AWS – Access Key & Security Key



As the AWS Ecosystem continues to grow it’s security authentication mechanisms continues to swell, as well.


Our Instance

Unfortunately various services need various authentication pathways.

For instance, own own implementation requires:

  1. User credentials
    • Multi-factor Authentication
  2. IAM Roles



Here I am trying to use a tool and it is asking me for the “AWS access key” and “AWS secret key

app_AccessKey_20180606_0729PM [brushedup].png



To review or get a new Access Key and Security key, please do the following:


  1. Launch browser
  2. Connect to IAM
    • Generic
      • IAM Home Page
    • Region
      • Region :- US West
  3. Click on the Users hyperlink
    • In case, you do not see your users
      • Please make sure that you are in right Region
      • Also make sure that you are not switched into Role
  4. Access the “Security Credentials” tab
  5. Review the listed “Access Keys
    • In my case did not have Access Keys listed
  6. Created Accessed Key
    • Clicked on the “Create Access key” button
    • Access Keys was generated
      • Noted the Access Key ID & Secret Access Key
      • Downloaded the csv file which contains the generate Key


Screen Shot

IAM Management Console



Users ( Switched to role )

users_role_20180606_1100PM [brushedup].png

Users ( As Self )


Users – [Username] – Security Credentials


Create(d) access key

CreateAccessKey_20180606 (brushedup).png



Crediting BitTitan …

BitTitan :- How do I get an access key for Amazon S3?

Amazon – RDS – Parameters – Trace Flags


As intimated in our last post, one is able to effect MS SQL Server DBCC Trace Flags through RDS Parameter groups.

Currently, there are about 74 options that one can access through parameter groups.

In this post, we will focus on the dozen DBCC trace flags that are exposed.


Trace Flags


Trace Flag Description Default Recommendation Reason
 1204 Returns the resources and types of locks participating in a deadlock and also the current command affected  Off  On The information is very useful for troubleshooting deadlocks
 1211 Disables lock escalation based on memory pressure, or based on number of locks. The SQL Server Database Engine will not escalate row or page locks to table locks  Off  Off  It is better to allow the SQL Engine to control lock escalation
 1222 Returns the resources and types of locks that are participating in a deadlock and also the current command affected, in an XML format that does not comply with any XSD schema.  Off  On Same as Trace Flag 1204, helpful for deadlock troubleshooting
 1224 Disables lock escalation based on the number of locks. However, memory pressure can still activate lock escalation.  Off  Off Same as Trace Flag 1211, best to allow SQL Engine control
 2528 Disables parallel checking of objects by DBCC CHECKDB, DBCC CHECKFILEGROUP, and DBCC CHECKTABLE  Off  Off Again, allow the SQL Engine to throttle whether to enable parallel checking
 3205 Disable hardware compression for tape drivers  Off  Off MSFT doc states – “If a tape drive supports hardware compression, either the DUMP or BACKUP statement uses it. With this trace flag, you can disable hardware compression for tape drivers. This is useful when you want to exchange tapes with other sites or tape drives that do not support compression“.
 3226 Suppress log entries for backup operations  On  On Suppress successful backup logging.  This reduces errorlog cluttering especially useful for the more frequent log backup
 3625 Limits the amount of information returned in error messages  On  On In our own environment, the default security put in place ( for errorlog) by SQL Server is sufficient
 4199 Controls multiple query optimizer changes previously made under multiple trace flags   Off  On You want to check your SQL Server Version and Patch level and see if it supports this Trace Flag.

If it does, I will say test the Trace Flag out, and keep it enabled, if it does cause harm.

Please read more here.

 4616 Makes server-level metadata visible to application roles  Off  Off No need to expose this class of information
6527 Disables generation of a memory dump on the first occurrence of an out-of-memory exception in CLR integration  Off  Off Memory dump is useful for diagnostic and so no need to disable memory dumps
7806 Enables a dedicated administrator connection (DAC) on SQL Server Express  On  On Dedicated Administrator connection is useful for accessing stalled SQL instances




Enable Trace Flag – 1204

aws rds Modify-db-parameter-group

Sample code for enabling a trace flag through AWS/RDS CLI.


