Posts

'AccessDeniedException' When Rekognition Fails Due to Service Control Policy (SCP) Explicit Deny

-
Image
  'AccessDeniedException' When Rekognition Fails Due to Service Control Policy (SCP) Explicit Deny # AWS # AmazonRekognition # IAM # CloudSecurity Why  AdministratorAccess  cannot override organization guardrails in AWS Problem Your application calls  DetectLabels  in  Amazon Rekognition . The IAM role has: AdministratorAccess Explicit  rekognition:*  permissions Verified trust relationship Yet the request fails with: AccessDeniedException: User is not authorized to perform: rekognition:DetectLabels IAM looks correct. The role is admin. Still denied. Clarifying the Issue If your account is part of AWS Organizations, an Organization-level  Service Control Policy (SCP)  may be blocking Rekognition. An SCP operates above IAM. It does not grant permissions. It defines the maximum permissions allowed within an account. If an SCP includes: An explicit  Deny  on  rekognition:* A deny on specific regions A deny using  NotActi...
Post a Comment
Read more

The Secret Life of Azure: The Deployment Slot Swap

-
Image
  The Secret Life of Azure: The Deployment Slot Swap # Azure # AppService # DevOps # BlueGreenDeployment How to release updates safely with Azure Deployment Slots. Resilience & Release The library was quiet, but Timothy was hesitating at the main entrance with a new box of books. He looked at the door, then back at his box, then at the clock. "Margaret," he called out, "I have the new update for the 'History' section. But I'm stuck. If I open the door to bring these in, I have to block the entrance. For a few minutes, no one can get in or out. What if the new books have a typo? I’ll have to pull them all back out while the lobby stays empty." Margaret walked over, not to the door, but to a hidden panel in the wall next to it. "Timothy, you're thinking of the library as having only one entrance. In Azure, we don't 'replace' the front door while people are using it. We use  Deployment Slots ." She drew two identical doors on t...
Post a Comment
Read more

The Secret Life of AWS: The Dress Rehearsal (Staging & Manual Approval)

-
Image
  The Secret Life of AWS: The Dress Rehearsal (Staging & Manual Approval) # aws # codepipelinne # staging # devops Test changes in a live staging environment before they reach customers. Part 39 of The Secret Life of AWS Timothy was feeling invincible. Since building his  Assembly Line  (Part 38), he had stopped worrying. He would write code, push it to GitHub, and let the robot handle the rest. "Watch this," he told Margaret. "I'm changing the 'Buy Now' button to a 'soothing ocean blue'." He changed the hex code. git push origin main The Pipeline lit up. Source:  Succeeded. Build:  Succeeded ( npm test  passed). Deploy:  Succeeded. "Done," Timothy smiled. "Production is updated." He opened the website. His jaw dropped. The button wasn't "soothing ocean blue." It was invisible. He had typed white text on a white background. "Customers can't see the button!" he panicked. "Nobody can buy anyt...
Post a Comment
Read more

The Secret Life of JavaScript: The Async Generator

-
Image
  The Secret Life of JavaScript: The Async Generator # javascript # coding # programming # softwaredevelopment How to handle streams of data with  for await...of . Timothy was rubbing his temples. On his screen was a function that looked like it had been fighting a losing battle. async function getAllUsers () { let url = ' /api/users?page=1 ' ; const allUsers = []; while ( url ) { const response = await fetch ( url ); const data = await response . json (); // Add this page's users to our big list allUsers . push (... data . users ); // Prepare for the next loop... if there is one url = data . nextPage ; } return allUsers ; } "I'm trying to download all the user data," Timothy explained to Margaret. "But there are 50,000 users. If I wait for  all  the pages to download before I start processing them, the user waits for 20 seconds. It feels... stuck....
Post a Comment
Read more