How To Explain AWS DevOps Projects in an Interview | AWS DevOps Projects 03
AWS interview Tips what’s app channel Link:
https://whatsapp.com/channel/0029VaB1...
Cross-Account Automation with Centralized IAM Role based Authentication
Objective: Design and implement a cross-account automation system using centralized IAM roles and Lambda functions to clean up unused EBS volumes and monitor subnets running out of IP addresses across multiple AWS accounts.
Key Components:
AWS Organization Structure:
Root Organization: Houses all AWS accounts, including centralized automation.
Organizational Units (OUs):
Production OU:
Prod Account 1 - 10.1.0.0/24
Prod Account 2
Development OU:
Dev Account 1
Dev Account 2
Automation OU:
Central Automation Account: To manage Lambda functions and automations across accounts.
IAM Architecture:
Cross-Account Assume Role:
In each AWS account (Prod, Dev), create a specific IAM role that grants permission for the Central Automation Account to assume and perform automation tasks like EBS cleanup and subnet monitoring.
Automations (Lambda Functions):
EBS Volume Cleanup Automation:
Objective: Automatically identify and delete unused EBS volumes that have been in a detached state for 30 days or more.
Lambda Function Logic:
Run on a scheduled basis (every 24 hours).
Fetch all EBS volumes in each account using the ec2:DescribeVolumes API.
Filter for volumes that have been in the 'available' state for more than 30 days.
Trigger a cleanup action using ec2:DeleteVolume.
Log all deleted volumes to CloudWatch Logs for auditing.
Subnet IP Monitoring Automation:
Objective: Monitor subnets that are running out of available IP addresses and send an alert if the available IPs drop below a certain threshold (e.g., 10% of the total available IPs).
Lambda Function Logic:
Run on a scheduled basis (every 6 hours).
Use the ec2:DescribeSubnets API to fetch details of all subnets across accounts.
Calculate the percentage of IP addresses used for each subnet.
If usage exceeds 90%, publish an alert to an SNS topic or push it to CloudWatch for further action.
Optionally, trigger an action like notifying the team via email or Slack.
Outcome: Successfully implemented a cross-account, IAM-based automation system to manage unused EBS volumes and monitor subnet IP utilization. This reduces manual maintenance effort and improves resource optimization across multiple AWS accounts.
