Recently-Added

A transit VPC is a pretty common networking pattern in an AWS environment. [Transit VPCs](http://Should I use a Transit VPC in AWS?) can limit the number of peering connections required to connect all your VPCs by switching from a mesh topology of peers to a hub and spoke method with transit. While transit VPCs offer some nice features, it also requires a bit more management overhead since you need to manage your own routers. Cisco makes the deployment of transit routers very easy but sometimes you need to make some changes to the routers after they’re deployed like if you need to resize them. Also, sometimes bad things happen and those routers can be destroyed by accident. This post shows how you can resize your Cisco CSRs and/or restore an old configuration from snapshot. ...

We love to use AWS CloudFormation to deploy our environments. Its like configuration management for our AWS infrastructure in the sense that we write a desired state as code and apply it to our environment. But sometimes, there are tasks that we want to complete that aren’t part of CloudFormation. For instance, what if we wanted to use CloudFormation to deploy a new account which needs to be done through the CLI, or if we need to return some information to our CloudFormation template before deploying it? Luckily for us we can use a Custom Resource to achieve our goals. This post shows how you can use CloudFormation with a Custom Resource to execute a very basic Lambda function as part of a deployment. ...

Some things change when you move to the cloud, but other things are very much the same. Like protecting your resources from outside threats. There are always no-gooders out there trying to steal data, or cause mayhem like in those Allstate commercials. Our first defense should be well written applications, requiring authentication, etc and with AWS we make sure we’re setting up security groups to limit our access to those resources. How about an extra level of protection from a Web Application Firewall. AWS WAF allows us to leverage some extra protections at the edge to protect us from those bad guys/girls. ...

A common question that comes up during AWS designs is, “Should I use a transit VPC?” The answer, like all good IT riddles is, “it depends.” There are a series of questions that you must ask yourself before deciding whether to use a Transit VPC or not. In this post, I’ll try to help formulate those questions so you can answer this question yourself. The Basics Before we can ask those tough questions, we first should answer the question, “What is a Transit VPC?” Well, a transit VPC acts as an intermediary for routing between two places. Just like a transit network bridges traffic between two networks, a transit VPC ferries traffic between two VPCs or perhaps your data center. ...

There are a dozen new technologies being introduced every day that never amount to anything, while others move on to create completely new methodologies for how we interact with IT. Just like virtualization changed the way data centers operate, containers are changing how we interact with our applications and Kubernetes (K8s in short hand) seems to be a front runner in this space. However, with any new technology hitting the market, there is a bit of a lag before it takes off. People have to understand why it’s needed, who’s got the best solution, and how you can make it work with your own environment. Heptio is a startup company focusing on helping enterprises embrace Kubernetes through their open source tools and professional services. I’ve been hearing great things about Heptio, but when my good friend, Tim Carr, decided to go work for there, I decided that I better look into who they are, and figure out what he sees in their little startup. ...

I took last week off from work to spend some time with my family and just relax. I’d never been to Disney World and have a six year old who is seriously into Star Wars, so this sounded like a great way to take a relaxing week off. During this vacation I found that it took several days before I even started to unwind. I ended the work week on a Friday and still felt the work stress through the weekend and into Monday. Maybe it’s a normal thing to still feel the stress through the weekend, but I had expected to feel an immediate release of tension when I was done with work on Friday when my vacation began. But all weekend I kept noticing that I couldn’t forget about work. In fact, I felt pretty sick one day and believe it was stress related. After a few days I started to pay attention to the activities of the day and didn’t pay as much attention, but it made me think that those two day weekends and how they certainly weren’t recharging me to be prepared for the next week of stress. ...

Passwords are a necessary evil to keep bandits from running away with your confidential data. We’ve come up with various strategies to manage these secrets, such as: Using one password for all of your stuff so you don’t forget it. Use a password vault to store a unique password for each of your logins. Use a few passwords in a pattern you can remember. Write down your password on a sticky note and attach it to your monitor. Now, not all of these practices are good but you get the idea. ...

Locking down an AWS environment isn’t really that if you know what threats you’re protecting against. You have services such as the Web Application Firewall, Security Groups, Network Access Control Lists, Bucket Policies and the list goes on. But many times you encounter threats from malicious attackers just trying to probe which vulnerabilities might exist in your cloud. AWS has built a service, called Amazon GuardDuty, to help monitor and protect your environment that is based on AWS machine learning tools and threat intelligence feeds. GuardDuty currently reads VPC Flow Logs (used for network traffic analysis) and CloudTrail Logs (used for control plane access analysis) along with DNS log data to protect an AWS environment. GuardDuty will use threat intelligence feeds to alert you when your workloads may be communicating with known to be malicious IP Addresses and can alert you when privileged escalation occurs as part of its machine learning about suspicious patterns. ...

Information Technology is a very difficult field to keep up with. Not only does computing power increase year after year, making the number of things we can do with computers increase, but drastic transformations always plague this industry. Complete paradigm shifts are a major part of our recent past such as mainframes, to client/server, to virtualization to cloud computing. In addition to these changes there are also silos of technologies we might want to focus on such as database design, programming, infrastructure or cloud computing. Inside each of these categories there are different platforms to learn, such as if you are a programmer, do you know C++, Java, Python or Cobol? ...

Age discrimination can be an issue in any industry, but this issue is something members of the information technology (IT) industry can specifically identify with. My goal for this post is just to shine some light on the topic and discuss whether or not there is an injustice happening in IT when you reach a certain age, or if there is some less heinous reason why we see so many younger people in tech. I want to make it crystal clear that this is just an off the cuff discussion and not based on any discrimination that I’ve been witness to from my employer or anywhere else. Ageism has been a bit of the elephant in the room where I don’t see many people discussing it publicly, but it’s in the back of people’s mind. It does seem that there are many more young people in the technology industry than older people, but this also may just be a perception and not reality. ...