Category Archives: HOWTO’s

NGINX: IP Geolocation by Cloudflare and “nested” if conditions

2 April 2022
 

 Among other features provided by Cloudflare, it can add a special header with a country value, from where a visitor came. As a Ukrainian, I’d like to ban all visitors from russia, but: redirect all visitors from russian IPs to another web domain – russki-voenny-korabl-idi-nahuy.com during this, I’d like to filter requests and leave requests… Read More »

Elastic Stack: an overview and ELK installation on Ubuntu 20.04

22 February 2022
 

 The last time I’ve worked with the ELK stack about 7 years ago, see the ELK: установка Elasticsearch+Logstash+Kibana на CentOS. Currently, we are using Logz.io, but its costs going higher and higher, so we started looking at the self-hosted ELK solution to be running on our AWS Elastic Kubernetes Service clusters. So, the task, for… Read More »

AWS: Trusted Advisor, part 2 – CloudWatch Alarms and Slack notifications

29 November 2021
 

 Continuing with the theme of the AWS Trusted Advisor service, let’s see how can we configure notifications about new findings. The first part: AWS: Trusted Advisor, part 1 – its features overview. To have notifications, we can use Trusted Advisor metrics from the CloudWatch, see their list on the Trusted Advisor metrics and dimensions page.… Read More »

AWS: Trusted Advisor, part 1 – its features overview

29 November 2021
 

 AWS Trusted Advisor is another service that allows monitoring your accountant its resources in use for their cost-effectiveness, performance, security, and more. Keep in mind, that Trusted Advisor’s checks that are available for you depend on the AWS Support Plan of your account. вашего аккаунта. Fortunately, we have Premium so I’m able to how all… Read More »

AWS: Lambda – copy EC2 tags to its EBS, part 2 – create a Lambda function

13 October 2021
 

 let’s proceed in our journey of the AWS Lambda function, which will copy an EC2’s AWS Tags to all EBS volumes, attached to it. In the first part, AWS: Lambda — copy EC2 tags to its EBS, part 1 – Python and boto3, we wrote a Python script that can get all EC2 instances in… Read More »

AWS: Lambda – copy EC2 tags to its EBS, part 1 – Python and boto3

13 October 2021
 

 We have an AWS Elastic Kubernetes Service cluster, which has a few WorkerNode Groups that were created as AWS AutoScaling Groups by using the eksctl, see the AWS Elastic Kubernetes Service: a cluster creation automation, part 2 – Ansible, eksctl for more details. The WorkerNode Group configuration for the eksctl keeps a set of Tags,… Read More »

Kubernetes: Helm – “x509: certificate signed by unknown authority”, and ServiceAccount for Pod

29 September 2021
 

 We have Github runners in our AWS Elastic Kubernetes service cluster, that are used to build Docker images and deploy them with Helm or ArgoCD. On the first helm install run in a Github runner’s Pod, we are getting the “x509: certificate signed by unknown authority” error: Or, if not set an API URL, then we… Read More »

AWS: disable TLS 1.0 and TLS 1.1 for Application LoadBalancer

27 September 2021
 

 If check any of a freshly created AWS Application LoadBalancer with a certificate from the AWS Certificate Manager, and with an HTTPS Listener’s default settings you’ll see the B grade: The main point of the SSL Labs is the support of the deprecated encryption versions – TLS 1.0 and 1.1. AWS LoadBalancer SecurityPolicy and TLS… Read More »

AWS: Cost Explorer – costs checking on the CloudWatch Logs example

7 September 2021
 

 This post isn’t an overview of the AWS Cost Explorer service, but just a quick example of how to detect costs for your AWS account and its services. So, when I came back from the vacation, I noticed that we’ve paid more than usually for the AWS CloudWatch for August – almost 50 dollars per… Read More »