AWS

CloudWatch Is of the Devil, but I Must Use It

Let's talk about Amazon CloudWatch. For those fortunate enough to not be stuck in the weeds of Amazon Web Services (AWS), CloudWatch is, and I quote from the official AWS description, "a monitoring and management service built for developers, system operators, site reliability engineers (SRE), and IT managers." This is all well and good, except for the part where there isn't a single named constituency who enjoys working with the product. Allow me to dispense some monitoring heresy.

Kubernetes, Four Years Later, and Amazon Redefining Container Orchestration

Well, here we are. Kubernetes turns four years old this month—technically, on June 7, 2018—the very same platform that brings users and data center administrators scalable container technologies. Its popularity has skyrocketed since its initial introduction by Google. Celebrating the project’s birthday is not the only thing making the headlines today. Amazon recently announced the general availability of its Elastic Container Services for Kubernetes (EKS), accessible via Amazon Web Services (AWS).

Everything You Need to Know about the Cloud and Cloud Computing, Part II: Using the Cloud

How to get started with AWS, install Apache, create an EFS volume and much more. The cloud is here to stay, regardless of how you access data day to day. Whether you are uploading and sharing new photos with friends in your social-media account or updating documents and spreadsheets alongside your peers in your office or school, chances are you're connecting to the cloud in some form or another.

Simple Cloud Hardening

Apply a few basic hardening principles to secure your cloud environment. I've written about simple server-hardening techniques in the past. Those articles were inspired in part by the Linux Hardening in Hostile Networks book I was writing at the time, and the idea was to distill the many different hardening steps you might want to perform on a server into a few simple steps that everyone should do. In this article, I take the same approach only with a specific focus on hardening cloud infrastructure. I'm most familiar with AWS, so my hardening steps are geared toward that platform and use AWS terminology (such as Security Groups and VPC), but as I'm not a fan of vendor lock-in, I try to include steps that are general enough that you should be able to adapt them to other providers.

FOSS Project Spotlight: CloudMapper, an AWS Visualization Tool

Duo Security has released CloudMapper, an open-source tool for visualizing Amazon Web Services (AWS) cloud environments. When working with AWS, it's common to have a number of separate accounts run by different teams for different projects. Gaining an understanding of how those accounts are configured is best accomplished by visually displaying the resources of the account and how these resources can communicate. This complements a traditional asset inventory.

AWS Quickstart for Kubernetes

Kubernetes is an open-source cluster manager that makes it easy to run Docker and other containers in production environments of all types (on-premises or in the public cloud). What is now an open community project came from development and operations patterns pioneered at Google to manage complex systems at internet scale.

AWS EC2 VPC CLI

There's just something about the fresh start you get with a new job. Both my previous job and my new one began with the opportunity to build a new infrastructure from scratch. In both cases, as is common with startup infrastructure in its early stages, everything was to be built using Amazon Web Services (AWS), specifically using its Elastic Cloud Computing (EC2) infrastructure.