i am here

As an AWS consultant/trainer I travel a lot for my work. When at customers locations, I occasionally want to log in into our sandbox environment. In previous postings, I have shown how we increase security by switching on and off the bastion host with a single (or double) key-press of the AWS IoT button. In another post you can find how I setup my ssh configuration to use the bastion host without ever logging in to it and yet get access to our ec2 instances. In this post, let me share iamhere with you. It is a little script that I use to modify the security group that protects inbound… Read More

Continue Reading

SSH config for AWS bastion

As a roaming AWS trainer, I work on my AWS infrastructure from many different locations to give demos to the course attendees and prepare stuff in EC2 instances when necessary. When I launch instances, I usually do so in private subnets, not opening the instances to the Internet when not absolutely necessary. To access the instances I use what is called a stepping stone, jump server or bastion host. The idea of a bastion host is that it is the single point of entrance into your (cloud) infrastructure. Therefor, you should harden and secure that host to the best extent possible. Read my blog about switching on and off the bastion host… Read More

Continue Reading

Adopt IPv6 in the blink of an eye

We all know we’d have to adopt IPV6 one day. So why not today? I thought about this today, when I noticed my provider was so good to give my laptop an IPv6 address. So it starts making sense to get our¬†website on IPv6 too. When even private individuals get IPv6 access, it’s just a matter of time before the corporates do ūüėČ There is enough documentation out there about what IPv6 is and why we ‘need’ it, so I won’t replicate any of that here. Now, the question is, how to get your site on IPv6? At easytocloud, we¬†use AWS CloudFront as a CDN (Content Delivery Network) for our… Read More

Continue Reading

AWS cloudfront

We¬†just moved¬†this site to S3 and cloud front. We have told our customers so often to move their sites to AWS cloudfront and S3 that we deemed it necessary to move our own site as well. In this blogpost we’ll tell you a bit about the journey. Basic architecture principles. At easytocloud we like to make as much use of managed services as possible. More often than not, we create server-less solutions as we aim to get rid of operating system responsibility were possible. However, as this site is a¬†Wordpress site,¬†we need to run at least one instance for the PHP code that makes WordPress. In addition to an instances,… Read More

Continue Reading

Increase security with the click of a button!

Although at easytocloud we¬†prefer¬†to build serverless solutions¬†wherever we can, we do have some EC2 instances and use a bastion host to access our – predominantly private – EC2 instances. In an earlier posting you could read how we use our EC2 scheduler to stop and start our persistent instances based on the time of the day. The cost-savings of running an instance only during office-hours is a whopping 75% compared to leaving instances on ‘all the time’. As for our bastion host, not only does it reduce costs, it also increases security. The bastion host being¬†the only way into our AWS infra as (most) other instances do not even have… Read More

Continue Reading