Thursday, July 11, 2024

Querying AWS CloudTrail Logs with Athena in AWS Organizations: Setup, Use and Challenges

Background Over the years, we have helped organisations make sense of their CloudTrail logs when the need arises to query for specific events or to aggregate and report on the data.
image
Morten Jensen
Wednesday, April 24, 2024

Boto3 and Python unittest.mock

I start this post by saying I’m not a professional software developer, I work mainly in IT Operations, although I write especially for IAC and small lambdas functions. When developing a Lambda function most of the time I need to interact with AWS Services via the famous boto3 library; boto3 is a powerful library developed and maintained by AWS which provides a communication framework to interact with native AWS Cloud Services.
image
Danilo Desole
Wednesday, April 17, 2024

Reduce Cost at Scale with Automated Governance & Guardrails

Background As organisations continue to grow and with the resulting increases in AWS consumption there is a need to be able to cost-effectively scale not just workloads but also governance and guardrails to ensure that security requirements are met across the estate.
image
Morten Jensen
Tuesday, April 2, 2024

Why organisations should implement AWS Landing Zone and Guardrails?

In a fast-paced cloud environment governance is fundamental, defining standard policies for deployment and shifting left controls are key to successful organisations. Thanks to AWS Landing Zone and AWS Guardrails organisations can confidently deploy, control, and audit their resources and developments.
image
Danilo Desole
Monday, October 23, 2023

AWS NLB and Client IP Preservation - How to create Security Group Rules

Have you ever created a Network Load Balancer on AWS, its target group and its target, and some security rules attached to it, to end up giving out to your browser because you couldn’t reach the target?
image
Danilo Desole
Tuesday, May 9, 2023

Break the rules of virtualization, build Lambdas container images for any platform, from any platform, with CDK & Docker buildx

How often are you deploying a Lambda container image, basically a Lambda running on a Docker image, for a platform that doesn’t match your localhost platform? Often I deploy functions running on ARM rather than on X86_64, this is a personal preference and it doesn’t come with any massive advantage (there are online some comparison), and although my laptop is ARM-based, the CI/CD server is not :/
image
Danilo Desole
Tuesday, February 14, 2023

AWS CDK + API Gateway and Integrations. A little guide how to.

I’ve been working with CDK and I think is brilliant, the way it lets you define resources and infrastructure using your favorite coding language is awesome, I personally use Python. Sometimes what happens is that CDK takes over a lot of control and creates resources as it thinks is proper… Also, documentation lacks some advanced configuration.
image
Danilo Desole
Saturday, December 17, 2022

Simply Deploy AWS IAM Identity Center Permission Sets with Ezpresso

With AWS IAM Identity Center, formerly known as AWS Single Sign-On, it became simpler to integrate identity providers such as Azure AD, JumpCloud etc across the whole AWS organization. Cloudformation support in turn enabled simpler and more consistent, declarative provisioning of Permission Sets in the Organization.
image
Morten Jensen
Sunday, February 21, 2021

Enable Security Hub in an AWS Organization

Background In November 2020 AWS announced that Security Hub now integrates with AWS Organizations. Unlike for many other AWS Organizations services integrations you will not find the ability to enable Security Hub on the Organizations page in the Master account.
image
Morten Jensen
Sunday, August 16, 2020

Use the Raspberry Pi 4 for AWS development - Part 1, Installation

Background With the advent of the Raspberry Pi 4, Pi’s are sufficiently powerful in terms of both CPU and memory for AWS development. Furthermore, AWS has recently made significant headway in the ARM space with the release of Graviton-based EC2 and support for ARM 64-bit (aarch64) with the following services:
image
Morten Jensen
Saturday, August 15, 2020

Get started with Ubuntu 20.04 on Raspberry Pi 4

Background With the advent of the Raspberry Pi 4, Pi’s have become quite powerful both in CPU and memory terms and are now good candidates for software development on ARM architecture.
image
Morten Jensen
Wednesday, August 5, 2020

Install & run AWS Glue 1.0 and PySpark on Ubuntu 20.04

Background It’s much faster to be able to develop and debug AWS Glue / PySpark scripts locally. The Developing and Testing ETL Scripts Locally Using the AWS Glue ETL Library instructions describe installation but are not complete.
image
Morten Jensen
Tuesday, November 12, 2019

Leveraging Serverless (SAM) with Cognito Authentication

Introduction Using Serverless combined with Cognito can be a great way to eliminate the real estate as well as development and operational footprint when it comes to authentication and authorisation stacks.
image
Morten Jensen
Monday, September 23, 2019

The case for Structured, Contextual Logs

Introduction If correctly composed, logs can be an extremely useful resource to tap into in the following use cases: Support end-users Derive business metrics (how many users used our service yesterday, over the last 7 days and in the past month?
image
Morten Jensen
Monday, August 26, 2019

6 Steps to DevOps

Introduction Why adopt DevOps? IT change can be painful and subject to long lead times in many organisations. The pain generally stems from treating change as exceptional rather than business-as-usual - often in the form of running a project to effect the change.
image
Morten Jensen
Monday, August 19, 2019

Why Serverless & DevOps makes a (big) difference

Background We have recently completed a Serverless & DevOps transformation project with one of our clients, CitizenMe. CitizenMe presently has more than 200.000 global end-users and has processed millions of transactions since inception.
image
Morten Jensen
Saturday, July 7, 2018

Moving to Cloud: the Landing Zone

In military terms a Landing Zone is an area where aircraft can land; in effect a base camp from where operations can extend. AWS has for the last year or two used the term Landing Zone to convey an infrastructure foundation and security baseline on which applications and services can “land”.
image
Morten Jensen
Tuesday, June 20, 2017

Securing Cross-Account AWS API Calls & CLI Access with MFA (Two-Factor) Authentication

AWS Cross-Account Roles are an excellent way of managing access to a target account (the account in which work is carried out) from other AWS accounts. Some scenarios to consider in this context include:
image
Morten Jensen
Wednesday, June 14, 2017

Creating a Core Network Foundation in AWS with SSH, VPN & NAT access

For both test and build purposes I often find myself reusing parts of past CloudFormation templates. Over time I’ve found that the foundation of the templates like VPC, subnets, routing tables etc remain roughly the same.
image
Morten Jensen
Friday, October 21, 2016

Need a good reason to switch to Cloudformation YAML now? Template size limits…

AWS CloudFormation size limits are well-documented in the User Guide. However, this does not make hitting any of the limits any less painful. I recently hit the template body size limit in request (–template-body) of 51200 bytes on one of my templates.
image
Morten Jensen
Monday, August 29, 2016

Moving to Cloud: Agility

Over the years I have witnessed, proposed and implemented a wide range of AWS use cases; and few of them actually belong in the sexier cutting-edge, containerised, hyper/auto-scalable, serverless micro-services realm.
image
Morten Jensen
Wednesday, February 3, 2016

Securing AWS API Calls & CLI Access with MFA (Two-Factor) Authentication

One of the largest concerns of allowing AWS API calls to be made from the outside is issuing an API key and secret for developer and administrator PCs and laptops alike because they may be interceptable in one way or another.
image
Morten Jensen