Have you ever looked at an IAM policy and wondered: Is it really necessary to grant access to this specific action? Or do you need to know which API calls a legacy or 3rd party application is actually sending to come up with a secure IAM policy? CloudTrail can help here, but there is something better: Record API calls with the AWS SDKs and CLI (including the stuff that is not visible in CloudTrail).
It seems to me like everyone is talking about service meshes these days - definetly a hot topic in the world of containers and microservices. A service mesh promises reducing latency, increasing observability, and simplifying security within microservice architectures. AWS announced a preview for App Mesh in November 2018 and the general availability in March 2019. Therefore, it is about time to take a closer look at App Mesh. As always, my review focuses on the technical details and educates about pitfalls. There is a lot more to know about the service than written on the official marketing page or demonstrated by technical evangelists.
I was recently invited to a CloudFormation workshop with a group of early CloudFormation users. I soon realized that the group had a good understanding of the basics, so I started to introduce more advanced features. Today, I would like to share with you six CloudFormation features that have inspired the workshop participants most.
Choosing storage service is critical when designing a cloud architecture. Read on to learn about the characteristics, limitations, typical use cases, and a decision tree for the following options to store data on AWS: Instance Store, EBS, EFS, FSx, and S3.
In this episode, Michael invited a guest: [Philipp Garbe](https://twitter.com/pgarbe). Philipp is an AWS Container Hero, Working in the Cloud, and we hope you enjoy his Bavarian accent as much as the knowledge he shares with us.
In this episode, Michael compares the available messaging options on AWS.
The goal of messaging is to decouple the producers of messages from consumers. The messaging pattern allows us to process the messages asynchronously. This has several advantages. You can roll out a new version of consumers of messages while the producers can continue to send new messages at full speed. You can also scale the consumers independently from the producers. You get some kind of buffer in your system that can absorb spikes without overloading it.
AWS offers different types of API gateways as a managed service. This review takes a closer look at the new service API Gateway HTTP APIs announced in December 2019 and generally since available in March 2020. The cloud provider promises that HTTP APIs are faster and cheaper than it's predecessor. We will look at hard technical facts instead of flowery marketing promises.
There are countless reasons why your website is not working as your users expect. From a technical point of view, you can monitor your load balancers, your web servers, and your database. But what if that external script that you embed is breaking your site? Expired TLS certificate? Something wrong with DNS? How can you test that your website works for real users?
In this episode, we introduce CloudWatch Synthetics as a solution to monitor your website from a user perspective.
Containers are a powerful tool to streamline your development and deployment process. However, a container cluster - no matter if you are using ECS (Elastic Container Service), EKS (Elastic Kubernetes Service), or self-managed Kubernetes - increases complexity. You are not only managing virtual machines anymore, but you are also operating containers on top of those virtual machines. Luckily, AWS offers a few approaches to minimize the effort of providing the computing capacity for your container cluster.
- ECS with Cluster Auto Scaling
- ECS with DIY Auto Scaling based on CloudWatch Events and Metrics
- ECS on Fargate
- EKS with Cluster Autoscaler and Managed Node Group
- EKS on Fargate
The most reliable way to automate creating, updating, and deleting your cloud resources is to describe the target state of your infrastructure and use a tool to apply it to the current state of your infrastructure. AWS CloudFormation and Terraform are the most valuable tools to implement Infrastructure as Code on AWS.
But what are the differences between both tools?