I've been looking on a good topic to post about before I can get into more example posts and with re:Invent going on this week I thought it might be worthwhile talking about a few of the announcements I'm excited about.
Some astute reads may have noticed a design change around this blog and you would be correct. I've migrated it over to the awesome Hugo engine and the Academic Theme. All of this was of course facilitated by the choice to migrate over to GitLab. There were a couple of reasons that I decided to move over but the major one was being able to have CI/CD directly tied into my repos.
One of the primary methods I use for backups when working inside AWS is the use of snapshots. They're straight forward in AWS and they're available in the AWS CLI which means they are scriptable. In the past I'd write a simple BASH script and schedule it with Cron but this is the year of Serverless so I decided to re-write the process with AWS Lambda. While I'm not going to post the exact code I'll cover a few of the tidbits below.
One of the aspects of AWS Lambda1 that makes it excepent is that Lambda is used to extend other services offered by AWS. In this example we will set up Lambda to use Server Side Encryption for any object uploaded to AWS S32.
The first task we have is to write the lambda function. Below we have the Python code that will read in the metadata about the object that was uploaded and copy it to the same path in the same S3 bucket if SSE is not enabled.
I was working on a task yesterday and throught I would write it up so that others could possibly benefit from it. I was working to document our AWS enviornment, specifically the security groups around each instance and how the instances are connected to each other and the internet as a whole.
I had been asked several weeks ago if there was some documentation of the AWS environment at work and how instances were interconnected.
The inspiration for this post and much of its content comes from https://medium.com/aws-activate-startup-blog/building-a-serverless-dynamic-dns-system-with-aws-a32256f0a1d8#.6tzj1o286.
Problem
You've recently set up a server at your home. You don't quite feel comfortable hosting it in a service like AWS or you happened to have a machine lying around you want to try and get some use out of. You've gotten it up and running and forwarded incoming traffic from your router to be forwarded to the server.
Problem
You are given the task to only allow access to certain AWS resources to the office you work in. You create a Security Group and ask a colleague for the external IP address range assigned to the office. He tells you that there is not static range. The office, along with the rest of the building, share a commercial ISP with dynamic addresses. In addition to that, there is not one but three IPSs that are load balanced for outgoing traffic.