If you are reading this post, it’s probably because you are knees deep into figuring out how to enable fine-grained access control. And that means you are delegating most of your identity and access management to the controls of the Open Distro for ElasticSearch (now OpenSearch) instead of AWS IAM. This is explained in the below screenshot from the wizard for creating an ElasticSearch (ES) domain:
When connecting your AWS environment to a SaaS solution in another AWS account, what do you say if you get asked whether you want to use AWS PrivateLink, Transit Gateway (TGW), or VPC Peering to accomplish this?
All three can co-exist in the same environment for different purposes. But let’s say you’ve already ruled out VPC Peering, because its intransitive nature makes it a less scalable solution as you add more VPCs. And let’s also assume you already have many VPCs and plan to add more. So how do you decide between PrivateLink and TGW?
There’s an AWS blog post…
When I was tasked with installing a DataSync agent on EC2 to transfer data from its filesystem to S3, I had some questions.
“Why not skip EC2 and sync directly from the EFS filesystem?” “How does the networking work if I skip the EC2 step?”
The answers to these questions and a few errors were not apparent to me from StackOverflow or the AWS documentation, but through experimentation and a call with AWS Support, I figured out the solutions.
In the end, it turns out that syncing data from an Amazon EFS file share in a private subnet to Amazon…
Reasoning about AWS costs using the AWS Cost Explorer and the AWS CLI
🚂 I’ll walk you through a train of thought. Along the way, you’ll see how I discover what aspects of CloudWatch and API Gateway are generating the most charges in the example AWS account, and how I drill deeper using different filters and even a script:
A free trial at Lumigo, Epsagon, DataDog, New Relic or any of them may be costing you tens to thousands of dollars per month.
You might have a free tier or a free trial from a monitoring service. But who’s paying to get the data into that service? You are.
Pulling data via CloudWatch GetMetricData API calls is expensive, not only because of the price of $10.00/million metrics requested, but because your 3rd party service could be requesting this data at a high frequency. …
Amazon Web Services (AWS) Key Management Service (KMS) is a huge part of security in AWS and on the “AWS Certified Security — Specialty” exam. How do you control access to your keys in KMS?
Grants can be added and removed for a given key, whereas a key’s key policy can only be replaced. You can run
CreateGrant (with an API call) to add specific permissions or
RevokeGrant to remove those permissions again. If you use
PutKeyPolicy, on the other hand, that replaces the entire key policy.
Write a script to clean the HTML of your article and repost it elsewhere
As of 2017, Medium no longer offers Custom Domains. They have an API and a few SDKs for publishing to Medium. What if you want to repost your entire Medium content on your personal domain in one batch?
One way is to download your entire content as a .zip file. The API doesn’t seem to let you do such a large export.
After downloading, the parsing can be done in many ways. The way covered here has a Node.js …
Save thousands if not millions of dollars now by exhausting all the built-in cost savings tools AWS provides.
Chances are, you can reduce your AWS costs by, let’s say, 10 to 50%. For some companies, that could result in millions of dollars of costs savings every year. Because of Amazon’s economies of scale philosophy, they give you lots of tools to help you save money. Here are a few quick tips on where to start.
Using the serverless framework reduced deployment complexity by 97.4%.
Serverless here refers to application components with little to no IT overhead so you can focus on your main logic.
SAM is the Serverless Application Model. It’s an AWS abstraction over AWS CloudFormation that makes common serverless architectures easier to define.
The Serverless Framework is an open-source project maintained by Serverless that not only makes it easier to define but also deploy serverless.
A Serverless Guru is someone who works at Serverless Guru, such as yours truly.
You can use your API 12 Million times per year and pay AWS $0
🧞 An AWS Lambda function is flexible: