troydieter.com

Exploring AWS Transform Custom: Part 1 of 3

AWS Transform Custom: AWS CDK TypeScript to AWS CDK Python Conversion Welcome to Part 1 of my three-part series exploring AWS Transform (ATX Custom) for code modernization. We’ll start with a foundational language conversion, progress to infrastructure-as-code transformations, and end with a complex legacy application modernization to experiment and (hopefully) demonstrate the capabilities of ATX Custom! :)

Programmatically backup your Amazon Route53 zones deployed via AWS CDK

Programmatically backup your Amazon Route53 zones Table of Contents Overview Deployment Code Requirements Deployment Overview Deployment Diagram Outputs Amazon S3 Bucket Operating Cost Recap Overview Looking for an easy way to backup your Amazon Route53 records to Amazon S3 with proper lifecycle rules and retention? Look no further, as we cover how to deploy this solution using AWS CDK!

Become an AWS Guru using this nifty AWS CLI cheat-sheet!

Install AWS Cli aws https://aws.amazon.com/cli/ Table of Contents EC2 List Instance ID, Type and Name List Instances with Public IP Address and Name List of VPCs and CIDR IP Block List of Subnets for a VPC List of Security Groups Print Security Groups for an Instance Edit Security Groups of an Instance Print Security Group Rules as FromAddress and ToPort Add Rule to Security Group Delete Rule from Security Group Edit Rules of Security Group Delete Security Group S3 List Buckets List Files in a Bucket Create Bucket Delete Bucket Download S3 Object to Local Upload Local File as S3 Object Delete S3 Object Download Bucket to Local Upload Local Directory to Bucket Share S3 Object without Public Access API Gateway List of API Gateway IDs and Names List of API Gateway Keys List API Gateway Domain Names List of Resources for API Gateway Find Lambda for API Gateway Resource ELB List of ELB Hostnames List of ELB ARNs List of ELB Target Group ARNs Find Instances for a Target Group RDS List of DB Clusters List of DB Instances Take DB Instance Snapshot Take DB Cluster Snapshot ElastiCache List of ElastiCache Machine Type and Name List of ElastiCache Replication Groups List of ElastiCache Snapshots Create ElastiCache Snapshot Delete ElastiCache Snapshot Scale Up/Down ElastiCache Replica Lambda List of Lambda Functions, Runtime and Memory List of Lambda Layers List of Source Event for Lambda Download Lambda Code Cloudwatch List of CloudWatch Alarms and Status Create Alarm for EC2 High CPUUtilization Create Alarm for EC2 High StatusCheckFailed_Instance Route53 List Domains List Records for a Domain (Zone) SNS List of SNS Topics List of SNS Topic and related Subscriptions Publish to SNS Topic DynamoDB List of DynamoDB Tables Get All Items from a Table Get Item Count from a Table Get Item using Key Get Specific Fields from an Item Delete Item using Key SQS List Queues Create Queue Count Messages in Queue Send Message Receive Message Delete Message Purge Queue Delete Queue CloudFront List of CloudFront Distributions and Origins Create Cache Invalidation Check Cache Invalidation Status Amplify List of Amplify Apps and Source Repository Cognito List of User Pool IDs and Names List of Phone and Email of All Users IAM User List of UserId and UserName Get Single User Add User Delete User List Access Keys for User Delete Access Key for User Activate/Deactivate Access Key for User Generate New Access Key for User IAM Group List Groups Add/Delete Groups List of Policies and ARNs List of User/Group/Roles for a Policy List Policies for a Group Add Policy to a Group Add User to a Group Remove User from a Group List Users in a Group List Groups for a User Attach/Detach Policy to a Group Pro Tip! If you have multiple AWS Accounts, you can use bash alias like the following. So you no longer need to pass --profile to aws tool.

AWS Certified Security: Specialty overview

AWS Certified Security: Specialty Overview The AWS Certified Security: Specialty is geared towards individuals who focus primarily on security within AWS. I found that as a solutions architect, it is extremely important to have security at the forefront of my mind while building. Building an environment secure initially reduces the risk of failing compliance and potential exploitation at production launch.

Use a password manager with multifactor authentication

Use a password manager with multifactor authentication Find yourself overrun with passwords from various applications, websites and more? The answer is to move to utilizing a password manager, along with enabling multifactor authentication. I’ll briefly list a few of the password managers available, but will walkthrough the combination of LastPass + Virtual MFA (Yubikey 5 NFC). The below guide will allow you to securely store your passwords and have a backup in-case you lose access to your mobile device which will be housing Google Authenticator.

Reduce AWS costs while maintaining stable operations using this one weird trick!

aws-auto-cleanup Functional Requirements Reduce operational run-time of resources used within an AWS account for testing\development Reduce cost due to deployed resources Ability to whitelist AWS resources that need to be retained Operating Cost < $2.00/mo for the following:

Using WSL (Windows Subsystem for Linux) to extend your your Windows experience

WSL - Windows Subsystem for Linux Overview Windows Subsystem for Linux is a compatibility layer for running Linux binary executables natively on Windows 10 and Windows Server 2019. In May 2019, WSL 2 was announced, introducing important changes such as a real Linux kernel, through a subset of Hyper-V features.

HashiCorp Terraform AWS Provider v3.4.0 now supports aws_emr_managed_scaling_policy

HashiCorp Terraform AWS-Provider Issue #13952 was highly sought after for a recent implementation of EMR v5.30.0. The requirements included the need for the utilization of AWS Auto Scaling for EMR. We sought out the AWS EMR Managed Scaling feature, but were sad to see that support for that attribute was not in the AWS provider yet.

Deployment of HashiCorp Vault using Terraform

aws-vault Terraform deployment of HashiCorp Vault. This is a work in progress write-up and will change.

Using Hugo & AWS CodePipeline, CodeBuild, CloudFront & S3 to deploy a static site

Retrospective: blog deployment model Goal Deploy a personal blog (in this case, troydieter.com) using the below requirements. I’ve used other deployment models, such as CI/CD pipelines – namely Jenkins to deploy static sites. Previous to the below approach, Ghost blog was used in conjunction with Nginx.