SSM Systems Manager Session Manager

AWS released a new feature of SSM Systems Manager on September 11th, 2018. This new feature allows organizations to control access to the EC2 instances using a secure manner. Some of the top features are:

  • Fine-tuned granular control to instances using IAM policies
    • Support for tags, users, instance IDs, etc …
more ...

AWS API Credentials Order

  1. Environment variables such as AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
  2. Application code properties (like boto3.session(region_name='us-west-2', profile_name='account01'))
    • profile_name='' and --profile are used for assuming other roles if you are using API key-based authentication.
  3. Local credentials profile file (~/.aws/credentials)
    • You can set credential profiles within ~/.aws/credentials by using [default …
more ...


Viewing YUM variables using python

Below python oneliner will show you YUM variables typically defined in /etc/yum.conf and used by YUM/RPM. Very cool.

$ python -c 'import yum, pprint; yb = yum.YumBase(); pprint.pprint(yb.conf.yumvar, width=1)'

Output:

Loaded plugins: langpacks, update-motd
{'arch': 'ia32e',
'awsdomain': 'amazonaws.com',
'awsregion': 'us-west-2',
'basearch': 'x86_64' …
more ...

AWS Parameter Store - Or how to securely store app configs

AWS Parameter Store is a hidden gem in the vast array of AWS services. Most engineers will never notice it unless someone tells them about it. After all, it is inconspicuously located within the Systems Manager Shared Resources section of the EC2 Console.

The Parameter store can be used for …

more ...

Scaling EC2 Instances with AWS Auto Scaling Groups

AWS Auto Scaling Group service allows you to set up a logical grouping of similar EC2 instances that can used to ensure that a certain amount of instances is running at all times. This can be done for many different purposes, such as high availability, automatic scaling based on external …

more ...

All about keeping AWS S3 secure

With a spike in recent major hacks and leaks, AWS S3 has been put in spotlight due to organizations' failures to secure their object storage in the cloud. Just in June of this year, a big leak of US voter data was made public. This happened right after a May …

more ...

All about the AWS Elastic Load Balancing service

To make your workloads highly available on AWS you can use AWS Elastic Load Balancing service. This service allows you to balance the incoming traffic between EC2 instances in different Availability Zones (AZ) within the same region*. This service will scale automatically based on the request demand without you having …

more ...

Salt Grains

Salt Grains are really just descriptions of various pieces of the operating systems' information on the minion.

As SaltStack documentation states, they basically provide you with "grains of information". This allows you to grab information about the minion such as CPU information, underlying hardware (provided to you by dmidecode), network …

more ...

Mount S3FS on FreeBSD

S3FS is a FUSE-based utility that lets you mount your AWS S3 bucket like it's a filesystem. It handles all the abstractions of making API calls and puts/gets of files to the object store. It supports a number of features such as multistore upload, AWS S3 SSE (S3 server-side …

more ...