Category Archives: Tech Blog

Adopt IPv6 in the blink of an eye

We all know we’d have to adopt IPV6 one day. So why not today?

I thought about this today, when I noticed my provider was so good to give my laptop an IPv6 address. So it starts making sense to get our¬†website on IPv6 too. When even private individuals get IPv6 access, it’s just a matter of time before the corporates do ūüėČ

There is enough documentation out there about what IPv6 is and why we ‘need’ it, so I won’t replicate any of that here. Now, the question is, how to get your site on IPv6?

At easytocloud, we¬†use AWS CloudFront as a CDN (Content Delivery Network) for our website. CloudFront runs¬†in AWS edge locations in a datacenter ‘near you’ where it caches (parts of) our site … AWS has around¬†80 edge locations worldwide, as opposed to about 16 Regions where you can host your stuff. The good thing is, CloudFront supports IPv6 right out of the box!

Our website runs in the eu-central-1 Region (Frankfurt) where we use an internet facing load balancer (ELB) to give web-access to our webserver(s) running in an autoscaling group within a private network. A security group limits access to the ELB to only CloudFormation edge locations.

In the private network, we of course use a private IP address range like 192.168.1.0/24. There is no reason to use IPv6 in the private network as the individual webserver instances are not internet-facing by definition and the range is large enough to accommodate for our webserver-tier.

Potentially, one could give the internet facing load balancer IPv6 addresses. However, as we have put CloudFront in front of our ELB and CloudFront uses IPv4 only to connect from the edge locations to our ELB, there is again no need to put IPv6 here – yet.

We know CloudFront connects to our ELB using IPv4 (today) because AWS publishes the list of source IP addresses that you need to whitelist on your ELB in order to allow (only) CloudFront to connect to the ELB. You can find that list of addresses here and it doesn’t show IPv6 – at the day of writing this post. In a later post, I will disclose how you can update the¬†security group fencing off the ELB automatically whenever AWS changes the list of IP addresses.

So, for now, all we need is to configure CloudFront to use IPv6, which is actually just a checkbox in the configuration.

 

Don’t forget to add the IPv6 records to your DNS. We use AWS Route53 where we added an IPv6 alias record for our CloudFront distribution. Alias records are similar to CNAME records with two major exceptions:

  • you can use an ALIAS¬†record for the APEX (naked domain name – easytocloud.com),
  • an ALIAS record is solved inside R53, so your DNS clients gets an AAAA (IPv6) or A (IPv4) response.

With little more than a few mouse-clicks, you too can enable your site for IPv6.

The picture at the top of this article shows how our website is ready for IPv6 now, according to this site. It just took a few minutes to get there from the picture below:

 


Veritas and AWS technology alliance

Category : Architecting , Events , Tech Blog

Last week, Veritas and AWS announced that they formed a technology alliance to bring the capabilities of Veritas 360 Data Management to AWS users. This did not surprise us as we know and understand both companies’ technologies and already recognised the potential that the combination presents. Possibilities include:
Orchestrated failover and failback to and from AWS
Combining AWS with Veritas Resiliency Platform (VRP) enables fully automated recovery of virtualized infrastructures to AWS. Standby datacenters can be consolidated to the cloud, saving money. Migration can be tested and easily rolled back, saving time.
Legacy applications without refactoring
Enterprise applications like SAP and Oracle have their own specific mechanisms to ensure performance, resiliency and scalability, and would need refactoring to adapt to the near infinite scalibility that AWS offers. Veritas InfoScale for AWS is the viable alternative to refactoring, simplifying the customer experience through a unified management console.
Cloud tiering software defined storage
Veritas Access and Amazon S3 combine to provide a low-cost storage tier for unstructured data workloads already. Later this year, Access will be available as a full featured cloud solution to enhance application performance while minimizing cost.
Unified data protection provided by Veritas NetBackup ensures a simple and reliable experience, no matter where your data resides or which platform is used.
You can read the full article about the alliance here. Please contact us if you would like to know more about the possibilities for your organization.

AWS cloudfront

Category : Architecting , Tech Blog

We just moved this site to S3 and cloud front.

We have told our customers so often to move their sites to AWS cloudfront and S3 that we deemed it necessary to move our own site as well. In this blogpost we’ll tell you a bit about the journey.

Basic architecture principles.

At easytocloud we like to make as much use of managed services as possible. More often than not, we create server-less solutions as we aim to get rid of operating system responsibility were possible.

However, as this site is a Wordpress site, we need to run at least one instance for the PHP code that makes WordPress.

In addition to an instances, WordPress needs a database. We could have run the database on the instance itself but that defeats one of our basic design principles:

Treat your servers as cattle not pets

We do not want to store any data on our instance, so rather than running the database locally, we run it as a RDS multi-AZ deployment. mySQL as a managed service, high available replicated over two Availability Zones.

We created the (Aurora) database and exported/imported the content from the original site to the RDS instance. After changing the DB connect in wp-config.php, the instance got the posts from the RDS database.

The next step in ‘cattle not pet’ is the ability to create a new instance. There are two options to create new instances, either ‘from scratch’ with userdata or by creating an AMI specifically for the purpose of a wordpress site.

We decided to write a userdata-script. After a few iterations, the script was put in S3 and the userdata copies and runs the script.

