AWS NLB now supports security groups! This is amazing and it would’ve prevented a couple of questionable architectural decisions on my side in the past.
P.S. Yet, the most discussed news is the licensing changes by HashiCorp. Unpopular opinion here: nothing changes for you as a practitioner. However, companies like Spacelift and Terramate got hit. Also, big huge cloud providers won’t be able to adopt “Terraform as a Service”. That’s it. Survives the one who can adapt to the new realities the best. And the new realities is that people pay for “service platforms” and not for the code written.
#aws #hashicorp
P.S. Yet, the most discussed news is the licensing changes by HashiCorp. Unpopular opinion here: nothing changes for you as a practitioner. However, companies like Spacelift and Terramate got hit. Also, big huge cloud providers won’t be able to adopt “Terraform as a Service”. That’s it. Survives the one who can adapt to the new realities the best. And the new realities is that people pay for “service platforms” and not for the code written.
#aws #hashicorp
Amazon
Network Load Balancer now supports security groups
If you have AWS Lambdas in Go, you likely know that AWS is going to deprecate the
The premise is that the new runtime is more performant. However, here is an article that argues why this move is bad for Go users on AWS as well as goes through some caveats you may encounter during the migration.
#go #aws #serverless
go1.x
runtime and forces its users to migrate to the generic al2.provided
runtime.The premise is that the new runtime is more performant. However, here is an article that argues why this move is bad for Go users on AWS as well as goes through some caveats you may encounter during the migration.
#go #aws #serverless
www.wolfe.id.au
RIP AWS Go Lambda Runtime | Mark Wolfe's Blog
Amazon Web Services (AWS) is deprecating the go1.x runtime on Lambda, this is currently scheduled for December 31, 2023. Customers need to migrate their Go based lambda functions to the al2.provided runtime, which uses Amazon Linux 2 as the execution environment.…
The Guardian tells a story of their migration into AWS Aurora Serverless.
This article doesn’t go too deep into technical aspects, but provides a nice overview of the issues one may encounter when trying to move to Aurora.
A couple of things that I found interesting:
- Whatever cloud migration tools are there,
- This paragraph:
#databases #postgres #aws
This article doesn’t go too deep into technical aspects, but provides a nice overview of the issues one may encounter when trying to move to Aurora.
A couple of things that I found interesting:
- Whatever cloud migration tools are there,
pg_dump
and pg_restore
are your trusted friends.- This paragraph:
We’re spending roughly $220/month for storage and compute for the database. For the same price we could have rented a db.m7g.xlarge (16GB RAM, 4 vCPUs) Postgres instance along with 100GB of EBS storage or a db.r7g.large (16GB RAM, 2 vCPUs) Aurora instance. I suspect both of these options would have done the job for us, and maybe not have suffered from the same cold start problems as our serverless database, but after 3 migrations, it’s probably time to get back to doing some feature work!
#databases #postgres #aws
the Guardian
Aurora Serverless – a migration story
On our team we swapped databases 6 times in a year. We’ve landed on Aurora Serverless V2 – was it worth it?
A comparison between EKS and AKS.
Tors article provides some insights into what to expect from each managed service. It’s a pity, GKE is not included into this comparison, I’ve heard a lot of good things about GKE. I believe, this is because this article originated from a specific use-case.
#kubernetes #aws #azure
Tors article provides some insights into what to expect from each managed service. It’s a pity, GKE is not included into this comparison, I’ve heard a lot of good things about GKE. I believe, this is because this article originated from a specific use-case.
#kubernetes #aws #azure
blog.ordina-jworks.io
Are all managed Kubernetes clusters created equally? - Pieter Vincken
Ordina JWorks Tech Blog
AWS Karpenter is in beta now.
Karpenter is AWS’ tool to manage and autoscale node pools in Kubernetes, which has more features compared to the Cluster Autoscaler and has deeper integration with AWS features. Yet, support for other major clouds is somewhere in the roadmap, IIRC.
This article in particular, describes what are the changes in Karpenter Beta compared to the previous versions and also guides you through depreciations and upgrade notes.