@rem Returns the resources and types of locks participating in a deadlock and also the current command affected.
aws rds modify-db-parameter-group  --db-parameter-group-name [parameter-group-name]  --parameters "ParameterName=1204,ParameterValue=1, ApplyMethod=immediate"


@rem Returns the resources and types of locks participating in a deadlock and also the current command affected.
aws rds modify-db-parameter-group  --db-parameter-group-name corp  --parameters "ParameterName=1204,ParameterValue=1, ApplyMethod=immediate"


dbcc traceoff

Sample code for disabling a trace flag through Transact SQL.


DBCC TRACEOFF ([trace-number], -1)


DBCC TRACEOFF (1204, -1)

Output – Image


Output – Text

Msg 2571, Level 14, State 3, Line 1
User 'guest' does not have permission to run DBCC TRACEOFF.


  1. As we do not have sysadmin privileges, we are not able to issue DBCC TraceOn/DBCC TraceOff
    • This command “requires membership in the sysadmin fixed server role” ( Link )



Review Enabled Trace Flags

List all enabled trace flags






  1. I am familiar with all the other Trace flags ( listed above ), outside of Trace Flags 4199 and 8017
    • 4199
      • Need to clear cached plan
        • SQL Server query optimizer hotfix trace flag 4199 servicing model

          If DBCC TRACEON\TRACEOFF is used this does not regenerate a new cached plan for stored procedures. Plans could be in cache that were created without the trace flag
    •  8017
      • Aaron Morelli
        Twitter – @sqlcrossjoin
        Topic – A Topical Collection of SQL Server Trace Flags
        Link –
        Ken Henderson 2005, page 387 (paraphrased): basically means “no offline schedulers”.
        Normally, when using affinity to restrict the CPUs that SQL can use, SQLOS starts up schedulers for every CPU on the box, but then keeps schedulers that it is not allowed to use in “offline” state. However, those schedulers are using resources, so you can prevent SQL from ever creating those schedulers by turning on this flag. You can combine this with 8002 to achieve the “move among CPUs” effect for your schedulers
        This flag appears to have been turned on by default in SQL 2005 Express Edition, as evidenced by all of the upgrade warnings people were experiencing when trying to upgrade to SQL 2008 Express.
      • Makes sense as SQL Server Express Edition does not support SQL Server Agent



Trace Flags – MSFT

  1. Trace Flags (Transact-SQL)

Trace Flags – Generic

  1. Warner Chaves – The Most Important Trace Flags for SQL Server
  2. Aaron Morelli – Trace Flag Respository
  3. Derik – sqlHammer – Derik’s Favorite Trace Flags


Trace Flags – 4199

  1. SQL Server query optimizer hotfix trace flag 4199 servicing model
  2. Enabling SQL Server Trace Flag for a Poor Performing Query Using QUERYTRACEON
  3. Benjamin Pierce – SQL 2008 – 2012 Query Optimizer Trace Flag 4199 – Increase performance
  4. Joe P – Developer Gems – SQL Server Trace Flag 4199
  5. David K. Lee – Convergence of Data and Infrastructure – SQL Server Trace Flag 4199
  6. Paul White – Optimization Phases and Missed Opportunities
  7. Enabling SQL Server Trace Flag for a Poor Performing Query Using QUERYTRACEON


Trace Flags – 4616

  1. Gerard Conroy – SQL Server Trace Flag 4616 no longer required for Dynamics NAV 5.0 SP1 or Dynamics NAV 2009 SP1


SQL Server Builds

  1. Microsoft SQL Server Version List


Amazon – RDS – Command Line Interface ( CLI ) – Returning empty resultset


Just blew a couple of hours trying to determine why a couple of RDS/CLI Commands are coming back empty.



Here are the commands I tried out



aws rds describe-db-instances


"DBInstances": []




aws rds describe-db-parameter-groups



 "DBParameterGroups": []


Traced the error back to the fact that I had set a wrong region.

Workarounds are to override the default per each command utterance, or go back and reset the default.

Specify Region at Command Level



aws rds describe-db-instances  --region us-west-2





aws rds describe-db-parameter-groups --region us-west-2




Reset default region

Review Configuration


aws configure


Wrong default – us-west-1

aws configure - 20160426 - 0658PM

Reset Configuration

  1. Connect to Console and get default


Connect to Console and get default



Reset default via “aws configure”

Here we change the default region from us-west-1 to us-west-2

aws configure

   default region name [us-west-1] : us-west-2

aws configure - 20160426 - 0708PM



Issue query without specifying default


aws rds describe-db-instances