Tag Archives: aws

AWS: Prevent VPC Modifications

Posted on April 21, 2018 by Jay V

If you have a busy AWS environment accessed by multiple developers, you will have someone modify your some aspect of your core infrastructure inadvertently. In our case, we have our VPC-related infrastructure deployed using Cloudformation and maintained via CF stack … Continue reading →

Posted in Amazon Web Services, DevOps | Tagged aws, deny, developers, iam, modifications, mods, policy, sso, user, vpc | Leave a comment

Cloudformation: Optional Resource Parameters

Posted on February 10, 2018 by Jay V

When creating Cloudformation templates, occasionally, you come across situations where you only want to remove parameters from a Resource when on certain conditions. As an example, for an ECS Service resource, the parameters ‘LoadBalancers’ and ‘Role’ are both required only if you … Continue reading →

Posted in Amazon Web Services, DevOps | Tagged aws, cloudformation, conditionals, conditions, optional, parameters, pseudo | Leave a comment

Real Backups On The Cheap

Posted on September 23, 2017 by Jay V

So you have your data on the “cloud” – on Dropbox or GDrive folders – and you believe you’ve done a decent job of safe-guarding your precious files, while really you’ve only saved your files against total computer or hard-drive … Continue reading →

Posted in Amazon Web Services, DevOps | Tagged aws, backup, cloud, dropbox, files, gdrive, glacier, lost, music, s3, sync | Leave a comment

AWS S3 Bucket Policy to Only Allow Encrypted Object Uploads

Posted on February 7, 2017 by Jay V

Amazon S3 supports two types of encryption (server-side-encryption or SSE) for security of data at rest — AES256, and AWS/KMS. AES256 is termed as S3-managed encryption keys [SSE-S3], whereas, KMS is termed, well, SSE-KMS where in the customer manages their … Continue reading →

Posted in Amazon Web Services, Tech. | Tagged aes256, aws, bucket, deny, encryption, iam, kms, objects, policy, s3, sse, uploads | Leave a comment

DC/OS Exhibitor on S3 – Issues & Workarounds

Posted on December 22, 2016 by Jay V

If you want basic resiliency around your DC/OS master nodes when hosting them on AWS, you’ll want to have Exhibitor store its data in AWS S3. In order to do so, you’ll want to grant S3 IAM roles to your … Continue reading →

Posted in Amazon Web Services, Linux, Tech. | Tagged aws, backend, dcos, exhibitor, lock, null, s3, zookeeper | Leave a comment

S3 access from VPC or Corporate IP

Posted on November 30, 2016 by Jay V

If you’ve been wanting to allow HTTP access to your favorite S3 bucket from your VPC and/or from your corporate LAN’s public IP, then this blog could help make your job easier. At the end of this, you will be … Continue reading →

Posted in Amazon Web Services, Tech. | Tagged aws, bucket, corporate, endpoint, policy, s3, vpc | 1 Comment

Programmatically Trigger Travis Builds on GitHub

Posted on October 11, 2016 by Jay V

Our code for this specific project (which is on GitHub) is designed to handle infrastructure creation and rebuilds. For this purpose, we wanted to to be able to trigger our Travis builds for specific branches via simple Bash scripts, based … Continue reading →

Posted in DevOps, Tech. | Tagged aws, bash, builds, cli, DevOps, github, token, travis, Trigger | Leave a comment

Automating IAM Instance Profile with Ansible

Posted on June 30, 2016 by Jay V

My previous post talked about creating AWS IAM Instance Profiles so you don’t have to save keys on the instances. In this post, we’ll look at using Ansible to launch EC2 instances with IAM Instance Profiles attached to them (you … Continue reading →

Posted in Amazon Web Services, Tech. | Tagged arn, aws, iam, instance, passrole, permissions, policy, profile, user | Leave a comment

Simple Howto: AWS IAM Instance Profiles

Posted on June 23, 2016 by Jay V

For those of you looking to set up applications to run on EC2 instances without having to put credentials on the machines, there is an option. AWS has a great feature for exactly this purpose, and it’s called IAM Instance … Continue reading →

Posted in Amazon Web Services, Tech. | Tagged aws, ec2, iam, instance, logstash, profile, role, s3 | Leave a comment

Public IP Address of Private AWS Instances?

Posted on June 8, 2016 by Jay V

Do you want to find out the public IP address of your private instances (those in a private VPC subnet) but don’t know how? An easy way to do this would be to just do a “whatsmyip” equivalent on the … Continue reading →

Posted in Amazon Web Services, Linux, Tech. | Tagged address, amazon, aws, elastic, IP, Linux, private, public, subnet, vpc | Leave a comment