Blog

Blog/
­

SSM Sessions the easy way

In the previous post - Using SSM Session Manager for interactive instance access - I showed you how to access EC2 instances through AWS Systems Manager (SSM) Sessions without having to open Security Groups or firewall ports, maintain SSH keys, VPNs, Jump Hosts, and so on. The native way for starting a SSM Session with [...]

By |May 27th, 2019|Projects|0 Comments

Using SSM Session Manager for interactive instance access

You may argue that interactive login to EC2 instances should never be needed. Everything is dynamic, automated, self healing, centrally logged, and so on and there is no place for human interaction, right? But lets be honest - the world isn't perfect and we all sometimes need to jump into bash to do stuff for [...]

By |May 25th, 2019|Best Practice|0 Comments

CloudFormation package & deploy

Easily deploy complex CloudFormation templates with external resources such as Lambdas or nested stacks.

By |February 20th, 2019|Best Practice|0 Comments

IP-Ranges Updater

Back in March I wrote about a command line script filter-ip-ranges that can parse the Amazon-published ip-ranges.json file and look up address ranges by region, service or IP address. That's handy for the occasional manual use or for creating or updating some whitelists or Security Groups through aws-cli. But running an aws-cli script from cron [...]

By |December 28th, 2018|Projects|2 Comments

New C5 / M5 / T3 instance disk names

When we started using the new C5, M5 or T3-class instances (e.g. t3.micro, m5.large, m5d.large, c5.xlarge, etc) we noticed that the disk device names are no longer the classic /dev/sda1 or /dev/xvda that we were used to for years. The new root disk name is /dev/nvme0n1 with the partition device names being /dev/nvme0n1p1, /dev/nvme0n1p2, [...]

By |October 2nd, 2018|Misc|0 Comments

CloudFormation Exports

If you are a CloudFormation user you have probably come across a situation where an ID of a resource created in one stack (e.g. Subnet ID from VPC-Stack) is needed in another, independent stack, for example to create an EC2 instance in EC2-Stack. The traditional approach is to pass Outputs from one template to Parameters [...]

By |September 17th, 2018|Best Practice|1 Comment

CloudWatch Log Mailer

Feeding logs from various AWS services to CloudWatch Logs is a common pattern. From Lambda logs, through ECS Task logs, to Linux /var/log/* messages forwarded by awslogs daemon, they can end up in CloudWatch. How can we monitor them - and get alerted - when something of interest gets logged? People often use Elastic Search, [...]

By |June 30th, 2018|Projects|0 Comments

filter-ip-ranges

Sometimes it's handy to know what IP address ranges are used in different AWS Regions. You may want to whitelist access to your region AWS endpoints, or from global CloudFront location, or set up some special routing rules, or look up which region a certain IP belongs to. ip-ranges.json & filter-ip-ranges AWS publishes ip-ranges.json [...]

By |March 31st, 2018|Projects|1 Comment

Cross-account access with aws-cli

In the previous post I explained how to Use Cross-account access through AWS Console. Today I'll show you how to do the same in the command line using aws-cli. We've got Access and Secret keys for the Login account and want to use aws-cli to create and manage resources in the Dev account above. [...]

By |January 10th, 2018|Best Practice|0 Comments

Using Cross-account access (AWS Console)

Short post to demonstrate how to use AWS Cross-account access from AWS Console. To re-iterate this is what we what we have set up in our previous post: First step is to login to the aws-nz-login account as an non-privileged IAM user, e.g. as michael.ludvig in my case. In the top-right menu under [...]

By |December 10th, 2017|Best Practice|0 Comments