AWS re:Invent Feature Request

Recently,  I went to AWS re:Invent 2018 for the second time. My first time was back in 2014 (when AWS Lambda was introduced). This time I decided to go to Las Vegas with my wife. So I did purchased a guest pass to AWS re:Play event. re:play itself was great. Highly recommend to attend it next time (but don’t forget earplugs … just in case).

But in general my experience was not quite to my full satisfaction. Keynotes and sessions were great! A lot of valuable information. But, what made me a bit unhappy is the nightly events (e.g. Pub Crawl ). You are now allowed to bring a guest or spouse to these events. So I had to skip all of them 😦 And there are no means to get a paid access to these events.

So my feature request to Amazon is to have an option to buy a nightly pass for spouses along with the pass to re:Play party. And let this option to be expensive.

I hope Jeff Barr  will read this post and submit this request on our behalf. So next year I’ll be able to go to re:Invent again.

 

 

#PowerShell: Register AWS EC2 instances in Amazon Route53 (new way)

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
Just in case – Amazon EC2
I use this script https://github.com/konstantinvlasenko/cloud/blob/master/Register-CNAME.ps1 to provide meaningful names for them.
Simple usage:

$config = @{ DomainName = 'mylab.com' }
$name = "www.$($config.DomainName)"
# get instances
$instance = (Get-EC2Instance $InstanceId).RunningInstance
# update R53
.\Register-CNAME.ps1 $config $name $instance.PublicIpAddress

Advanced usage (register in another account; registering A record):

$config = @{ DomainName = 'mylab.com'; AssumeRoles = @{ R53 = @{ ARN = 'arn:aws:iam::600021112340:role/Route53'; SessionName = 'Friends' } }; }
$name = "www.$($config.DomainName)"
# get instances
$instance = (Get-EC2Instance $InstanceId).RunningInstance
# update R53
.\Register-CNAME.ps1 $config $name $instance.PublicIpAddress 'A'

Schedule your Amazon EC2 spot instance startup time

Here I want to explain how to start your Amazon EC2 instance recurrently by scheduling.


I have used the AWS Tools for Windows PowerShell. You can use java command line or python library. The main goal is to explain the idea:

I am going to automate the starting of my Fitnesse server.

Create launch configuration

New-ASLaunchConfiguration Fitnesse -ImageId ami-00000000 -SecurityGroups Fitnesse -InstanceType t1.micro -SpotPrice 0.011

Create Auto Scaling group with MinSize=MaxSize=0

New-ASAutoScalingGroup Fitnesse-AS -LaunchConfigurationName Fitnesse -AvailabilityZones us-east-1a -MinSize 0 -MaxSize 0

Set the Start scheduling action
The core thing is the MinSize=MaxSize=1 and the -Recurrence argument which is in the cron scheduler time format

Write-ASScheduledUpdateGroupAction -AutoScalingGroupName Fitnesse-AS -ScheduledActionName Start -MinSize 1 -MaxSize 1 -Recurrence '15 13 * * *'

Optionl (stop event)

Write-ASScheduledUpdateGroupAction -AutoScalingGroupName Fitnesse-AS -ScheduledActionName Stop -MinSize 0 -MaxSize 0 -Recurrence '59 23 * * *'

AWS EC2: It is not possible to “sniff” traffic that is intended for a different virtual instance

It is not possible for a virtual instance running in promiscuous mode to receive or “sniff” traffic that is intended for a different virtual instance. While customers can place their interfaces into promiscuous mode, the hypervisor will not deliver any traffic to them that is not addressed to them. Even two virtual instances that are owned by the same customer located on the same physical host cannot listen to each other’s traffic. Attacks such as ARP cache poisoning do
not work within Amazon EC2 and Amazon VPC. While Amazon EC2 does provide ample protection against one customer inadvertently or maliciously attempting to view another’s data, as a standard practice customers should encrypt sensitive traffic – Amazon Web Services: Overview of Security Processes

AWS is built for enterprise security standards

Certifications

Phisical security

  • Datacenters in nondescript facilities
  • Physical access strictly controlled
  • Must pass two-factor authentication at least twice for floor access
  • Physical access logged and audited

HW, SW, Network

  • Systematic change management
  • Phased updates deployment
  • Safe storage decommission
  • Automated monitoring and self-audit
  • Advanced network protection

 

source: Using Amazon Web Services for Disaster Recovery Webinar (16:07)

AWS .NET SimpleDB uses https

So do not be afraid. You are secure.
Declaring Type: Amazon.SimpleDB.AmazonSimpleDBConfig
Assembly: AWSSDK, Version=1.3.8.0

public AmazonSimpleDBConfig()
{
    this.serviceVersion = "2009-04-15";
    this.serviceURL = "https://sdb.amazonaws.com";
    this.userAgent = AWSSDKUtils.SDKUserAgent;
    this.signatureVersion = "2";
    this.signatureMethod = "HmacSHA256";
    this.proxyPort = -1;
    this.maxErrorRetry = 3;
    this.fUseSecureString = true;
}