Articles in the category "AWS"

“Infrastructure definition has to be declarative”. Let’s see where this presumption gets us. My guess why some ops guys prefer pure terraform or CloudFormation is that these languages seem to be easier to understand. There is precisely one way of creating a specific resource in the language. If you use a programming language, there are many ways to solve one specific problem. The problem which could occur later in the project is that both declarative languages have boundaries in what they can do, with a programming language you do not have these boundaries.

The case of the missing bucket notifications A few days ago I was trying to do something quite simple. I wanted to send S3 Put-Events to multiple Lambda functions for processing. This is a pretty common pattern. To implement it you have to use an architecture such as the one you can see in the title image above. This is because S3 has a limit on the event handlers (notification targets) per event type of exactly one.

Do not use new Instance Metadata Service V2 (imdsv2) without proper prevention! You may think you can use Instance Metadata Service V2 right away, but there are a few caveats: Many old modules do not work with imdsv2 yet. We look at aws cli, the Systems Manager agent and the Instance Connect service. Currently, these services will not work with imdsv2 on an EC2 instance with the latest Amazon Linux 2 image out of the box. Here you can read how to make them work!

Introduction Authentication is a problem almost every IT professional has had to deal with at some point in time. Doing it right isn’t easy. What I mean by right is balancing usability and security. AWS attempts to solve this problem with AWS Cognito, which is quite nice of them, because Authentication is exactly the undifferentiated heavy lifting most customers don’t want to deal with themselves. Unfortunately authentication is still a complex topic and Cognito is an abstraction layer for it, which makes it easier, but it’s a fairly low level abstraction conceptually in that you still need to understand most of the concepts involved in order configure it correctly.

Dissecting Serverless Stacks (IV) After we figured out how to implement a sls command line option to switch between the usual behaviour and a way to conditionally omit IAM in our deployments, we will get deeper into it and build a small hack on how we could hand over all artefacts of our project to somebody who does not even know SLS at all.

Running Shiny on Fargate Some guys still thinking R cannot be used at scale or only in a limited way. I still do not understand the reason why people are like this. Since my last post about AWS Batch, which is a Docker-based service within AWS, which enables you to work with R, I spend a lot of time with Fargate, another Docker-based service on AWS. This time my boss wanted a BI app.

Dissecting Serverless Stacks (III) The third post of this series showed how to make IAM statements an external file, so we can deploy that one but still work with the sls command. It still involved commenting out things in the configuration, so this post will show how to solve that issue.

AWS News 25.9.19 - 21.11.19 Zu Anfang der Usergroup sprechen wir über die AWS News und ein paar Trainingsnews. Unser Service: Alle News, die von unserem Sponsor tecRacer bzw. den Consultants als wichtiger benannt wurden sind unter “Noteworthy” zu finden. Dann haben wir ein paar sehr interessante neue Trainings und ca 500 Zeilen geballte News! Noteworthy Wir stellen vor: AWS IQ Vorstellung von NoSQL Workbench für Amazon DynamoDB – jetzt als Vorversion