple workloads, this can be done easily by setting an identity-based policy on the user. However, as needs grow and additional accounts are added, other factors come into play, such as resource-based policies, cross-account roles, service control policies, and more.

Whenever I encounter potential access-related problems, I refer to this flow chart for troubleshooting. Given the number of times I end up searching for this, I believe it might be helpful to share it.