Posts

Hashicorp’s Terraform product is very popular in describing your infrastructure as code. One thing that you need consider when using Terraform is where you’ll store your state files and how they’ll be locked so that two team members or build servers aren’t stepping on each other. State can be stored in Terraform Enterprise (TFE) or with some cloud services such as S3. But if you want to store your state, within your data center, perhaps you should check out Hashicorp’s Consul product. ...

If you’re interested in visualizing your data in easy to display graphs, Amazon QuickSight may be your solution. Obviously, Amazon has great capabilities with big data, but sometimes even if you have “little” data you just need a dashboard or way of displaying that content. This post shows an example of how you can display data to tell a compelling story. For the purposes of this blog post, we’ll try to determine why the Chicago Cubs are the Major League’s favorite baseball team. ...

Identity and Access Management (IAM) can be a confusing topic for people that are new to Amazon Web Services. There are IAM Users that could be used for authentication or solutions considered part of the AWS Directory Services such as Microsoft AD, Simple AD, or AD Connector. If none of these sound appealing, there is always the option to use Federation with a SAML 2.0 solution like OKTA, PING, or Active Directory Federation Services (ADFS). If all of these option have given you a case of decision fatigue, then hopefully this post and the associate links will help you to decide how your environment should be setup. ...

A pretty common question that comes up is how to manage multiple accounts within AWS from a user perspective. Multi-Account setups are common to provide control plane separation between Production, Development, Billing and Shared Services accounts but do you need to setup Federation with each of these accounts or create an IAM user in each one? That makes those accounts kind of cumbersome to manage and the more users we have the more chance one of them could get hacked. ...

Just because you’ve started moving workloads into the cloud, doesn’t mean you can forget about Microsoft Active Directory. Many customers simply stand up their own domain controllers on EC2 instances to provide domain services. But if you’re moving to AWS there are also some great services you can take advantage of, to provide similar functionality. This post focuses on AD Connector which makes a connection to your on-premises or EC2 installed domain controllers. AD Connector doesn’t run your Active Directory but rather uses your existing active directory intances within AWS. As such, in order to use AD Connector you would need to have a VPN connection or Direct Connect to provide connectivity back to your data center. Also, you’ll need to be prepared to have credentials to connect to the domain. Domain Admin credentials will work, but as usual you should use as few privileges as possible so delegate access to a user with the follow permissions: ...

Just because you’ve started moving workloads into the cloud, doesn’t mean you can forget about Microsoft Active Directory. Many customers simply stand up their own domain controllers on EC2 instances to provide domain services. But if you’re moving to AWS, there are also some great services you can take advantage of to provide similar functionality. This post focuses on Simple AD is based on Samba4 and handles a subset of the features that the Microsoft AD type Directory Service provides. This service still allows you to use Kerberos authentication and manage users and computers as well as provide DNS services. One of the major differences between this service and Microsoft AD is that you can’t create a trust relationship with your existing domain, so if you need that functionality look at Microsoft AD instead. Simple AD gives you a great way to quickly stand up new domains and cut down on the things you need to manage such as OS patches, etc. ...

Just because you’ve started moving workloads into the cloud, doesn’t mean you can forget about Microsoft Active Directory. Many customers simply stand up their own domain controllers on EC2 instances to provide domain services. But if you’re moving to AWS there are also some great services you can take advantage of, to provide similar functionality. This post focuses on Microsoft AD which is a Server 20012 R2 based domain that provides a pair of domain controllers across Availability Zones and also handles DNS. This service is the closest service to a full blow Active Directory that you’d host on premises. You can even create a trust between the Microsoft AD deployed in AWS and your on-prem domain. You cannot extend your on-premises domain into Microsoft AD at the time of this writing though. If you wish to extend your existing domain, you should consider building your own DCs on EC2 instances and then you have full control over your options. ...

Locking down an AWS environment isn’t really that if you know what threats you’re protecting against. You have services such as the Web Application Firewall, Security Groups, Network Access Control Lists, Bucket Policies and the list goes on. But many times you encounter threats from malicious attackers just trying to probe which vulnerabilities might exist in your cloud. AWS has built a service, called Amazon GuardDuty, to help monitor and protect your environment that is based on AWS machine learning tools and threat intelligence feeds. GuardDuty currently reads VPC Flow Logs (used for network traffic analysis) and CloudTrail Logs (used for control plane access analysis) along with DNS log data to protect an AWS environment. GuardDuty will use threat intelligence feeds to alert you when your workloads may be communicating with known to be malicious IP Addresses and can alert you when privileged escalation occurs as part of its machine learning about suspicious patterns. ...

Information Technology is a very difficult field to keep up with. Not only does computing power increase year after year, making the number of things we can do with computers increase, but drastic transformations always plague this industry. Complete paradigm shifts are a major part of our recent past such as mainframes, to client/server, to virtualization to cloud computing. In addition to these changes there are also silos of technologies we might want to focus on such as database design, programming, infrastructure or cloud computing. Inside each of these categories there are different platforms to learn, such as if you are a programmer, do you know C++, Java, Python or Cobol? ...

Age discrimination can be an issue in any industry, but this issue is something members of the information technology (IT) industry can specifically identify with. My goal for this post is just to shine some light on the topic and discuss whether or not there is an injustice happening in IT when you reach a certain age, or if there is some less heinous reason why we see so many younger people in tech. I want to make it crystal clear that this is just an off the cuff discussion and not based on any discrimination that I’ve been witness to from my employer or anywhere else. Ageism has been a bit of the elephant in the room where I don’t see many people discussing it publicly, but it’s in the back of people’s mind. It does seem that there are many more young people in the technology industry than older people, but this also may just be a perception and not reality. ...