Posts

At AWS re:Invent this year in Las Vegas, Amazon announced a ton of services, but one that caught my eye was the AWS Resource Access Manager. This is a service that facilitates the sharing of some resources between AWS accounts so that they can be used or referenced across account boundaries. Typically, an AWS account is used as a control plane boundary (or billing boundary) between environments, but even then resources will need to communicate with each other occasionally. Now with AWS Resource Access Manager (RAM) we can shared Hosted DNS zones, Transit Gateways and other objects. This list will undoubtedly grow over time. This post will show you how you can share another new service, the AWS Transit Gateway, across multiple accounts within your organization. ...

If you’re getting started with VMware Cloud on AWS then you should be aware of all the points in which you can block traffic with a firewall. Or, if you look at it another way, the places where you might need to create allow rules for traffic to traverse your cloud. This post is used to show where those choke points live both within your VMware Cloud on AWS SDDC, as well as the Amazon VPC in which your SDDC lives. ...

Today, AWS announced the release of the long anticipated drift detection feature for CloudFormation. This feature has been a common feature request for many of the AWS customers that I speak with to ensure their deployments are configured as expected. This post will take you through why this is an important feature and how you can use it. Whats the Big Deal? If you’re not familiar with it already, CloudFormation is a free service from AWS that lets you describe your infrastructure through a YAML or JSON file and deploy the configuration. Simply define your desired state and CloudFormation will deploy the resources and arrange them so that dependent services are (usually) deployed in the right order. If you’re familiar with Ansible, Chef, or Puppet, this concept of a desired state shouldn’t be new. ...

If you’ve been doing application development for long, having tools in place to check the health of your code is probably not a new concept. However, if you’re jumping into something like Cloud and you’ve been an infrastructure engineer, this may be a foreign concept to you. Isn’t it bad enough that you’ve started learning Git, JSON, YAML, APIs etc on top of your existing skill sets? Well, take some lessons from the application teams and you may well find that you’re improving your processes and reducing the technical debt and time to provision infrastructure as code resources as well. ...

I recently attended the Devops Enterprise Summit in Las Vegas so that I could keep up to date on the latest happenings around integrating devops for companies. This conference was nothing short of amazing, but what I wasn’t anticipating was a theme around IT burnout. The IT Revolutions team who puts on the conference started one of the keynotes on the topic of burnout, from Dr. Christina Maslach who is Professor of Psychology, Emerita University of California, Berkeley. In addition to this powerful session, there was another panel group that happened on Wednesday, that went further into the discussion including the ultimate consequence of burnout, which is suicide. ...

A transit VPC is a pretty common networking pattern in an AWS environment. [Transit VPCs](http://Should I use a Transit VPC in AWS?) can limit the number of peering connections required to connect all your VPCs by switching from a mesh topology of peers to a hub and spoke method with transit. While transit VPCs offer some nice features, it also requires a bit more management overhead since you need to manage your own routers. Cisco makes the deployment of transit routers very easy but sometimes you need to make some changes to the routers after they’re deployed like if you need to resize them. Also, sometimes bad things happen and those routers can be destroyed by accident. This post shows how you can resize your Cisco CSRs and/or restore an old configuration from snapshot. ...

Upgrading your vRealize Automation instance has some times been a painful exercise. But this was in the early days after VMware purchased the product from DynamicOps. It’s taken a while, but the upgrade process has improved for each and every version, in my opinion, and 7.5 is no exception. If you’re on a previous version, here is a quick rundown on the upgrade process from 7.4 to 7.5. Note: As always, please read the the official upgrade documentation. It includes prerequisites and steps that should always be followed. https://docs.vmware.com/en/vRealize-Automation/7.5/vrealize-automation-7172732to75upgrading.pdf ...

Amazon has released yet another Simple Systems Manager service to improve the management of EC2 instances. This time, it’s AWS Session Manager. Session Manager is a nifty little service that lets you assign permissions to users to access an instances’s shell. Now, you might be thinking, “Why would I need this? I can already add SSH keys to my instances at boot time to access my instances.” You’d be right of course, but think of how you might use Session Manager. Instead of having to deal with adding SSH keys, and managing access/distribution of the private keys, we can manage access through AWS Identity and Access Management permissions. ...

Opening an AWS account is very easy to do. AWS makes it possible to create an account with an email address and a credit card. Even better, if you’re setting up a multi-account structure, you can use the API through organizations and you really only need an email address as an input. But closing an account is slightly more difficult. While closing accounts doesn’t happen quite as often as opening new ones, it does happen. Especially if you’re trying to fail fast and have made some organizational mistakes. When you want to clean those accounts up, you’ll need to jump through a couple of small hoops to do so. This post hopes to outline how to remove an account from an AWS Organization and then close it. ...

In a previous post, we covered how to use an AWS Custom Resource in a CloudFormation template to deploy a very basic Lambda function. To expand upon this ability, lets use this knowledge to deploy something more useful than a basic Lambda function. How about we use it to create an AWS account? To my knowledge, the only way to create a new AWS account is to use the CLI or manually through the console. How about we use a custom resource to deploy a new account for us in our AWS Organization? Once this ability is available in a CloudFormation template, we could even publish it in the AWS Service Catalog and give our users an account vending machine capability. ...