Introduction I used LastPass for several years, and it helped me a lot to access my passwords and secrets on any moment, from multiple devices, in a secure way. But to be honest, I freaked out when I heard about the last hack [1]. I changed my most important passwords, […]
Frederique Retsema
New in AWS: AWS Resource Explorer
Up to now, it was not very easy to see what resources you have in an AWS account. One of the ways to solve this was to enable the AWS Config Recorder and then search in the AWS Config Console. This was, however, not very easy. I’m very happy that […]
Is RHCSA still relevant when you use the cloud?
Last week I passed for my RHCSA exam (EX200) [1]. While I was studying for the exam, I asked myself which parts of this exam are still relevant when you use Linux servers and Linux containers in the cloud and which parts are not. Assumptions In the cloud, we prefer: […]
Personal link shortener in AWS
I like to do presentations about a lot of topics. Most of these presentations are recorded and the link to that recording is then shared to people who couldn’t attend the presentation live. Up to now I used bitly.com to shorten my URLs. Last time that I used bitly I […]
AWS Config automated remediation
Introduction It is possible in AWS to check if your environment is compliant to your minimum standards. It is also possible to automatically change the environment to make it compliant again. Maybe not in a way that was designed by the developer – but compliant anyhow. Let me give an […]
Stop DELETE_IN_PROGRESS when custom resources fail in AWS CloudFormation
Script to stop the execution of CloudFormation when you made a small error in a custom resource (Lambda function).
Play environment for WebGoat, WebWolf and Juice Shop
In this blog post, I will show how you can install the OWASP training tools WebGoat, WebWolf and JuiceShop on your local laptop using Vagrant.
Check for RunAs accounts in Automation Accounts
Introduction Some time ago, I wrote about the new preview feature in Azure Automation Accounts to use Managed Identities [1]. I think that it is useful to migrate to this new feature as soon as possible: managed identities are used in many places in Azure and it is better to […]
Using a Managed Identity with Azure Automation Accounts
Introduction I think that every production environment in Azure uses Automation Accounts for f.e. scheduled tasks. Up to recently, you were forced to use the Run As user to do so. This solution has, however, two drawbacks. The first one is that this Run As user has way too many […]
Delete play-resources from Azure using runbooks
Learning a new cloud can be frighting: do I configure this right? And, when I click here, don’t I end up with a huge bill at the end of the month? In general, these fears can be solved quite easily: when you follow along with a training, the trainer will […]
VNet peering in Azure
Introduction I looked into virtual network peering peering in Azure and I saw something that looked rather strange to me. Let me explain what it was, how VNet peering works and what you should be aware of from a security perspective. Situation I have two virtual networks: one for 10.1.0.0/16 […]
How to add a user in Azure Active Directory
Adding a user in Azure Active Directory caused some troubles: it didn’t work as I thought it would. Let me explain. Adding the user I went to Azure Active Directory, clicked “Users” in the left menu and added the user via “New user”. I filled in some information and clicked […]
Playing with AI in Azure
When I was learning about Azure AI, I asked myself the question: “how far is AI? What can it determine – and what is impossible (yet)?” A nice tool that can give (partly) answers to that, is the website that Azure offers to scan images, it uses Azure Cognitive Services […]
Using one-time upload URLs in AWS with S3 versioning
In this blog, I will show how you can use the SAM (Serverless Application Model) to get a presigned upload URL to AWS S3 that can be used exactly once [1]. In AWS it is possible to use a presigned URL to upload files, but the URL is valid for […]
Using one-time upload URLs in AWS with Memcached
In this blog I will show how you can use the SAM (Serverless Application Model) to get a presigned upload URL to AWS S3 that can be used exactly once [1]. In AWS it is possible to use a presigned URL to upload files, but the URL is valid for […]
Using one-time upload URLs in AWS using DynamoDB
In this blog, I will show how you can use the SAM (Serverless Application Model) to get a presigned upload URL to AWS S3 that can be used exactly once [1]. In AWS it is possible to use a presigned URL to upload files where the URL is valid for […]
AWS Lambda: shared libraries (and SAM)
In June I wrote a blog series about the AWS Shop Example. In this series, I also wrote about X-Ray [1]. I like X-Ray: you can see how much time each step in a whole concattenation of AWS services takes and how much time it costs to send the response […]
AWS blog series part 6: speed up the use of the ELB Health Status
It took me a while, but then this blog series was ready: five blog articles about Windows Failover Clustering and Auto Scaling Groups with one node. I was happy, but then a thought was nagging me. Let me explain the problem by showing you the results for the Auto Scaling […]
AWS blog series part 5: Start PowerShell script after a reboot when Windows fails to do so
You might have wondered in the second blog of this series [1], why I mentioned the possibility that the Task Scheduler didn’t start after a reboot in the “on-premise” (Hyper-V) environment, but I didn’t do so in the AWS environment. Well, that’s because I used a “trick”, where AWS will […]
Windows Failover Cluster on AWS part 4: Construction of the CloudFormation scripts
Introduction If you follow along in this blog series [1], I can imagine that if you deployed the CloudFormation scripts, that you think “wow, how does it work”. In this blog, I try to answer that question. 1. Windows Failover Clustering Nested stacks When you start the CloudFormationFailover.yml script, you […]
AWS Migration part 3: The technique behind Windows Failover Cluster on AWS
Introduction In the previous two blogs [1], I showed that it is is possible to implement a Windows Failover Cluster in AWS. In this blog, I will explain the differences between a Failover Cluster on-premise and a Failover Cluster in AWS. 1. How does a Windows Failover Cluster work on-premise? […]
Windows Failover Cluster Migration to AWS part 2: installation
Introduction In the previous blog [1] I showed the different solutions that there are to migrate an on-premise Windows Failover Cluster environment to AWS. I also showed how fast (or how slow) the failover of a node takes. I assume you might want to see how this works for yourself. […]
AWS Migration part 1: how to migrate Windows Failover Clustering servers to AWS?
