Video course: Exploring AWS Instances, Networking, and Databases

Exploring AWS Instances, Networking, and Databases [Video]Interested in getting a bit more hands-on with AWS? My first video course prepared with Packt Publishing, exploring server-based (more “classic”) AWS components, like EC2 instances, VPC, RDS, ElasticCache, S3 and even ECS and ECR for running docker containers has been published!

The course is meant for people who have used AWS before and have basic familiarly with their services and would like to get their knowledge onto “the next level” (maybe a more practical one!). I tried to include bits of know-how, various tips and tricks and gotchas that I found during my experience with AWS so far.

If you’re interested, check out the course on Packt Publishing website!

Controlling access to AWS ElasticSearch Service clusters with IAM

ElasticSearch Service Access ControlWhen using AWS ElasticSearch Service, you have multiple ways of controlling access to your cluster. AWS Console gives you some pre-set policies you can use, but the ways of access can be confusing. Using the IP-based access, you can allow access from your EC2 instances. But what if you want to access your cluster from a Lambda?

Continue Reading

S3 bucket permissions: what does “everyone” mean?

S3 bucket permissions
On more than one occasion I have seen S3 bucket policies set for the predefined users groups: “Everyone” and “Any authenticated AWS user”, but rarely has it been done with understanding of what those groups actually mean. So, if you’ve ever set (or thought of setting) permissions for those, please read on.

Continue Reading

Intrusion detection and prevention with AWS Lambda and DynamoDB streams

Intrusion detection system (IDS) and intrusion prevention system (IPS) tend to be expensive and complicated. In AWS, you can go for much simpler solution – WAF. But that requires you to use Application Load Balancer or CloudFront. But even with WAF, you have to manage a list IP addresses of attackers that should be blocked. Or, if you only ever need to block single IPs for short periods of time, NACLs may be a much easier option! Here’s a walkthrough on how you can implement a terribly simple (yet very powerful) intrusion detection and prevention in AWS with Lambda and DynamoDB Streams for a web application.

Continue Reading