It\u2019s a very easy problem to tackle in Azure, for most resources, you can choose to export to ARM or BICEP template, which will reveal all configurations.<\/p>\n\n\n\n
It isn\u2019t as straight forward in AWS, when I\u2019m looking at AWS CLI, aws s3 command have following subcommands<\/p>\n\n\n\n
$ aws s3 ?\n\nusage: aws [options] <command> <subcommand> [<subcommand> ..] [parameters]\nTo see help text, you can run:\n\n aws help\n aws <command> help\n aws <command> <subcommand> help\n\naws: error: argument subcommand: Invalid choice, valid choices are:\n\nls | website\ncp | mv\nrm | sync\nmb | rb\npresign<\/code><\/pre>\n\n\n\nNone of them related to describe the current configuration<\/p>\n\n\n\n
There is an s3api command<\/a>, but it appears that you must query each subcommands, such as following huge list, what if my solution is much more complicated than just S3, then this will snowball much quicker to manage<\/p>\n\n\n\nget-bucket-accelerate-configuration\nget-bucket-acl\nget-bucket-analytics-configuration\nget-bucket-cors\nget-bucket-encryption\nget-bucket-intelligent-tiering-configuration\nget-bucket-inventory-configuration\nget-bucket-lifecycle-configuration\nget-bucket-location\nget-bucket-logging\nget-bucket-metrics-configuration\nget-bucket-notification-configuration\nget-bucket-ownership-controls\nget-bucket-policy\nget-bucket-policy-status\nget-bucket-replication\nget-bucket-request-payment\nget-bucket-tagging\nget-bucket-versioning\nget-bucket-website\nget-object\nget-object-acl\nget-object-attributes\nget-object-legal-hold\nget-object-lock-configuration\nget-object-retention\nget-object-tagging\nget-object-torrent\nget-public-access-block<\/code><\/pre>\n\n\n\nThen I\u2019ve come across AWS Config, which should track configuration of each resources<\/p>\n\n\n\n
AWS Config \u2013 Getting started<\/h2>\n\n\n\n- First goes to the region of the resources you want to track, and search for\u00a0Config<\/strong>
<\/li><\/ul>\n\n\n\n![\"\"](\"https:\/\/34.82.124.6\/wp-content\/uploads\/2022\/04\/image-8-1536x260-1-1024x173.png\")
<\/figure>\n\n\n\n- Click on Get started. I have selected Include global resources as there\u2019s a need to track roles and policies and choose to create a new bucket<\/li><\/ul>\n\n\n\n
![\"\"](\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/03\/image-9-1024x671.png\")
<\/figure>\n\n\n\n- Rules are meant to be auditing purpose to evaluate if your resources is following best practices, which isn\u2019t useful for my situation, so I didn\u2019t select anything
<\/li><\/ul>\n\n\n\n![\"\"](\"https:\/\/34.82.124.6\/wp-content\/uploads\/2022\/04\/image-10-1024x261.png\")
<\/figure>\n\n\n\n- Finally review and confirm<\/li><\/ul>\n\n\n\n
![\"\"](\"https:\/\/34.82.124.6\/wp-content\/uploads\/2022\/04\/image-11-1536x676-1-1024x451.png\")
<\/figure>\n\n\n\nAWS Config \u2013 comparing resources<\/h2>\n\n\n\n
Going to AWS Config -> Dashboard, it nicely listed all discovered resources by category. Since we need to compare the S3 configuration, then I\u2019ve clicked on S3 Bucket<\/p>\n\n\n\n![\"\"](\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/03\/image-12-1024x791.png\")
<\/figure>\n\n\n\nFind the two S3 buckets to compare, notice this is actually under Resources , then filtered by Resource Type = AWS S3 Bucket<\/p>\n\n\n\n![\"\"](\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/03\/image-14-1024x420.png\")
<\/figure>\n\n\n\nIn the middle section, expand View Configuration Item (JSON), then copy to your favorite tool for comparison (VS Code \/ WinMerg)<\/p>\n\n\n\n![\"\"](\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/03\/image-16-1024x948.png\")
<\/figure>\n\n\n\nComparison screenshot:<\/p>\n\n\n\n![\"\"](\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/03\/image-17-1024x662.png\")
<\/figure>\n\n\n\nIt\u2019s easy to see following section is missing<\/p>\n\n\n\n
\"PublicAccessBlockConfiguration\": {\n \"blockPublicAcls\": true,\n \"ignorePublicAcls\": true,\n \"blockPublicPolicy\": true,\n \"restrictPublicBuckets\": true\n },<\/code><\/pre>\n\n\n\nCleanup<\/h2>\n\n\n\n
Keep in mind that there is a cost for using AWS Config. If you only need it for comparing resources configuration, after you are done, you should disable it:<\/p>\n\n\n\n
Settings -> Note Recording is on<\/strong> -> Edit<\/p>\n\n\n\n![\"\"](\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/03\/image-18-1024x362.png\")
<\/figure>\n\n\n\nUncheck Enable recording<\/strong><\/p>\n\n\n\n![\"\"](\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/03\/image-19.png\")
<\/figure>\n\n\n\nConfirm<\/p>\n\n\n\n![\"\"](\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/03\/image-20.png\")
<\/figure>\n\n\n\nNow that\u00a0Recording is off<\/strong><\/p>\n\n\n\n![\"\"](\"https:\/\/34.82.124.6\/wp-content\/uploads\/2022\/04\/image-21-1536x498-1-1024x332.png\")
<\/figure>\n","protected":false},"excerpt":{"rendered":"So you have created your resources manually in AWS and it works fine, but when you tried to create the resource using Terraform and it just won\u2019t work? I\u2019ve ran into this issue when tried to create S3 + Policy … Continue reading