#kubernetes #aws
Karpenter is AWS’ tool to manage and autoscale node pools in Kubernetes, which has more features compared to the Cluster Autoscaler and has deeper integration with AWS features. Yet, support for other major clouds is somewhere in the roadmap, IIRC.
This article in particular, describes what are the changes in Karpenter Beta compared to the previous versions and also guides you through depreciations and upgrade notes.
#kubernetes #aws
Amazon
Karpenter graduates to beta | Amazon Web Services
Introduction Karpenter is a Kubernetes node lifecycle manager created by AWS, initially released in 2021 with the goal of minimizing cluster node configurations. Over the past year, it has seen tremendous growth, reaching over 4900 stars on GitHub and merged…
Here's a neat article with some good practices regarding security when configuraing an EKS cluster.
If you work with AWS and Kubernetes a lot, it won't give you any dramatic insights, but you could still use it as a checklist / cheat sheet when configuring a cluster, since it's easy to forget something when there are many moving parts.
#aws #kubernetes
If you work with AWS and Kubernetes a lot, it won't give you any dramatic insights, but you could still use it as a checklist / cheat sheet when configuring a cluster, since it's easy to forget something when there are many moving parts.
#aws #kubernetes
Medium
Balancing Security and Operability for EKS cluster
Welcome to my Kubernetes blogs. The blogs aim to provide you with effective Kubernetes knowledge and tools that increase efficiency while…
Starting from February 1, 2024 AWS will charge their customers $0.005 per IP per hour
This number doesn't look huge without a perspective, however this might add some significant networking costs to some topologies. Thus, the best time to move your things into private subnets was a couple of years ago, the second best time is now.
#aws
This number doesn't look huge without a perspective, however this might add some significant networking costs to some topologies. Thus, the best time to move your things into private subnets was a couple of years ago, the second best time is now.
#aws
Amazon
New – AWS Public IPv4 Address Charge + Public IP Insights | Amazon Web Services
We are introducing a new charge for public IPv4 addresses. Effective February 1, 2024 there will be a charge of $0.005 per IP per hour for all public IPv4 addresses, whether attached to a service or not (there is already a charge for public IPv4 addresses…
Kubernetes: tracing requests with AWS X-Ray, and Grafana data source is a step-by-step guide on how to setup tracing in your EKS cluster using AWS X-Ray by Arseniy Zinchenko - a member of the Ukrainian DevOps community.
Also, make sure to subscribe to his Substack! He posts new things quite often and I have no idea where does he find time and willpower to do so 😅
#aws #kubernetes #observability
Also, make sure to subscribe to his Substack! He posts new things quite often and I have no idea where does he find time and willpower to do so 😅
#aws #kubernetes #observability
RTFM! DevOps[at]UA
Kubernetes: tracing requests with AWS X-Ray, and Grafana data source
Launching AWS X-Ray on AWS Elastic Kubernetes Service, creating a Python Flask with the AWS X-Ray SDK, and connecting a Grafana data source for X-Ray
A nice step-by-step guide of how to test a Python AWS Lambda function locally with LocalStack.
This guide doesn't cover fixtures in LocalStack, though. In my experience, adding fixtures into LocalStack is PITA, but I have a very specific scenario where I need to create a couple of thousands of S3 objects relatively fast.
#aws #serverless #python
This guide doesn't cover fixtures in LocalStack, though. In my experience, adding fixtures into LocalStack is PITA, but I have a very specific scenario where I need to create a couple of thousands of S3 objects relatively fast.
#aws #serverless #python
Qxf2 BLOG
Testing AWS Lambda locally using LocalStack and pytest - Qxf2 BLOG
Learn how to effectively test AWS Lambda functions locally using LocalStack and pytest. Explore step-by-step instructions to streamline your Lambda function testing process.
Ha! I was sure I shared this article with y'all before, but when I tried to find it on the channel today, I was unable to. In any case, even it was here, it won't hurt to repeat it.
So, here it is - Kubernetes: EKS, Calico and custom Admission Webhooks.
This article sheds some light on the EKS networking. The gist is that if you use anything except the native VPC CNI, your control plane pods (API, scheduler, etc.) and workload pods will end up in different networks, because you cannot install any custom pods into the control plane.
