Zonal Shift is a free service from AWS, which allows users to disable an Availability Zone (AZ) for resources. In this post, we will walk through what it does and observe the results.
Tag: aws
Terraform resource config – inline or standalone
Settings for some resources can be defined inline or as standalone resources. In this article, we will see how they behave differently.
Upgrade AWS RDS instance using blue/green deployment
Objectives:Use blue/green deployment to update an RDS instance from 8.0 to 8.4Check replication statusSwitch to staging (green) instance keeping DB endpointFall back if application cannot work with 8.4
External modules on Terraform
External terraform modules can speed up IAC deployments, promote code reuse, and let us do things more consistently. In this post, I will demonstrate 2 ways to use an external module.
Apply changes to all member accounts in an AWS organization
In this demo, I will use Cloudformation StackSets to create an IAM group in all accounts.
Create security groups with terraform using a map
If you have 10s of security group rules, it’s not effective to use aws_security_group_rule directly. Here I use a map and feed it to a module.
Dumping AWS Organization tree
Recently, I’m tasked to transfer a set of AWS accounts to another cloud service provider. I realize there is not a simple way to capture the organizational tree structure. Knowing the tree structure is quite important in understanding the net effects of SCP. A python script is developed to solve this problem.
Inspect and control network traffic on AWS
In this example, I will deploy a software router between Internet Gateway and a workload EC2 instance. All traffic will be routed through the software router. With this setup, I can gain visibility on network traffic. I can also control the traffic with iptables, such as rate limit certain type of network requests.
Plan your migration to AWS with AWS Migration Hub
AWS Migration Hub provides a set of tools for planning your migration to cloud. An agent needs to be installed either inside the OS or on the hypervisor. Captured usage will be used to make recommendation on migration approach and even sizing. In this example, I will put agents to 2 Linux VMs and then…
Add security group to all ec2 instances
If you ever need to take over management of an AWS farm, it’s very likely you will need to attach SG to all instances. Be that for monitoring or access. Here is a bash script to add 1 SG to all instances. You will need to first setup a profile on awscli. Then run the…