AWS Resource Access Manager — Multi Account Resource Governance

With a multi-account approach of building the infrastructure, there is always a challenge of provision and governance of the resources to subordinate accounts within the Organization. Provision resources, keep them up to date, and decommission them properly — that’s only a part of them. AWS has numerous solutions that help make this process reliable and secure, and the Resource Access Manager (RAM) is one of them. In a nutshell, the RAM service allows you to share the AWS resources you create in one AWS account with other AWS accounts....

September 25, 2021 · Serhii Vasylenko

Run Ansible playbook on mac1.metal instances fleet with AWS Systems Manager

In days of containers and serverless applications, Ansible looks not such a trendy thing. But still, there are cases when it helps, and there are cases when it combines very well with brand new product offerings, such as EC2 Mac instances. The more I use mac1.metal in AWS, the more I see that Ansible becomes a bedrock of software customization in my case. And when you have a large instances fleet, the AWS Systems Manager becomes your best friend (the sooner you get along together, the better)....

May 27, 2021 · Serhii Vasylenko

Configure HTTP Security headers with CloudFront Functions

A couple of weeks ago, AWS released CloudFront Functions — a “true edge” compute capability for the CloudFront. It is “true edge” because Functions work on 200+ edge locations (link to doc) while its predecessor, the [email protected], runs on a small number of regional edge caches. One of the use cases for [email protected] was adding security HTTP headers (it’s even listed on the product page), and now there is one more way to make it using CloudFront Functions....

May 21, 2021 · Serhii Vasylenko

Customizing mac1.metal EC2 AMI — new guts, more glory

I guess macOS was designed for a user, not for the ops or engineers, so this is why its customization and usage for CI/CD are not trivial (compared to something Linux-based). A smart guess, huh? Configuration Management Native Apple’s Mobile device management (a.k.a MDM) and Jamf is probably the most potent combination for macOS configuration. But as much as it’s mighty, it is a cumbersome combination, and Jamf is not free....

February 1, 2021 · Serhii Vasylenko

Terraforming mac1.metal at AWS

Updated on the 23rd of October, 2021: Terraform AWS provider now supports Dedicated Hosts natively In November 2021, AWS announced the support for Mac mini instances. I believe this is huge, even despite the number of constraints this solution has. This offering opens the door to seamless macOS CI/CD integration into existing AWS infrastructure. So here is a quick-start example of creating the dedicated host and the instance altogether using Terraform....

January 20, 2021 · Serhii Vasylenko

mac1.metal EC2 Instance — user experience

Amazon EC2 Mac Instances Something cool and powerful with inevitable trade-offs. As everything in this world. AWS announced EC2 macOS-based instances on the 30th of November 2020, and after more than a month of tests, I would like to share some findings and impressions about it. First of all, the things you can easily find, but it’s still worth to say: The new instance family is called mac1.metal. Guess we should expect mac2 or mac3; otherwise, why did they put a number in the name?...

January 19, 2021 · Serhii Vasylenko

Terraform CLI shortcuts

Here is some CLI shortcuts I use day-to-day to simplify and speed-up my Terraform workflow. Requirements — bash-compatible interpreter, because aliases and functions described below will work with bash, zsh and ohmyzsh. In order to use any of described aliases of functions, you need to place it in your ~/.bashrc or ~/.zshrc file (or any other configuration file you have for your shell). Then just source this file, for example: source ~/....

August 25, 2020 · Serhii Vasylenko

Manage Ansible playbook secrets with AWS services

Lookup plugins for Ansible allow you to do a lot of cool things. One of them is to securely pass sensitive information to your playbooks. If you manage some apps in AWS with Ansible, then using Parameter Store or Secrets Manager along with it might greatly improve your security. Variables with SSM Parameter Store Let’s say you have some variables defined in ‘defaults/main.yaml’ file of your role or maybe in group_vars....

August 6, 2020 · Serhii Vasylenko