Unless you use admission webhooks, you probably won't even notice; but if you do, API won't be able to contact your admission controller pods without some workarounds.
This is the nature of managed services: you gain something - you loose something.
#kubernetes #eks #aws
So, here it is - Kubernetes: EKS, Calico and custom Admission Webhooks.
This article sheds some light on the EKS networking. The gist is that if you use anything except the native VPC CNI, your control plane pods (API, scheduler, etc.) and workload pods will end up in different networks, because you cannot install any custom pods into the control plane.
Unless you use admission webhooks, you probably won't even notice; but if you do, API won't be able to contact your admission controller pods without some workarounds.
This is the nature of managed services: you gain something - you loose something.
#kubernetes #eks #aws
Medium
Kubernetes: EKS, Calico and custom Admission Webhooks
Timeout problems
A curious story about S3 billing. So, AWS charges you for unauthorized access attempts to your buckets. Thus, it’s possible to create an attack to inflate someone’s AWS bill if you know the buckets’ names.
Honestly, I’m not sure what’s the moral of this story. Make your buckets private unless public access is strictly required. Do not use common names or if you have to, use prefixes or/and suffixes to distinguish buckets or randomize the names.
#aws #s3 #security
Honestly, I’m not sure what’s the moral of this story. Make your buckets private unless public access is strictly required. Do not use common names or if you have to, use prefixes or/and suffixes to distinguish buckets or randomize the names.
#aws #s3 #security
Medium
How an empty S3 bucket can make your AWS bill explode
Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning?
A couple of articles I stumbled upon when researching some things for work.
- You can use ARG in the FROM definition in a Dockerfile. I didn't know that it's possible. Back in a day I tried using ENV there and it didn't work, so I assumed it's non-configurable. Apparently, it is. You may argue if it's a good practice to alter the
- A workaround for Terraform's `default_tags` definition. This way you can "exclude" the
Again, these two articles have no relation whatsoever, just want to share them with you.
#aws #terraform #docker
- You can use ARG in the FROM definition in a Dockerfile. I didn't know that it's possible. Back in a day I tried using ENV there and it didn't work, so I assumed it's non-configurable. Apparently, it is. You may argue if it's a good practice to alter the
FROM
configuration this way, but I can clearly see use cases for that.- A workaround for Terraform's `default_tags` definition. This way you can "exclude" the
default_tags
for some resoures in Terraform. For example, if you're using the default
subnets, etc. that were imported in Terraform. You cannot change tags for those things in AWS, so you need to workaround that. Again, using default
s in AWS is probably not a good practice, but sometimes those things are in use for historical reasons, etc.Again, these two articles have no relation whatsoever, just want to share them with you.
#aws #terraform #docker
DEV Community
Terraform: Prevent default_tags on a specific resource
Prevent AWS default_tags from being applied to a specific resource
Some say that 2024 will finally be a year of serverlessless /s
So, here’s a comparison from Ahrefs of their costs of running physical data centers vs running in a cloud.
However, many these comparisons lack an important point. At least, Ahrefs acknowledges that:
Their solution? Hire all those people laid off from Big Tech!
My brother in Christ, system engineers are the last to be laid off…
P.S. It’s quite ironic to post this article from the AWS Summit :D
#aws #cloud
So, here’s a comparison from Ahrefs of their costs of running physical data centers vs running in a cloud.
However, many these comparisons lack an important point. At least, Ahrefs acknowledges that:
article doesn’t take into account other aspects that would make the comparison even more complicated. These include people skills, financial controls, cash flow, capacity planning depending on the load type, etc.
Their solution? Hire all those people laid off from Big Tech!
My brother in Christ, system engineers are the last to be laid off…
P.S. It’s quite ironic to post this article from the AWS Summit :D
#aws #cloud
Medium
How Ahrefs Saved US$400M in 3 Years by NOT Going to the Cloud
Clouds for IT infrastructure are so popular lately that moving into the cloud has become a trend. Infrastructure as a service (IaaS) cloud provides multiple advantages: flexibility, low time for…