Purpose

Every time any Lambda functions go on Errors or there is a Throttle I want to receive a notification on my Microsoft Teams channel.

Also, I have several accounts and I want to have a central notification system.

Architecture

We have 4 AWS accounts and lambda deployed everywhere.

There are 2 development teams Legends and Avengers, we generated the webhook for Microsoft Teams and put them in the parameter store.


With this blog article on 17th November 2020 was released a new service that in my opinion changes the firewall world in the AWS Cloud.

Intro AWS Network Firewall

The service is really powerful and complex, and it can bring the AWS Firewall to a new era.

Before this service was created you have only Security Group and Network Access control list. These 2 possibility are ok for most of the cases, but it Is possible for some high security environment you need something more advanced.

When you should use it:

The possibilities are multiples and still I haven’t explored all but the ones I immediately like are:


In this article, you can learn how to login to the Ec2 bastion machine with and without ssh, how to open a tunnel for the Apache on the Bastion, and the other one in the Web Server.

Why you need this.

Prerequisites


In DevOps, everybody loves pipelines I have tested a lot of them over the years.
Here all possible pipelines with Terraform I ever tried

Disclaimer

This article is not original content, it gathers my 7 LinkedIn posts about the topic if you want to read the original posts with the comments use the #learningterraforminsmallchunks on Linkedin search


For several reasons, I need to read from Python boto3 the number of Requests on my Target Group.

I need to have the 186 number in my boto3 Lambda to run others checks and actions.


This article comes from a practical case. We deploy everything in our pipeline with CloudFormation in several environments and for this reason, I cannot perform manual action.

Today 20th May 2020 is possible to mount AWS EFS volumes inside TaskDefinition for ECS but both for Ec2 and Fargate Compatibility the CloudFormation Resources are not yet available.

So the only solution is to use a CloudFormation Custom Resource.

I’m not an expert CloudFormation writer and I don’t want to be because I prefer to use Terraform but in the day by day, you need to find solutions and solve issues of…


If you start building your infrastructure in AWS using the IAC (Infrastructure as Code) approach you will currently find two big players in the market and you will need to choose between Terraform and AWS Cloudformation. One product is not better than the other, in some cases the right choice is Terraform but in other scenarios, AWS Cloudformation is better.

Terraform VS AWS CloudFormation

Terraform Versions

As published by Hashicorp there are 2versions:

In this article, we will compare the Terraform Open Source version and AWS CloudFormation

Strengths of Terraform vs AWS CloudFormation


I have migrated 12 Terraform environments from v0.11.14 to the v0.12.2 and in this article, I share a summary about what I did to accomplish the task.

Additional Reading

Of course, you should read the official guide to upgrade your code, in this page I did a short summary of that guide plus I add my personal experience and my fixes.

Instead to start to use the new Terraform version read the guide with the new features of Terraform 0.12.

Migrate Prerequisites


The Issue

When you create a Windows machine in AWS you can get the password some minutes after the machine creation using the pem key from the web console to retrieve it.

The problem is that this password will remain the same for the whole life of the machine. So also if a person leaves the company and loose AWS credentials if he has the password saved he will retain this kind of access. Of course, there are others way to prevent it like VPN firewall, nominal accounts etc. but it is not the purpose of this article.

The purpose of this…


I try to summarise what I did and learned in my journey with AWS Security Hub.

Videos

From re-invent 2018

AWS re:Invent 2018: [NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) 45 minutes video but without initial configuration. Nice to have an idea about the product, and listen to testimonials companies that have already used.

From AWS Online Tech Talks Introduction to AWS Security Hub 45 minutes more or less like the re-invent one but without testimonials. Slides of this Video here

Initial Configuration

AWS Security Hub at the end is “only” a way to generate and read AWS Config rules…

Giuseppe Borgese

AWS DevOps Professional Certified — Book Author — Terraform Modules Contributor — AWS Tech Youtuber

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store