avatarTeri Radichel

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

2622

Abstract

d="ba97">I’ve had a side gig going for many years now as a psychic. Or, more accurately, as a channel.</p><h2 id="aeae">The Last Word</h2><p id="6cbb"><b><i>Hello.</i></b></p><p id="c94e">Ha, you made me laugh.</p><p id="4e6b"><b><i>Well, you were the one who said you were a channel. I thought I’d pop in and say hello.</i></b></p><p id="5ca7">Hi, yourself. We haven’t done this in a while.</p><p id="1a30"><b><i>No, you have been ill. We thought we’d give you an opportunity to heal, as it were.</i></b></p><p id="6254">What do you mean, “as it were”?</p><p id="4b02"><b><i>Healing takes time, especially the older the individual is. You have noticed in the past week that you are able to put your socks on even more easily than before you were sick. You are able to stay up longer hours and are taking an interest in your former activities.</i></b></p><p id="a7d2">Yeah, unfortunately I tanked on NaNoWriMo. Though I still have two days to write before the end of November. I put a good 23,200 words into my third book. I want to finish it off at 30,000 words which is another two or three chapters. I need to go back to the second book and finish that one off with an additional 17,000 words. Then, re-writes on all three books and then think about either turning it over to Dennis to see if he is willing to spend the time editing them or think about hiring an editor to do the job, which I’m thinking would cost a good $3,000 or so which we don’t have. I also need to get up to speed with Canva, or Publisher or re-learn Illustrator to produce some covers. Then, I need to publish the books at KDP and see what happens. I need to drum up some interest in those FaceBook groups I joined and get my author’s website up and running. Anyone who has subscribed to my articles here at Medium will be on the list of folks I approach with book deals and announcements. By the way, if you want to get on that email list <a href="https://pmevanosky.medium.com/subscribe">please subscribe here</a> or email me at <a href="mailto:[email protected]">[email protected]</a>. I suppose I am feeling better. I’ve got a lot to do.</p><p id="6871">Oh, on a less fun note, I need to do our family accounting for 2022. I’m figuring it will take me a couple of months. That means I need the laptop set up next to me with another cordless keyboard to compare Quickbooks 2021 on the laptop with Quickbooks 2022 on the PC. I forget how I classify things from one year to the next. This is the year I have spent money on myself towards publishing books. Can I count those things?</p><p id="3db4"><b><i>Yes, we would say you might create

Options

a publishing classification for yourself. If your accountant wishes to take those expenditures and you use what you earned as a Medium writer this year to offset that would be up to her.</i></b></p><p id="ddb3">But does $48 as income from Medium even come close? I don’t think it counts as more than a hobby.</p><p id="5184"><b><i>Well, is this why you were thinking about side gigs? Perhaps you should concentrate on income-producing side gigs.</i></b></p><p id="b56f">Why are you raining on my parade?</p><p id="426a"><b><i>That’s what you pay us for, though the IRS would never, I guarantee, in a million years count that toward a business expenditure.</i></b></p><p id="afec">Well, I don’t pay you, so there.</p><p id="20eb"><b><i>You do understand what I mean, though.</i></b></p><p id="28fb">Yes, I do. Hey, is anybody going to be remotely interested in this piece?</p><p id="9e6d"><b><i>Time will tell.</i></b></p><p id="a68a">In explanation, <a href="https://medium.com/@pmevanosky/list/the-last-word-where-spirit-speaks-c75cbb677e29"><b><i>The Last Word</i></b></a> is a short conversation between my guide, Seth, and myself that generally has something to do with whatever I am writing about. I’ve started a list of those articles I write where it appears. I hope you enjoy it. I enjoy having Seth and others in Spirit show up occasionally in my pieces. It’s how I channel.</p><p id="3793">If you are not already a Medium member, consider using <a href="https://pmevanosky.medium.com/membership"><b><i>my affiliate link to join</i></b></a>. It is less than <b><i>15¢ a day</i></b>. A small portion of your membership fee will support my writing, and you will have access to all the great articles written by writers on Medium.</p><p id="f2fc">Thanks for reading. <a href="https://pmevanosky.medium.com/subscribe"><b>Subscribe for notifications every time I publish an article</b></a>. See you in the Funny Papers.</p><div id="b2ef" class="link-block"> <a href="https://pmevanosky.medium.com/list/c75cbb677e29"> <div> <div> <h2>The Last Word - Where Spirit Speaks</h2> <div><h3>A section in some of my articles for my Spirit Guide and other interested Folk in Spirit to have a place to talk. Just…</h3></div> <div><p>pmevanosky.medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*cc5922e576207285fd230b798dc9ee73f480108f.jpeg)"></div> </div> </div> </a> </div></article></body>

null (Service: AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: xxx; Proxy: null)

Trying to grant access an organizational unit access to a KMS key

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: Bugs | AWS Security | Secure Code

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Right now I’m trying to give an organizational unit access to a KMS key. I’ve followed various different sources of documentation and this is the error I get:

null (Service: AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 5144091211e7–4d72–8543-a5ffafe2e477; Proxy: null)

One problem was that I did not have the brackets [ ] in the exact right place in the json hierarchy.

"Condition":{  
    "ForAnyValue:StringLike":{   
        "aws:PrincipalOrgPaths":[     
            "o-1122334455/r-abcd/ou-1/",     
            "o-1122334455/r-abcd/ou-2/"   
         ]  
     } 
}

Whatever code is processing the request to access the key is expecting an array of values in [] like [a, b, c] not a single value “a” without brackets or a list like this “a”, “b” with no brackets.

The code is expecting one nested condition “aws:PrincipalOrgPaths” for the StringLike condition, not an array [ “aws:PrincipalOrgPaths”, “x”, “y”].

I had the [ and ] around aws:PrinicpalOrgPaths instead of where it is around the two organizations here.

Code is picky!

Fix: It would be nicer if the KMS policy editor caught this error before saving in its validation routine.

I also found it helpful to use the asterisk in the org path like this where the first value is the organization id and the last value is the OU ID, both which are found in the AWS Organizations section of the AWS portal.

"Condition":{  
    "ForAnyValue:StringLike":{   
        "aws:PrincipalOrgPaths":[     
            "o-1122334455/*/ou-1/",     
            "o-1122334455/*/ou-2/"   
         ]  
     } 
}

Resources:

I tried to add a key to an SSM parameter in another account with a different key and got the same error. Somewhere along the way I realized I was using the wrong key, so probably I have this same problem in some other key policy and/or this error occurs simply because access is denied.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2022

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Bug
Accessdeniedexception
AWS
Kms
Key Management Service
Recommended from ReadMedium