CloudTrail provides you with an audit log of every successful API call made in your AWS account. It can be invaluable for security auditing, as well as answering general questions such as “who started this instance and when?” The chief drawbacks are that it produces a large number and variety of events, making analysis challoenging. However, a search engine such as Elasticsearch with Kibana lets you explore your audit log using simple filters and search terms.
One of the risks with giving developers their own sandboxes is that they’ll forget to shut down EC2 instances, or RDS databases, or any of the other AWS services that come with a per-hour charge. It happens. I’ve done it, as have most of the developers I know. But there’s no reason to be surprised when the bill arrives. In this post I’ll give an introduction to Budgets, and walk through using Cost Explorer to find a forgotten Sagemaker notebook.
The ability to experiment is one of the unsung benefits of cloud computing. It was, in fact what drew me to AWS in 2008. At Chariot, we have multiple sandbox environments, some for specific projects and some for general play, and recommend that our clients do the same. However, sandboxes need some controls, to ensure that they don’t become a source of runaway costs.
AWS re:Invent is over, and I finally have time to breathe. I’ve been going to the NY Summit since it was “only” a few thousand people and watched it grow into a 12,000-person behemoth, but this was my first re:Invent. I assumed it would be like the Summit, but bigger. I was wrong. Summits are … Read More
If you weren’t able to attend our IoT on AWS one-day conference, here’s a recap.
After my last post, a colleague pinged me with “I thought you used environment variables to manage credentials, so why didn’t you show that?” The short answer is that it would detract from the points I was trying to make. The long answer is rooted in history and not-quite-implemented features, so rates its own post. … Read More
My last post compared different infrastructure tools for creating users and letting them assume roles for cross-account access. I received a few questions about the underlying problem that those scripts were trying to solve, so this post delves a bit deeper into the realm of user management.
My background is as a developer, so when I think of “devops” and “infrastructure as code” I look for the loops and conditionals of a Turing-complete language. Unfortunately for me, popular devops tools lean toward a declarative format: you describe the environment that you want, and the tool makes whatever changes are needed to achieve … Read More
The correct compute platform depends on the workload that you’re running. This post contains criteria for picking the right environment from the choices that AWS gives you.