If you have 10s of security group rules, it’s not effective to use aws_security_group_rule directly. Here I use a map and feed it to a module.
Tag: aws
Dumping AWS Organization tree
Recently, I’m tasked to transfer a set of AWS accounts to another cloud service provider. I realize there is not a simple way to capture the organizational tree structure. Knowing the tree structure is quite important in understanding the net effects of SCP. A python script is developed to solve this problem.
Inspect and control network traffic on AWS
In this example, I will deploy a software router between Internet Gateway and a workload EC2 instance. All traffic will be routed through the software router. With this setup, I can gain visibility on network traffic. I can also control the traffic with iptables, such as rate limit certain type of network requests.
Plan your migration to AWS with AWS Migration Hub
AWS Migration Hub provides a set of tools for planning your migration to cloud. An agent needs to be installed either inside the OS or on the hypervisor. Captured usage will be used to make recommendation on migration approach and even sizing. In this example, I will put agents to 2 Linux VMs and then…
Add security group to all ec2 instances
If you ever need to take over management of an AWS farm, it’s very likely you will need to attach SG to all instances. Be that for monitoring or access. Here is a bash script to add 1 SG to all instances. You will need to first setup a profile on awscli. Then run the…
5th-generation EC2 instances
AWS introduced 5th-generation EC2 instances in selected regions. These instances live on Nitro which is KVM based. These c5 and m5 instances are faster yet cheaper. The switch however cannot be done by a simple instance type change.
AWS Application Load Balancer Request Tracing
ALB is a layer7 load balancer on AWS. It offers more features than ELB. You can find out more about it on https://aws.amazon.com/elasticloadbalancing/applicationloadbalancer/ Recently, I was asked to look into a random 504 issue with ELB. Because there is not a lot to configure on ELB and it’s pretty much a black box, I wasn’t…
Scheduled snapshot on AWS using Lambda
Check out my recent wiki page on how to schedule snapshot backups on AWS using Lambda. https://www.headdesk.me/Lambda Lambda is much more powerful then this. Using it together with S3 / SNS / SQS / etc allow deployment of business applications / workflows truly on cloud.
Let CloudWatch monitor your disk and memory utilisation
It is possible to use CloudWatch to monitor your disk and memory usage. There are very good information on AWS – http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/mon-scripts-perl.html For the impatient, here is how to get it done.
Moving to EC2
I had to give it a try. This blog is now moved to AWS. There are a lot of cool features but they’re sort of expensive. For example, if I put the database on RDS and memcache on ElasticCache, it will cost me $140/mo. Come on, running yum -y install memcached is not worth $50…