AWS Codebuild can work inside or outside a VPC now, it used to be outside VPC only. If your VPC requires a proxy to access Internet, then you need to set it up properly in the Codebuild project, otherwise you may notice that the project is unable to output logs to CloudWatch (Here let's assume … Continue reading AWS CodeBuild has no CloudWatch logs
AWS Secret Manager is a great solution for secret management. It is similar to HarshiCorp Vault, but with better integrations with other AWS services, e.g. IAM, RDS, Redshift, DocumentDB. As illustrated above, I created a database in RDS and a credential in Secret Manager, then attached the credential to the database for dynamic reference. The … Continue reading Use AWS Secret Manager to handle credentials
Simple version: If you follow AWS guide Setting the Time for Your Linux Instance to use /etc/sysconfig/clock to configure the timezone in Amazon Linux 2, you may not be able to find it after a yum update. So the suggested way to adjust time is to use timedatectl. For example: sudo timedatectl set-timezone Australia/Sydney Detailed … Continue reading /etc/sysconfig/clock is removed after yum update in Amazon Linux 2
AWS has made sharing encrypted AMI cross accounts a bit easier now, check this out - https://aws.amazon.com/about-aws/whats-new/2019/05/share-encrypted-amis-across-accounts-to-launch-instances-in-a-single-step/ Here is a sample of how to share encrypted AMI across accounts and launch an instance from it: https://aws.amazon.com/blogs/security/how-to-share-encrypted-amis-across-accounts-to-launch-encrypted-ec2-instances/ If you need to run autoscaling group from the encrypted AMI, it requires a few extra steps. Mostly it … Continue reading Share encrypted AMI across AWS accounts
I have been using EFS for a while to store my shared application data. Generally speaking it is good in terms of scalability and performance. My concern is mostly around the security, as it only uses security group to control the access. It is a risk if it is used in a multi-tenants environments, as … Continue reading New EFS access control is available now
I am currently working on a data migration project (from on-premise to AWS cloud). Also I would like to use the method to sync the data from AWS back to on-premise for DR purpose after we have done the migration. The total data size is about 1TB, and it is an online application data which … Continue reading AWS DataSync vs S3 Sync
When building Confluence Data Center on AWS, I was wondering how Confluence Data Centre manages the index file. As we run Confluence cluster in auto-scaling group, the Confluence nodes come and go (not that frequent though, as Confluence is not good at dynamic scaling. It is more schedule based scaling). The newly launched instance gets … Continue reading How Confluence Data Center Manage the Index File?