AWS for Beginners Part 1

AWS for Beginners Part 1

I am hoping to get back into doing some AWS stuff over the next couple of months.  I am a huge fan of some of the tools and technology they have built.  It’s not perfect and its often not well understood by people lifting and shifting existing infrastructure into “the cloud”

My view is firmly if this is what you have done, then you have done it wrong and missed the point….

But if you do want to kick the tyres and see what its all about go and setup an account and play 

Ensure you implement the three recommendations

  • Root Account Security – Ensure you have a strong password on this account then stop using it.  Use IAM to set up another account and then use that.
  • Enable Two Factor Authentication – This is a must,  Sadly AWS don’t appear to support my preferred 2FA device . Yubikey so i’m using the Google authenticator
  • Enable Billing Alerts Create an alert so that if your bill will be over X you will get a notification.  Its very easy to leave an Instance or several running somewhere.  No one wants billshock.


Update:   AWS now does support Yubikey.   Wahoo .



AWS – Serverless

AWS – Serverless

Serverless is one of those stupid names within IT that doesn’t really explain whats going on. Its led to the comical meme below

But buzzword bingo aside what is it and what can you do with it?  Well, my AWS cert is due to expire shortly and I haven’t played with it for a good while.  So I decided to build something to demonstrate the power of it.

I run a few services on some of my lab kit (Mail/Web/Spam filtering etc ) So I decided to deploy a Serverless status page using some of the funky AWS services.   This is built using lamb status. Now they have done a huge amount of work on this and all credit goes to them.   It’s a very easy to deploy public website that relies on ZERO webservers.  It also has an admin page to easily edit the status pages and objects etc. It also supports input via API and publishing actual monitoring data from AWS.  Its designed to be incredibly cheap to run with 30,000 hits predicted to cost less than $1

Its built using a number of  AWS technologies listed below if you unfamiliar with these I would strongly suggest learning more.

  • Cloudformation
  • Cloudfront
  • S3
  • Lambda
  • Cognito
  • API Gateway
  • DynamoDB
How the AWS Services are hooked together

The finished public result is here giving public info on the services I run. I have added some demo incidents to see what they would look like.

In reality, this is total overkill but it was nice to see what some people are deploying on AWS and especially the serverless functions

The demo admin page is here. The deployment is incredibly straight forward and all done with Cloudformation so I haven’t gone into any detail here.

I will work on getting some of the metrics from my servers into this status page and it also allows you to add your own domain rather than the CloudFront one I am using hopefully that will by my next blog post.



Cloudflare – What is it and why would I care ?

I have been using Cloudflare for a long time.  It is one of my goto services and I use it to protect all of the public services I run for myself and other sites/ organizations.

The basic premise of what Cloudflare do is that they are a distributed Web Application Firewall (WAF) and CDN but they also offer so much more. Because they have a large number of POP’s they can cache and push content closer to your end users to give them a better experience. This also offloads work from your firewall’s, DNS, Web and Database servers.  At present they have 139 sites globally allowing you to host a site anywhere and get good global performance.

Cloudflare has an amazing free tier so you can get started easily.   I use this to host all of my public DNS records. So what does that look like?

[codeblocks name=’host -a’]

As you can see they have given me 2 Nameserver records (Matt and Fay) and also 2 A records Neither of which are my source web server.

Then within the Cloudflare portal you input where the real webserver lives cloudflare will do the rest.  My blog is still a little bit light on readership but you can see Cloudflare handling the spike in requests.

Cache in action

They are also handling the SSL cert for me and the redirect so all traffic is HTTPS to my site allowing me to close port 80 on the firewall all within the free tier.

If you are using with wordpres I would strongly recomend the Cloudlfare plugin is installed.  This way when you make changes to your site it wil automatically purge the cache if required