Introduction In this series, I will look at the migration from on-premise Windows Failover Clusters to AWS. What is the difference in recovery times between the application on-premise, the 1:1 migration of a Failover Cluster to AWS and the commonly used pattern of an Auto Scaling Group with one node? […]
AWS Shop example: Amazon X-Ray
Introduction We are in production with our shop example [1]. We’d like to get some statistics about our implementation: how often are the Lambda functions called? How fast are they? Of course, we could use the statistics from the performance test, but there is a faster way. This faster way […]
AWS Shop example: SNS duplicate messages
Introduction Our shop example [1] is now in production, wohoo!!! When you are using our example program in production, you might see that some sales are updated multiple times in the database. This will not happen very often, but you want your sales to be processed once, not twice. In […]
AWS Shop example: step functions
Introduction When you follow along in this series [1], you might have been irritated by the amount of work to test your functions. It isn’t a problem to test only the unit test for the accept function, but when you have to test the unit test for the decrypt function, […]
AWS Shop example: Smoke and performance tests
Introduction In the previous blog, I talked about unit tests of the AWS Shop example [1]. Today, I will continue with a smoke test and a performance test. Smoke test When you follow along, you will have seen the smoke test several times: we used a smoke test from the […]
AWS Shop example: unit tests
Introduction In the last six blogs [1], I showed you an application that used AWS to process the sales from a cashing machine. This series continues with tests for this application. Some objects of our solution cannot be tested: we cannot test the API gateway, the SNS topics or DynamoDB […]
AWS Shop example: API Gateway (2)
Introduction Last time, I talked about the API Gateway [1]. The URL that we used last time has randomness in it: it looks like https://54dwcigu3a.execute-api.eu-west-1.amazonaws.com/prod/shop. When you destroy the API Gateway objects and redeploy them, you will get another URL. That’s not nice: we don’t want to change the URL […]
AWS Shop example: the API Gateway (1)
Introduction You might have noticed that we skipped the API Gateway up to now [1]. I will write two blogs about the API Gateway. In this one, we follow the simplest route: from sending the message to the API gateway, and let the API Gateway deliver the message at the […]
AWS Shop: DynamoDB, the AWS NoSQL database
Introduction The ultimate goal of our shop application [1] is to update the AMIS-shop table in the DynamoDB service. In this blog, I will tell a little bit more about DynamoDB. DynamoDB is the NoSQL solution of AWS. The way we use this table in our example is straightforward: the […]
AWS Shop: about the AWS Simple Notification Service (SNS)
Introduction Today [1] we’ll look at the AWS Simple Notification Service. We have two of them in our shop: one to get messages from the accept-lambda function and send them to the decrypt-Lambda function, and the decrypt-Lambda function will send the decrypted sales information via SNS to the process-Lambda. The […]
AWS shop example: Lambda
Introduction In the previous blog [1], I wrote about an example shop application in AWS. Let me show the AWS architecture of this shop again: In this blog, I will tell a little bit more about the Lambda functions in this shop example. Lambda functions are serverless functions: you don’t […]
Example application in AWS using Lambda
Introduction I have to admit: I love serverless. Serverless computing is using the cloud as it is supposed to be used: it scales up when you need more capacity, it scales down to zero when you don’t need resources. That is really good when you have, for example, a shop […]
Policies in AWS (2)
Yesterday I published a blog about AWS policies. We used the IAM wizard to create a policy. When you try to use this policy with the users we created, you will get errors like these when you go to ECS, and try to create (for example) an ECS-cluster: This is […]
Creating policy’s, groups and users in AWS
Today, I’ll demonstrate how you can add policy’s, groups and users within AWS. In a couple of days, I’ll demonstrate the use of AWS Elastic Container Services (ECS) to a group of people. After the demonstration, they can play with ECS themselves. It is, of course, not the intention to […]
Setup and use of oVirt on CentOS7
Today, I’ll explain how to install and use oVirt: a nice virtualization tool for Linux, which is based on KVM. I installed the current production version 4.3.8 on a test machine, a Medion machine with an extra SSD drive. As usual, you’ll find the installation file for pxe that I […]
Using PXE to deploy a DNS server
Last week, I published a blog about implementing a PXE server [1]. Today I’ll show how kickstart/anaconda files can be used to deploy a server. I will use the example of a DNS-server to explain what can be changed where in kickstart files and what you can do when the […]
Deploying CentOS 8 using PXE
What is PXE? PXE (Preboot eXecution Environment) is a method of deploying an operating system to a computer over the network. I think it’s great: you don’t need to burn CD’s or DVD’s anymore. The only thing you have to do is changing the boot order in the BIOS, and […]