AWS VPC Flow Logs allow you to log traffic information between network interfaces in a VPC. Further, these logs can be stored in AWS S3 or sent to AWS CloudWatch Logs, while enabling traffic logging does not affect the performance of the network interface in any way. Let’s briefly review the basic concepts, and available… Read More »
Among other features provided by Cloudflare, it can add a special header with a country value, from where a visitor came. As a Ukrainian, I’d like to ban all visitors from russia, but: redirect all visitors from russian IPs to another web domain – russki-voenny-korabl-idi-nahuy.com during this, I’d like to filter requests and leave requests… Read More »
The rtfm.co.ua blog is quite slow for users. For example, you can test your website using the https://gtmetrix.com: 4.3 seconds till full load! That’s awful. At the bottom of the results, you can check top of issues on a site: At first, the page size is 1.16 MB, which is big enough. The second thing… Read More »
The last time I’ve worked with the ELK stack about 7 years ago, see the ELK: установка Elasticsearch+Logstash+Kibana на CentOS. Currently, we are using Logz.io, but its costs going higher and higher, so we started looking at the self-hosted ELK solution to be running on our AWS Elastic Kubernetes Service clusters. So, the task, for… Read More »
Continuing with the theme of the AWS Trusted Advisor service, let’s see how can we configure notifications about new findings. The first part: AWS: Trusted Advisor, part 1 – its features overview. To have notifications, we can use Trusted Advisor metrics from the CloudWatch, see their list on the Trusted Advisor metrics and dimensions page.… Read More »
AWS Trusted Advisor is another service that allows monitoring your accountant its resources in use for their cost-effectiveness, performance, security, and more. Keep in mind, that Trusted Advisor’s checks that are available for you depend on the AWS Support Plan of your account. вашего аккаунта. Fortunately, we have Premium so I’m able to how all… Read More »
let’s proceed in our journey of the AWS Lambda function, which will copy an EC2’s AWS Tags to all EBS volumes, attached to it. In the first part, AWS: Lambda — copy EC2 tags to its EBS, part 1 – Python and boto3, we wrote a Python script that can get all EC2 instances in… Read More »
We have an AWS Elastic Kubernetes Service cluster, which has a few WorkerNode Groups that were created as AWS AutoScaling Groups by using the eksctl, see the AWS Elastic Kubernetes Service: a cluster creation automation, part 2 – Ansible, eksctl for more details. The WorkerNode Group configuration for the eksctl keeps a set of Tags,… Read More »
We have Github runners in our AWS Elastic Kubernetes service cluster, that are used to build Docker images and deploy them with Helm or ArgoCD. On the first helm install run in a Github runner’s Pod, we are getting the “x509: certificate signed by unknown authority” error: [simterm] # helm –kube-apiserver=https://kubernetes.default.svc.cluster.local list Error: Kubernetes cluster unreachable:… Read More »
If check any of a freshly created AWS Application LoadBalancer with a certificate from the AWS Certificate Manager, and with an HTTPS Listener’s default settings you’ll see the B grade: The main point of the SSL Labs is the support of the deprecated encryption versions – TLS 1.0 and 1.1. AWS LoadBalancer SecurityPolicy and TLS… Read More »