Tag Archives: AWS

A Few CloudTrail Best Practices

by

There are many tools out there to help monitor and alert on AWS accounts, both native and third-party. Across every tool I have tested, one alert is always critical and it’s so easy to fix that there is no excuse not to have it on — CloudTrail.

CloudTrail, in short, logs every API call in your AWS account. The importance of this should be self-evident to my readers, so bear with me. If something bad happens in your account, you want to know who did it and when. You want an audit trail! Without CloudTrail, you’ll be flying without a rear-view mirror. You won’t have any hindsight to be 20-20 about, and that’s a shame.

At what cost? Basically the cost of storing the data in S3 and CloudWatch — minimal. If you’re not sold and you’ve read this, I’ll have no sympathy.

Moving on.

Historically, CloudTrail was enabled per region. This means that when a new region comes online, you must remember to go and enable it in that region. If you don’t automate this, there is room for neglect. CloudTrail now has an ‘all-regions’ setting per trail. My recommendation is create a new trail that has all-regions enabled. If this is as far as you go, that’s okay, but we can take it a step further.

At this point, you’ll have an S3 bucket that is logging all API calls across all regions, and in the event a new region comes online, that region too. Additionally, you can pipe these logs through CloudWatch, which I recommend. Typically, most customers only use 1-3 regions, so if you have non-readonly activity in any of the other regions, you probably want to be alerted. I’m going to walk you through setting up alerts to answer the following question:

How can I be alerted of any activity in non-approved regions, with the exception of read-only calls?

Continue reading

Lambda 101 – Serverless Business Logic

by

I’ll keep this post short and let the video do the talking. This twelve minute video will walk through three different Lambda examples and investigate the payloads of each. The goal is to get developers and system administrators comfortable with using Lambda to execute business logic!

See below for more details. Enjoy!

Here are some additional references:

Function code: http://pastebin.com/mcAxrkdw

1) Jeff Barr’s Blog @ AWS is a good source for new announcements, interesting use cases, and much more: https://aws.amazon.com/blogs/aws/category/aws-lambda/

2) CloudSploit’s write up on how they made their whole company serverless with some insights on the savings they’ve seen:
https://medium.com/@CloudSploit/we-made-the-whole-company-serverless-5a91c27cd8c4

3) A deep dive into developing a serverless application and many of the considerations that need to be made. Written by Mike Watters (https://github.com/zerth): http://tech.adroll.com/blog/dev/2015/11/16/count-things-with-aws-lambda-python-and-dynamodb.html

4) Working with serverless applications is great, but how to you manage such an application over the lifecycle of the app? Michael Wittig (https://twitter.com/hellomichibye) answers this question on his blog: https://cloudonaut.io/the-life-of-a-serverless-microservice-on-aws/

5) Could it get any easier!? The innovation has just begun! Check out AWS’s Python Serverless Microframework: https://aws.amazon.com/blogs/developer/preview-the-python-serverless-microframework-for-aws/

I hope you enjoyed. If you have feedback or questions, leave them here!

Standing on the Edge of the Unknown

by

Tomorrow, I start working for Amazon Web Services!

In order to put my excitement in context, it’s important to know where I’m coming from and where I’m looking to go.

Five years ago, I started working for EMC.  EMC took a risk hiring me, but it paid off.  I was new to the workforce with no experience in storage and completely naive to the trends that shape the IT landscape.  I didn’t even know what they were asking me to do.  What does a pre-sales engineer do, exactly?  During my five years, EMC gave me access to all the resources I needed to be successful.  When I finally figured out how to do my job well, I had a new perspective on career and the IT landscape as a whole.  I will never forget the people at EMC who helped me along the way.

Now that I saw things in a new light, I started asking myself how I could do it again.  This lead to a multi-year search that ended two weeks ago with Amazon.  My criteria was as follows:

  • I must be able to provide value day one.  I’m good at understanding complex technologies, mapping the value of the technology to business needs, and message this value to different stakeholders.
  • They must have a sound strategy.  I was searching for a company that has the potential to be a market leader (or is one), and having a poor strategy won’t get you there.
  •  Located in Boston.

I profiled hundreds of companies and only four made it through my filter.  I didn’t obsess over my search, but I was always looking.  If anyone ever mentioned a company I hadn’t heard of, the next thing I would do would investigate them.  My notebook is filled with dozens of companies that didn’t make the cut.

Then I got the call.  Amazon wanted to talk to me?  I didn’t even have a warm introduction!  This was like MIT or Harvard approaching me to go to their school — I just couldn’t believe it.  I’m still having a hard time believing it.

There is always a degree of uncertainty that comes with changing roles.  I won’t have a support network and I know I don’t know a lot of things that I need to know to be successful at Amazon.  But I trust in myself to build my network within Amazon, educate myself on the gaps I have with the technology, make some friends along the way, and have fun doing it!

With every new piece of information I get my hands on, I am more certain that this is the right decision for me.  Have you read anything that Jeff Bezos has said?  Have you seen the new drone video Amazon just released?  Are you aware of just how many web services AWS offers?  AAHHHH, YES!!!!

Blue Origin employees celebrating a rocket land.

Blue Origin employees celebrating a rocket land.  This happened after I accepted the offer! (source: https://www.youtube.com/watch?v=igEWYbnoHc4)

Today I stand tall.  The energy is surging through my body!  I’m off to memorize Amazon’s Leadership Principles before my first day.  I’ll let you know how it goes!