Until recently, this was a WordPress site running on a traditional web hosting service with no SSL certificate. It’s now a collection of static files sitting in S3 buckets in AWS fronted by Amazon’s CloudFront CDN behind an HTTPS URL, with email handled by Amazon WorkMail. My web life has gotten much simpler, I have a lot more money left over, and my security posture has dramatically improved, to say nothing of the radically improved load times making both Google’s algorithms and human visitors happy. Read more
AWS
How to Get AWS Step Functions to Act on a Lambda Variable’s Value
In my previous post I explained the basics of how to pass variable values from one state machine Lambda function to another. But what if you want to have AWS Step Functions take some sort of action based on the value of one of those variables? Perhaps you want the Step Function to pause until an instance is finished shutting down, or a snapshot has finished copying, etc. If you’re not a moderately experienced programmer you may not be familiar with this, and since Amazon’s documentation on these sort of “basics” is rather sparse, I thought I’d explain it here. Read more
Basics of Passing Variables Between State Machines in AWS Step Functions
AWS recently added Step Functions to their lineup, which I have found to be one of the most exciting new services they’ve released in a while. It has some amazing potential for allowing you to break up Lambda functions into a lot of component parts and chain them together (including wait conditions and other bells & whistles), but if you don’t already have a strong programming background it won’t be clear to you how to actually make this work, since their documentation isn’t as thorough as it could be, and they assume a certain basic level of background programming knowledge. I come from an Infrastructure/Operations background, so if you’re not a programming expert, but you still want to utilize these tools to automate your life and just get things done, I can sympathize. To that end, here’s a quick run-down of the basics you’ll need to know to dip your toe into this ocean of possibilities. Read more
Why AWS Encrypted Snapshot Status Is Error
If you’ve ever been scratching your head after attempting to create or copy an encrypted snapshot in AWS after being left with an unhelpful “Error” status and no other useful troubleshooting information, here’s one thing to check.
Use Python to Add AWS Security Group Rules from a List of IPs
Have you ever had a list of IP addresses that you wanted to allow inbound traffic from in an AWS security group, but didn’t want to manually put them in one at a time? You’re in luck! Here’s a little Python script I wrote that will read in a list of IPs from a CSV file, and create security group rules for each address in the security group you specify, automatically. Read more
Safely Restore an AWS EC2 Root Volume from Snapshot
Sure, most people with servers in AWS occasionally take snapshots of their EC2 instances’ root volumes to protect against crashes, corrupt updates, etc., but many new AWS admins never actually attempt to to restore a server’s backed-up root volume from a snapshot until they have to. So, if you’ve never had to do it before, and now a series of panicked web searches has lead you here, then don’t worry – it’s easy to restore the server back to its snapshotted state, even maintaining its original IP address and host name, just like nothing happened. Here’s how…
How to Use Encrypted Environment Variables in Lambda Functions
Need to write a Lambda function that will log in to something? Don’t hard-code your username or password in the script – store them as encrypted environment variables instead! Here’s how:
Four AWS CLI Commands to Set Up a Cross-Region/Account SNS Topic Subscription & Permissions
As I mentioned in my previous post, you can subscribe an AWS SNS topic in one region/account to a Lambda function in a different region and/or account (assuming you already have the accounts talking to each other) via the CLI. This can’t be done with CloudFormation (I’m told cross-region subscriptions are in the works), and you can’t do it through the console, so the CLI is your only option if you want to make this happen. Luckily, it can be done in four easy steps.
Invoking Remote Lambda Functions with Custom Resources in AWS CloudFormation Templates
One under-appreciated feature of Amazon Web Services’ CloudFormation templates is the ability to make custom resources. Inspired by my previous post on how to update Infoblox DNS records using curl, I’ll now take that idea one step further and give a quick taste of how you could use CloudFormation custom resources to automatically update DNS records via some Python code in an AWS Lambda function (hint: adapt those curl commands in Python using “requests“). You may not have this exact use case, but the principles are the same no matter what you want CloudFormation to interact with.
Add or Delete DNS records in Infoblox using Curl
Infoblox has a handy Web API that you can use to programmatically edit DNS records if you’re using it to manage DNS at your organization. (This is especially helpful when you do it via AWS CloudFormation templates using a Lambda-backed custom resource, since you can have it automatically add, update, and delete records when you create, update, and delete your stacks. (I demo that in my next post.) Before you write a program to automate DNS entries though, you’ll want to test it using a command line tool like “Curl” in Linux. I didn’t find Infoblox’s WAPI documentation particularly helpful, so after some trial and error, here are the basics that I found work well. Read on to save some of the same headaches of figuring this all out, and just get going. Read more