Aws

Today, AWS announced the release of the long anticipated drift detection feature for CloudFormation. This feature has been a common feature request for many of the AWS customers that I speak with to ensure their deployments are configured as expected. This post will take you through why this is an important feature and how you can use it. Whats the Big Deal? If you’re not familiar with it already, CloudFormation is a free service from AWS that lets you describe your infrastructure through a YAML or JSON file and deploy the configuration. Simply define your desired state and CloudFormation will deploy the resources and arrange them so that dependent services are (usually) deployed in the right order. If you’re familiar with Ansible, Chef, or Puppet, this concept of a desired state shouldn’t be new. ...

If you’ve been doing application development for long, having tools in place to check the health of your code is probably not a new concept. However, if you’re jumping into something like Cloud and you’ve been an infrastructure engineer, this may be a foreign concept to you. Isn’t it bad enough that you’ve started learning Git, JSON, YAML, APIs etc on top of your existing skill sets? Well, take some lessons from the application teams and you may well find that you’re improving your processes and reducing the technical debt and time to provision infrastructure as code resources as well. ...

A transit VPC is a pretty common networking pattern in an AWS environment. [Transit VPCs](http://Should I use a Transit VPC in AWS?) can limit the number of peering connections required to connect all your VPCs by switching from a mesh topology of peers to a hub and spoke method with transit. While transit VPCs offer some nice features, it also requires a bit more management overhead since you need to manage your own routers. Cisco makes the deployment of transit routers very easy but sometimes you need to make some changes to the routers after they’re deployed like if you need to resize them. Also, sometimes bad things happen and those routers can be destroyed by accident. This post shows how you can resize your Cisco CSRs and/or restore an old configuration from snapshot. ...

Opening an AWS account is very easy to do. AWS makes it possible to create an account with an email address and a credit card. Even better, if you’re setting up a multi-account structure, you can use the API through organizations and you really only need an email address as an input. But closing an account is slightly more difficult. While closing accounts doesn’t happen quite as often as opening new ones, it does happen. Especially if you’re trying to fail fast and have made some organizational mistakes. When you want to clean those accounts up, you’ll need to jump through a couple of small hoops to do so. This post hopes to outline how to remove an account from an AWS Organization and then close it. ...

We love to use AWS CloudFormation to deploy our environments. Its like configuration management for our AWS infrastructure in the sense that we write a desired state as code and apply it to our environment. But sometimes, there are tasks that we want to complete that aren’t part of CloudFormation. For instance, what if we wanted to use CloudFormation to deploy a new account which needs to be done through the CLI, or if we need to return some information to our CloudFormation template before deploying it? Luckily for us we can use a Custom Resource to achieve our goals. This post shows how you can use CloudFormation with a Custom Resource to execute a very basic Lambda function as part of a deployment. ...

Some things change when you move to the cloud, but other things are very much the same. Like protecting your resources from outside threats. There are always no-gooders out there trying to steal data, or cause mayhem like in those Allstate commercials. Our first defense should be well written applications, requiring authentication, etc and with AWS we make sure we’re setting up security groups to limit our access to those resources. How about an extra level of protection from a Web Application Firewall. AWS WAF allows us to leverage some extra protections at the edge to protect us from those bad guys/girls. ...

Getting new code onto our servers can be done in a myriad of ways these days. Configuration management tools can pull down new code, pipelines can run scripts across our fleets, or we could run around with a USB stick for the rest of our lives. With container based apps, serverless functions, and immutable infrastructure, we’ve changed this conversation quite a bit as well. But what about a plain old server that needs a new version of code deployed on it? AWS CodeDeploy can help us to manage our software versions and rollbacks so that we have a consistent method to update our apps across multiple instances. This post will demonstrate how to get started with AWS CodeDeploy so that you can manage the deployment of new versions of your apps. ...

We love Kubernetes. It’s becoming a critical platform for us to manage our containers, but deploying Kubernetes clusters is pretty tedious. Luckily for us, cloud providers such as AWS are helping to take care of these tedious tasks so we can focus on what is more important to us, like building apps. This post shows how you can go from a basic AWS account to a Kubernetes cluster for you to deploy your applications. ...

We love Kubernetes. It’s becoming a critical platform for us to manage our containers, but deploying Kubernetes clusters is pretty tedious. Luckily for us, cloud providers such as AWS are helping to take care of these tedious tasks so we can focus on what is more important to us, like building apps. This post shows how you can go from a basic AWS account to a Kubernetes cluster for you to deploy your applications. ...

Amazon has announced a new service that will help customers manage their EBS volume snapshots in a very simple manner. The Data Lifecycle Manager service lets you setup a schedule to snapshot any of your EBS volumes during a specified time window. In the past, AWS customers might need to come up with their own solution for snapshots or backups. Some apps moving to the cloud might not even need backups based on their deployment method and architectures. For everything else, we assume we’ll need to at least snapshot the EBS volumes that the EC2 instances are running on. Prior to the Data Lifecycle Manager, this could be accomplished through some fairly simple Lambda functions to snapshot volumes on a schedule. Now with the new service, there is a solution right in the EC2 console. ...