So you have followed best practices for AWS, you have implemented multiple factor authentication for your account and you have separated different environments into separate accounts under a master organization. But now you are facing a problem, you need to use a tool such as Terraform that does not understand how to handle MFA and you are unable to assume the proper role because of that. This script takes care of that issue.Read More
This post is the second in our series on AWS application management and associated best practices. You can find part one of the series here. In this part we are going to look at security and some things that need to be considered when moving your application to the cloud in general and AWS in particular.
Haven't we been doing this forever?
This is the first thing that many IT pros ask when we start talking about security. And the answer is yes, we have and many of those lessons that have been learned continue to apply. However, some things do change when you move to the cloud.
You are no longer responsible for physical security.
You are no longer responsible for patching the underlying hypervisor.
Depedending on the service that you are using, you may not be responsible for OS or application level patching either.
The public cloud in general, and AWS in particular are changing the way that systems administrators think about the infrastructure that they manage and the applications that run on that infrastructure. Things are becoming far less permanent and more ephemeral and temporary. We now deal in instances that last until the next deployment instead of servers that are bought every 3-5 years. We now purpose build resources for an application instead of making a new application fit on existing hardware resources. This requires a new approach and new best practices.Read More
This is a guide to setting up memory and disk utilization monitoring in CloudWatch. This is not something that is natively supported by CloudWatch and requires some special setup on the instances that you would like to monitor.
When I was attempting to do this for the first time, I found that some of the instructions both from Amazon and around the web were lacking or missing pieces, especially, if you like me are trying to do this installation on Centos 6.Read More