Articles tagged with "EC2"

Version Control your Database: Use Flyway on AWS to automate database migrations and increase deployment reliability

Proper version control is an essential part of a fast-paced, agile development approach and the foundation of CI/CD. Even though databases are an important aspect of nearly every application, database migrations, and schema evolutions are often not versioned and not integrated into the automation process. In this blog post, I would like to show you how you can leverage Flyway on AWS to version control your schema changes and automate your database migrations.

Arm your GitHub Actions Runners using AWS Graviton

GitHub does not support any ARM GitHub Actions Runner. So what now? Build it within your AWS environment! The results are pretty cool: You have full control over the Runners and have no more time constraints like long-running workflows that consume Runners usage minutes. I will guide you through the basics of creating an AWS EC2 instance and installing the minimum requirements on the OS for having a running GitHub Actions Runner.

Assessing compliance with AWS Audit Manager

Introduction As in traditional IT infrastructures, firms in regulated industries such as banks or energy providers have strict security requirements to comply with when using public cloud providers as well. However, cloud adoption is often driven by application development teams that are striving for increased speed and agility to launch new features in their application, but don’t care too much about those regulatory requirements. That makes it particularly important for IT governance functions to have effective tools to evaluate compliance with the aforementioned standards and gather evidence that can be provided to their internal or external auditors.

Start Guessing Capacity - Benchmark EC2 Instances

Stop guessing capacity! - Start calculating. If you migrate an older server to the AWS Cloud using EC2 instances, the prefered way is to start with a good guess and then rightsize with CloudWatch metric data. But sometimes you’ve got no clue, where to start. And: Did you think all AWS vCPUs are created equal? No, not at all. The compute power of different instance types is - yes - different.

Three hurdles to skip before using the secure Instance Metadata Service V2

Do not use new Instance Metadata Service V2 (imdsv2) without proper prevention! You may think you can use Instance Metadata Service V2 right away, but there are a few caveats: Many old modules do not work with imdsv2 yet. We look at aws cli, the Systems Manager agent and the Instance Connect service. Currently, these services will not work with imdsv2 on an EC2 instance with the latest Amazon Linux 2 image out of the box. Here you can read how to make them work!

Defenders - caller based EC2 security with CDK

Defenders: Caller based EC2 security The risk with security credentials is that they get exposed an are being used elsewhere. What if we could prevent that the are being used elsewhere. The idea from the article of William Bengston from netflix was: Dynamically locking credentials to the environment. This implementation of this idea is much more simple with the cdk. So, let’s defend ourselves! Our story here is the battle of the defenders (tm).

Cloud Arbeiterbienen für die Build Pipeline - Jenkins mit dynamischen Verarbeitungsknoten über AWS Plugin

Jenkins als Build Server erfreut sich einer großen Verbreitung. Die architekturelle Frage, die sich dabei stellt ist: Wie groß lege ich den Server aus, damit er neben des Management der Build Projekte auch die Builds selber verarbeiten kann? Die einfachste Antwort darauf ist ja: AWS CodeBuild verwenden, aber wenn das nicht geht? Dann bietet das EC2-Plugin eine dynamische Lösung mit AWS Mitteln: Die Worker Knoten werden vollautomatisch dynamisch als EC2 Instanzen erzeugt und wieder abgebaut.

Das alte Terminal kann weg!

Diese Probleme tauchen manchmal bei der Arbeit mit AWS Instanzen auf: Du arbeitest mit AWS Instanzen und die Firewall lässt keine ausgehenden SSH Verbindungen zu? Die Suche nach dem richtigen Konzept für die Verwaltung von SSH Keys gestaltet sich schwierig? Es ist erforderlich, dass jeder Terminal Zugriff auf die Instanzen protokolliert wird. Der SSH Key ist so sicher verlegt, dass keiner mehr auf die Instanzen kommt. Wäre es da nicht schön, einfach über die AWS Console eine Terminal Session auf eine Instanz zu starten?