CICD Design for Atlassian Suites in AWS


I have been working on a project of migrating Atlassian suites (Confluence/Jira/...) to AWS. This is not a simple lift and shift migration. We actually redesigned everything from ground up. Here is the CICD that I designed. The source codes are stored in on-premise BitBucket, the build tools is AWS Dev Tools (mainly CodeBuild). Development … Continue reading CICD Design for Atlassian Suites in AWS

AWS CodeBuild has no CloudWatch logs


AWS Codebuild can work inside or outside a VPC now, it used to be outside VPC only. If your VPC requires a proxy to access Internet, then you need to set it up properly in the Codebuild project, otherwise you may notice that the project is unable to output logs to CloudWatch (Here let's assume … Continue reading AWS CodeBuild has no CloudWatch logs

Use AWS Secret Manager to handle credentials


AWS Secret Manager is a great solution for secret management. It is similar to HarshiCorp Vault, but with better integrations with other AWS services, e.g. IAM, RDS, Redshift, DocumentDB. As illustrated above, I created a database in RDS and a credential in Secret Manager, then attached the credential to the database for dynamic reference. The … Continue reading Use AWS Secret Manager to handle credentials

/etc/sysconfig/clock is removed after yum update in Amazon Linux 2


Simple version: If you follow AWS guide Setting the Time for Your Linux Instance to use /etc/sysconfig/clock to configure the timezone in Amazon Linux 2, you may not be able to find it after a yum update. So the suggested way to adjust time is to use timedatectl. For example: sudo timedatectl set-timezone Australia/Sydney Detailed … Continue reading /etc/sysconfig/clock is removed after yum update in Amazon Linux 2

Share encrypted AMI across AWS accounts


AWS has made sharing encrypted AMI cross accounts a bit easier now, check this out - https://aws.amazon.com/about-aws/whats-new/2019/05/share-encrypted-amis-across-accounts-to-launch-instances-in-a-single-step/ Here is a sample of how to share encrypted AMI across accounts and launch an instance from it: https://aws.amazon.com/blogs/security/how-to-share-encrypted-amis-across-accounts-to-launch-encrypted-ec2-instances/ If you need to run autoscaling group from the encrypted AMI, it requires a few extra steps. Mostly it … Continue reading Share encrypted AMI across AWS accounts

How Confluence Data Center Manage the Index File?


When building Confluence Data Center on AWS, I was wondering how Confluence Data Centre manages the index file. As we run Confluence cluster in auto-scaling group, the Confluence nodes come and go (not that frequent though, as Confluence is not good at dynamic scaling. It is more schedule based scaling). The newly launched instance gets … Continue reading How Confluence Data Center Manage the Index File?