New services do not always deliver support for CloudFormation at the launch. If you work with CloudFormation, you can create a Custom Resource. With the new import functionality, once AWS adds native support for the resource, you can now import this resource into your template and remove the old custom resource. This blog post describes the 4 stages: Create the Custom Resource provider; a lambda function Deploy the resource using the previous Custom Resource provider Import the custom created resource into your stack Remove the custom resource from the stack, leaving the imported for future use In our example we assume SNS Topic is not yet supported by CloudFormation at launch. Read more...

With this Custom Provider you can construct such a deployment package or the objects to be written to an S3 bucket, entirely within CloudFormation. When embedding the objects in the template, the deployment template is versioned and fully deterministic. Introduction Creating a Lambda function with dependencies, or publishing web content to an s3 website bucket typically involves creating a deployment package as a zip file or uploading a set of HTML files and assets to an S3 bucket. Read more...

On AWS we often use the AWS Parameter Store, to store secrets safely. But accessing the secrets from an application running in ECS, is rather intrusive. You have to call the AWS SSM API either in the application or in the entrypoint script of the container. In this blog we show you how a simple utility allows you to specify the references to the secrets as environment variables. It even allows you to specify sensible defaults.

Read more...

AWS CloudWatch logs is an useful logging system, but in practice we run into two quircks: It does not allow you to set a default retention period for newly created log groups. Secondly it does not delete empty log streams that are older than the retention period. In this blog we introduce a utility that will fix these two issues. It can be installed as a CLI or deployed as an AWS Lambda.

Read more...

What if you want to assign static, private IP addresses to instances in an auto scaling group, and you do not want to use a load balancer? nor grant permissions to attach network interfaces in a startup script? Enter the network interface manager, which manages the assignment of a pool of network interfaces to instances!

Read more...

What if you want to associate a pool of Elastic IP addresses to an auto scaling group, without using a load balancer? Nor grant permissions to bind the elastic IP in a startup script? Enter the elastic IP manager, which manages the assignment of a pool of Elastic IP addresses to instances!

Read more...

Google Cloud Run is a new service that was announced on Cloud Next 19. In this blog, I’ll give you an introduction and compare it to App Engine and Cloud Functions.

Read more...

Sometimes a resource, such as AWS::EC2::EIP, does support tags but not in CloudFormation. The request for tagging support in CloudFormation has been outstanding at AWS for quite some time now. So in this blog, we will show you how to add tags to any resource using a CloudFormation custom provider.

Read more...

In this blog we show you how to store secrets in Google Cloud Platform using Berglas. Berglas combines the features of Google Cloud Storage, Google Key Management Serviceand Google Identity and Access management to create a secret store. It stores secrets safely and needs explicit authorization to access them. Google Cloud Platform logs any access to the secrets in the audit trail.

Read more...

This blog post describes how you can create a complete VPC, including the calculation of subnets with the use of the Fn::Cidr intrinsic function, an internet gateway, route tables, routes and subnet associations using Rubycfn. The product of this Rubycfn script is a CloudFormation template that you can deploy.

Read more...