How To Explain AWS DevOps Projects in an Interview | AWS DevOps Projects 03
AWS interview Tips what’s app channel Link:
https://whatsapp.com/channel/0029VaB1...
Cross-Account Automation with Centralized IAM Role based Authentication
Objective: Design and implement a cross-account automation system using centralized IAM roles and Lambda functions to clean up unused EBS volumes and monitor subnets running out of IP addresses across multiple AWS accounts.
Key Components:
AWS Organization Structure:
Root Organization: Houses all AWS accounts, including centralized automation.
Organizational Units (OUs):
Production OU:
Prod Account 1 - 10.1.0.0/24
Prod Account 2
Development OU:
Dev Account 1
Dev Account 2
Automation OU:
Central Automation Account: To manage Lambda functions and automations across accounts.
IAM Architecture:
Cross-Account Assume Role:
In each AWS account (Prod, Dev), create a specific IAM role that grants permission for the Central Automation Account to assume and perform automation tasks like EBS cleanup and subnet monitoring.
Automations (Lambda Functions):
EBS Volume Cleanup Automation:
Objective: Automatically identify and delete unused EBS volumes that have been in a detached state for 30 days or more.
Lambda Function Logic:
Run on a scheduled basis (every 24 hours).
Fetch all EBS volumes in each account using the ec2:DescribeVolumes API.
Filter for volumes that have been in the 'available' state for more than 30 days.
Trigger a cleanup action using ec2:DeleteVolume.
Log all deleted volumes to CloudWatch Logs for auditing.
Subnet IP Monitoring Automation:
Objective: Monitor subnets that are running out of available IP addresses and send an alert if the available IPs drop below a certain threshold (e.g., 10% of the total available IPs).
Lambda Function Logic:
Run on a scheduled basis (every 6 hours).
Use the ec2:DescribeSubnets API to fetch details of all subnets across accounts.
Calculate the percentage of IP addresses used for each subnet.
If usage exceeds 90%, publish an alert to an SNS topic or push it to CloudWatch for further action.
Optionally, trigger an action like notifying the team via email or Slack.
Outcome: Successfully implemented a cross-account, IAM-based automation system to manage unused EBS volumes and monitor subnet IP utilization. This reduces manual maintenance effort and improves resource optimization across multiple AWS accounts.
Watch video How To Explain AWS DevOps Projects in an Interview | AWS DevOps Projects 03 online without registration, duration hours minute second in high quality. This video was added by user Hi-Tech Institution 09 September 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,06 once and liked it 4 people.