AWS on Teddy Ferdinand

Turn off the Internet: AWS is no longer responding!

Mon, 30 Nov 2020 17:53:04 +0000

A few days ago, an incident impacting the AWS cloud provider had a significant impact on many companies and services directly affected by this instability.

I saw on social networks many reactions, often beside the subject (unfortunately) and I thought it could be useful to give you my analysis of the subject.

Rewind

Let’s start by recalling the incident a bit.

On Wednesday evening (French time), AWS encountered a growing number of errors in some of its services in the us-east-1 (North Virginia) region.

AWS IAM: Between dream and nightmare

Sun, 16 Aug 2020 04:51:07 +0000

I have been using AWS professionally for over 4 years now.

To be a bit old-fashioned, when I started on AWS, the following services and features did not exist:

The ALB/NLB
ACM
ElasticSearch Service
Lambda inside a VPC or with the duration of more than 5 minutes
ECS/EKS/ECR

During these 4 years, I had the opportunity to do a lot of IAM, essential to deploy secure solutions on Amazon.

IAM and least privilege

Identity and Access Management (IAM) is the AWS service that defines users or roles and their associated permissions.

Turn your AWS DevSecOps Pipeline into bunker - Part 1

Thu, 18 Jun 2020 20:02:35 +0000

This post was co-authored by Victor Grenu. Who is working as Cloud Architect

Introduction

In this series, we will talk about the emergence of the DevSecOps movement, and more especially, what are the benefits of introducing a DevSecOps approach on your existing CI/CD Pipelines.

CI/CD Pipeline

To give you some context, you will find in the diagram below a standard CI/CD Pipeline.

DevSecWhat?

DevSecOps could be defined as a shift from a central internal security team to the inclusion of security practices into the existing DevOps teams: DevSecOps

Accelerate the test of your lambda functions with Docker

Mon, 27 Apr 2020 06:00:00 +0000

Lambda is a very powerful AWS tool. Executing scripts in serverless mode drastically reduces the cost and complexity of managing a scalable infrastructure, however, testing its functions directly on Lambda can sometimes be frustrating as it requires round trips between the development station and the AWS environment.

There are testing features built into the AWS toolkit for the most popular editors (for Microsoft Visual Studio Code / PyCharm, for example), however, this restricts the possible editors and creates an adherence that is not particularly desirable.

GAFAM: Smile, you offer your data

Tue, 18 Feb 2020 07:33:00 +0000

GAFAMs, they are everywhere, sometimes clearly visible, like when you go on Google, sometimes much less so, like for example Amazon which owns the IMDB site.

What are the GAFAMs?

I make this little point for those who don’t know what the GAFAMs are. What is commonly called GAFAM are none other than :

Google
Apple
Facebook
Amazon
Microsoft

These five companies now largely dominate the Internet, and it is very difficult to really do without them.

Is it really greener in the cloud?

Mon, 10 Feb 2020 09:00:00 +0000

“It’s greener on AWS”, I can’t count the number of times I’ve heard this sentence at Amazon conferences.

Is this mantra that companies repeat to look cool true?

Ecology, the new spearhead of companies

Year after year, companies, and especially large groups, put forward their efforts always to be “greener”. Each company is, of course, more committed than its competitor. I wonder how we can still have problems related to pollution with so much commitment?

Understanding the success of the "Serverless" model

Thu, 19 Dec 2019 12:30:30 +0000

Anyone who has ever done infrastructure on a cloud provider has already heard of the serverless model, behind this name is actually hiding many aspects. Let’s take a look…

The serverless model: logical evolution of containers?

For several years now, we have been talking about containers. A revolution over the last 5 years, containers (and orchestrators) have profoundly changed the approach to infrastructure, allowing applications composed of microservices to be deployed more and more simply and quickly. I won’t talk about this evolution here.

Terraform VS CloudFormation: Which tool to deploy on AWS?

Fri, 13 Dec 2019 11:00:00 +0000

Terraform or CloudFormation, the two tools are often pitted against each other, asking DevOps to decide and choose one tool or the other. However, from my point of view, these two tools do not necessarily address the same needs.

Asking the question of one’s exact need

Before knowing which tool to go to, it is important to know the exact need to be addressed:

Do I want to deploy only on AWS?
Do I need to interface with existing tools (especially CI/CD)?
Do I want to host the deployment solution myself or depend on a managed service?
Do I already use other tools from the HashiCorp ecosystem (Nomad, Packer, Consul or Vault for example)?

Indeed, with these questions you can already target the tool you want to use more easily.

Linux without SSH? It's possible with Amazon SSM

Thu, 18 Jul 2019 07:10:54 +0000

In a computer park with linux machines, SSH is something classic. Very often scanned, regularly badly secured, it is also a possible entry point for attacks. Moreover, the problem of SSH traceability often pushes companies to set up specific processes.

On Amazon, it has been possible since last year to log in using SSH without the need for a key, login or password… and without SSH.

SSM - Systems Manager Agent: Amazon-style configuration manager

Amazon makes it easy to deploy server fleets, however, deploying a server is easy, maintaining it is not necessarily. Many companies will probably choose to use Ansible, Puppet, Chef or another manager configuration.

Chaos day, a tool to bring Devs and Ops closer together?

Tue, 09 Jul 2019 07:50:10 +0000

I’ve been with my current employer for several years, and I’ve noticed, as with other employers, that there are unfortunately divisions between developers (Devs) and production engineers (Ops).

A different role in IT

Can you really blame people with different jobs, training, expectations and goals for having difficulty understanding each other?

Be careful, I’m not throwing stones at either side, but I have to admit that the roles of the two parties are not the same, even though dev and ops are complementary in order to have an efficient and effective production, while being innovative.

Migrate your infrastructure to AWS in an optimal way

Fri, 12 Apr 2019 12:39:56 +0000

The Cloud appears to be an Eldorado for many companies: simpler application deployment, cost reduction, use of innovative technologies, so many advantages that Amazon promises to its potential customers, but is it that simple?

AWS, and the cloud more generally, can be an excellent lever on the points mentioned above, however it is quite easy to lose feathers. In this article, I will list what, for me, seems to be the mistakes to avoid.

AWS Summit 2019 - Paris: Between success and disappointment

Thu, 04 Apr 2019 18:27:27 +0000

I was at the AWS Summit in Paris a few days ago. For those of you who don’t know this event, it’s a full day of conferences around Amazon’s cloud, AWS. This meeting is quite interesting because it allows us to get feedback from a lot of companies coming from different backgrounds.

I was going for the second time, the first time being in 2017. I was waiting for this day given the announced conference schedule.

What if we figured the cloud is just another data center like any other?

Thu, 28 Feb 2019 19:54:58 +0000

I work daily on Amazon’s cloud infrastructure (AWS for short), and I’m thinking about the best way to implement new technical solutions on this platform.

Amazon, and the cloud in general, has brought an impressive freedom:

Deploy on tailor-made infrastructures
Bringing elasticity to infrastructures
Benefits from machines on demand

However, these new approaches to infrastructure have also brought their share of negatives.

Previously, to deploy an application in the data center, it was necessary to prepare and properly size its hosting before even starting any deployment, linked to the purchase of suitable hardware, or at least to a resource reservation that had to be amortized over several years.