One of the best kept secrets of the AWS CLI should be the ‘alias’ feature. It’s a native feature of AWS. In this blog post I’ll describe how to get started and show you a couple of my most used aliases so far. cat > ~/.aws/cli/alias <<! [toplevel] whoami = sts get-caller-identity cf = cloudformation cfls = !f() { aws cloudformation list-stacks }; f ! Now try your new aliases. Read more...

TrendMicro DeepSecurity provides intrusion detection and threat mitigation for your virtual machine instances on AWS. In this blog, we will introduce you to the CloudFormation custom provider for TrendMicro DeepSecurity. With this provider you can deploy both EC2 instances and DeepSecurity policies and rules from a single CloudFormation template.

Read more...

I love CloudFormation, and I love Terraform. I use both tools often in blog posts, in courses, and at clients. I often get the question to choose between CloudFormation and Terraform. In this blog post, I want to share a couple of CloudFormation features to help you make a choice. Features that are easy to use and are important considerations when selecting the right tool when running production workloads. Read more...

At some point in your application’s lifecycle, there might come a time when you need to start scaling your data storage. If you are storing media files or other blobs that have no relations between them, you can easily add storage capacity to solve the problem. For (semi-)structured data in a database however, scaling is a whole different story. Simply adding database instances is not enough. You will need to reconsider the usage patterns and decide what solution solves the problem you have. Read more...

Python is very well suited for writing AWS Lambda functions. For local development, you might want to be able to run the whole range of supported Python runtimes on your Mac. Unfortunately, setting this up is not as straightforward as you might think.

Read more...

Deployment Manager is an infrastructure deployment service that automates the creation and management of Google Cloud Platform resources. A lot of GCP resources can be created using the available GDM types. In essence a GDM type is an abstraction on top of the API of a GCP service. However some types are missing, so in this blog I want to show you how to add those yourself. GDM supports jinja2 and Python templates, for this blog we will use python.

Read more...

When you deploy your application on compute instances on-premise or in the cloud, you have to make an educated guess about the utilisation of the resources you provision. If you have an older version of the same application running with proper monitoring, you can base your guesstimate on the current usage of compute nodes. But when this is the first time your application goes to production you are out of luck. Read more...

Google Cloud provides a Docker image registry which you can use to store your private docker images. Although it is a separate Google service, there are no specific IAM roles associated with it, which allow you to control access to your registry. Instead, you use the Google Cloud Storage roles and permissions on the bucket that is implicitly created for you. In this blog we show you how you create the container registry storage bucket in your project and grant access to it.

Read more...

There are many ways to use ‘secrets’ in ECS and ECS Fargate. Most of the time they are exposed using Environment variables, because a few years ago this was the only easy option. Today we have two improved options. You could add a tool to your docker container which retrieves and decrypts your secrets before parsing them to the application. The other one is to embed the retrieval and decryption in the application. Read more...

In previous posts, we showed you how to deploy a private key pair to allow you to login to an EC2 instance. Since september 2018, the AWS Session Manager supports logging into any instance, directly from the command line without SSH. In this blog we will show you how to configure this using CloudFormation.

Read more...