All about Cloud, mostly about Amazon Web Services (AWS)
Search with Google

Sometimes we just don’t get the performance from our IT systems that we need. A compute-intensive task cannot process quickly enough, or a data-intensive task cannot read from the filesystem quickly enough. Solutions exist for various different types of performance problems such as parallelism and buffering. Even highly performance data stores like Amazon DynamoDB may not be fast enough. One solution a cache, which is effectively what the Amazon DynamoDB Accelerator (DAX) is.

While the concept of a bastion host is generally well known, the concept of a bastion account is only mentioned in a few places. The idea of bastion accounts occurred to me while studying for the AWS Certified Security Specialist exam, but then I found a few others had also used the term. This post describes my initial thought and perhaps expands on the definitions of a bastion account as others have used it.

Many organizations have internal guidelines designed to keep their data secure. Typical guidelines include the encryption of various resources such as Amazon Kinesis Data Streams. There are many ways to get this data, including expensive 3rd party tools, but the easiest and cheapest way to show the Kinesis encryption status is probably using the AWS Command Line Interface (CLI).

Recently Amazon announced support for the Go programming language (also known as GoLang) in AWS Lambda. Go is unusual amongst modern languages (such as Java, C#, or JavaScript) because it isn’t interpreted or compiled into bytecode that runs within a container (like the .Net Runtime or Java Virtual Machine). Instead, Go compiles into executable machine code. This avoids the startup cost of Java and runs much faster than Python or Node.js. So, how do we go about Building AWS CloudFormation Custom Resources in Go? This post explains it.

Termination Protection is a feature designed to prevent accidental deletion of AWS resources. The AWS Management Console added support for Termination protection for Amazon Elastic Compute Cloud (EC2) instances has been around since 2011. The concept is simple. The resource has a flag. The AWS API checks the flag before deleting the resource. If the flag is set the deletion fails.

It has been possible to assign an AWS Identity and Access Management (IAM) Role to an Amazon Elastic Compute Cloud (EC2) Instance at launch time for a while now. An IAM Role attached to an EC2 Instance was called an Instance Profile. It was simple to setup from the AWS Management Console, but required a couple of steps from the AWS Command Line Interface (CLI) or AWS CloudFormation. It was impossible to change the instance profile though. Updating it meant deleting and then re-creating the EC2 instance. I recently noticed in the AWS Console that the term “Instance Profile” was gone, but new IAM Role functionality was available.

When using AWS CloudFormation, sometimes resources need time to initialize. For example, an Amazon Elastic Compute Cloud (EC2) instance using UserData to install multiple software packages could take several minutes. WaitCondition resources in conjunction with WaitHandle resources and the cfn-signal script signal completion, but it can be complex to setup. This post explains how to do it!

 Top Ten Tags

AWS (43)   Kinesis (9)   Streams (8)   AWS Console (5)   Go (5)   Analytics (4)   Data (4)   database (4)   Amazon DynamoDB (3)   Amazon Elastic Compute Cloud (EC2) (3)  

All Tags (173)


All data and information provided on this site is for informational purposes only. makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.

This is a personal weblog. The opinions expressed here represent my own and not those of my employer. My opinions may change over time.