Category Archives: HOWTO’s

AWS: Trusted Advisor, part 2 – CloudWatch Alarms and Slack notifications
0 (0)

29 November 2021

Continuing with the theme of the AWS Trusted Advisor service, let’s see how can we configure notifications about new findings. The first part: AWS: Trusted Advisor, part 1 – its features overview. To have notifications, we can use Trusted Advisor metrics from the CloudWatch, see their list on the Trusted Advisor metrics and dimensions page.… Read More »

Loading

AWS: Trusted Advisor, part 1 – its features overview
0 (0)

29 November 2021

AWS Trusted Advisor is another service that allows monitoring your accountant its resources in use for their cost-effectiveness, performance, security, and more. Keep in mind, that Trusted Advisor’s checks that are available for you depend on the AWS Support Plan of your account. вашего аккаунта. Fortunately, we have Premium so I’m able to how all… Read More »

Loading

AWS: Lambda – copy EC2 tags to its EBS, part 2 – create a Lambda function
0 (0)

13 October 2021

let’s proceed in our journey of the AWS Lambda function, which will copy an EC2’s AWS Tags to all EBS volumes, attached to it. In the first part, AWS: Lambda — copy EC2 tags to its EBS, part 1 – Python and boto3, we wrote a Python script that can get all EC2 instances in… Read More »

Loading

AWS: Lambda – copy EC2 tags to its EBS, part 1 – Python and boto3
0 (0)

13 October 2021

We have an AWS Elastic Kubernetes Service cluster, which has a few WorkerNode Groups that were created as AWS AutoScaling Groups by using the eksctl, see the AWS Elastic Kubernetes Service: a cluster creation automation, part 2 – Ansible, eksctl for more details. The WorkerNode Group configuration for the eksctl keeps a set of Tags,… Read More »

Loading

Kubernetes: Helm – “x509: certificate signed by unknown authority”, and ServiceAccount for Pod
0 (0)

29 September 2021

We have Github runners in our AWS Elastic Kubernetes service cluster, that are used to build Docker images and deploy them with Helm or ArgoCD. On the first helm install run in a Github runner’s Pod, we are getting the “x509: certificate signed by unknown authority” error: [simterm] # helm –kube-apiserver=https://kubernetes.default.svc.cluster.local list Error: Kubernetes cluster unreachable:… Read More »

Loading

AWS: disable TLS 1.0 and TLS 1.1 for Application LoadBalancer
0 (0)

27 September 2021

If check any of a freshly created AWS Application LoadBalancer with a certificate from the AWS Certificate Manager, and with an HTTPS Listener’s default settings you’ll see the B grade: The main point of the SSL Labs is the support of the deprecated encryption versions – TLS 1.0 and 1.1. AWS LoadBalancer SecurityPolicy and TLS… Read More »

Loading

AWS: Cost Explorer – costs checking on the CloudWatch Logs example
0 (0)

7 September 2021

This post isn’t an overview of the AWS Cost Explorer service, but just a quick example of how to detect costs for your AWS account and its services. So, when I came back from the vacation, I noticed that we’ve paid more than usually for the AWS CloudWatch for August – almost 50 dollars per… Read More »

Loading

AWS: Lambda functions – an overview, and integration with AWS API Gateway
0 (0)

18 August 2021

AWS Lambda allows running a code without the need to create and manage servers, also known as the serverless approach. AWS Lambda will determine how much CPU and memory is needed to run a function, and when it’s necessary it will perform autoscaling. A code to be running is organized in lambda functions and can be… Read More »

Loading

Git: scan repositories for secrets using Gitleaks
5 (1)

16 August 2021

A confidential data leak such as RDS keys or passwords to a Git repository, even if it is a private Github repository, is a very bad thing and it’s good to check your repositories to know if any developer pushed a commit with such data. Scanning utilities To check Git repositories for a leak, at… Read More »

Loading

Tableau: install Tableau Bridge to access a database server in a private network
0 (0)

9 August 2021

To access a database server, that has no public access (as it must be – access only inside an AWS VPC), Tableau suggests using its tool called Tableau Bridge. The idea is to have a Bridge service running in a network, which has access to a database server via its Private IP. Also, Bridge will… Read More »

Loading