The script takes care of installing all of the WordPress prerequisites and copies a  tar-ball containing WordPress itself. It would be better even to actually install WordPress but that could be a next step.

An autoscaling group with a minimum of 1 instance makes sure there is one instance running at any time.

The instance has a rol attached so it can access the S3 bucket.

The instances live in a private subnet, behind a loadbalancer that lives in the public subnet. The load balancer performance is used to determine the necessary amount of EC2 instances to run the website.

With a plugin, we moved the /wp-content/uploads directory to an S3 bucket.

Cloudfront is configured with two sources; the S3 bucket and the ELB. Any reference to /wp-content/uploads is sent to S3, all other requests go to the ELB.

More details on each of the components will  be presented in future posts.


Increase security with the click of a button!

Category : IoT , Tech Blog

Although at easytocloud we prefer to build serverless solutions wherever we can, we do have some EC2 instances and use a bastion host to access our Рpredominantly private РEC2 instances.

In an earlier posting you could read how we use our EC2 scheduler to stop and start our persistent instances based on the time of the day. The cost-savings of running an instance only during office-hours is a whopping 75% compared to leaving instances on ‘all the time’.

As for our bastion host, not only does it reduce costs, it also increases security. The bastion host being¬†the only way into our AWS infra as (most) other instances do not even have a public IP address. So, whenever the bastion host is ‘off’, it is not possible to get into our AWS stuff.

Recently I got hold of a few AWS IoT buttons and thought it would be nice to be able to stop and start our bastion host with it. The IoT button can send 3 different ‘messages’ to AWS IoT; one click, double click or long press.

button

So now we start (one click) and stop (double click) our bastion host, hence increasing security with the (double) click of a button!

Some background?!

An IoT button uses a WiFi to send it’s messages. To connect it to a (new) WiFi network, it becomes an access point that you can connect to with your laptop. The button features a webserver that you then browse¬†to, so you can setup the button to connect to your WiFi.

The next step is to configure the IoT button to be a trigger for a lambda function. Each button has a unique ID and you can configure a particular button to trigger your function to be executed.

Your lambda function receives information from the button when it is pressed: the button-ID, the type of ‘click’ and the remaining voltage of the battery.

All that is needed now is some code that changes the powerstate of your instance. With only few modifications to (a copy of) the python code of the previous post it was   an easy last step.

The next thing for me to do is write a cloud formation template so you can increase your security too – with just the click of a button!

 


Reinvent 2016 Recap

Category : Tech Blog

 

Compute
Name Release date Release type Description Details
Amazon EC2 C5 Early 2017 Pre-Announcement Amazon EC2 C5 instances are the most powerful Compute Optimized instances, featuring the highest performing processors and the lowest price/compute performance in EC2. Blog | URL
Amazon EC2 Elastic GPUs Nov 30, 2016 Preview AWS announces their first attachable Elastic GPUs ‚ÄĒ the most cost effective and flexible way to add graphics acceleration to Amazon EC2 Instances. Blog | URL
Amazon EC2 F1 Nov 30, 2016 Preview Amazon EC2 F1 is a new compute instance with programmable hardware for application acceleration. With F1, you can directly access custom FPGA hardware on the instance in a few clicks. Blog | URL
Amazon EC2 I3 TBD Pre-Announcement I3 instances are the latest generation of Storage Optimized High I/O instances, featuring NVMe based SSDs for the most demanding I/O intensive relational, NoSQL, transactional, and analytics workloads. Blog | URL
Amazon EC2 R4 Nov 30, 2016 GA Amazon EC2 R4 instances are the latest generation of Memory Optimized instances which are 20% more price performant than R3 instances. Blog | URL
Amazon EC2 T2 Nov 30, 2016 GA t2.xlarge and t2.2xlarge are the newest Amazon EC2 burstable-performance instances, well-suited for workloads that require a consistent baseline performance with the ability to burst. Blog | URL
Amazon Lightsail Nov 30, 2016 GA Amazon Lightsail is the easiest way to launch and manage a virtual private server with AWS. Get everything you need to jumpstart your project – compute, storage, and networking – starting at $5/month. Blog | URL
Lambda@Edge Dec 1, 2016 Preview Lambda@Edge lets you run code at CloudFront edge locations without provisioning or managing servers. This allows developers to deliver a low latency user experience for customized web applications. Blog | URL
C# Support on Lambda Dec 1, 2016 GA You can now use C# with AWS Lambda. Blog | URL
Lambda Customized Behavior on Failure – DLQ Support Dec 1, 2016 GA You can now configure a dead letter queue (DLQ) on AWS Lambda to give you more control over message handling for all asynchronous invocations, including those delivered via AWS events (S3, SNS, IoT, etc). Blog | URL
AWS Batch Dec 1, 2016 Preview AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. Blog | URL
Blox (Containers) Dec 1, 2016 GA Blox is a collection of open source software that enables customers to build custom schedulers and integrate third-party schedulers on top of ECS. Blog | URL
IPv6 Support for EC2 Instances in Virtual Private Clouds Dec 1, 2016 GA EC2 instances in Amazon Virtual Private Cloud (VPC) now offer native support for the IPv6 protocol. IPv6 can be enabled for existing and new VPCs through the AWS management console, API/SDK and CLI. Blog | URL
Management Tools
AWS OpsWorks for Chef Automate Dec 1, 2016 GA AWS OpsWorks for Chef Automate provides a fully managed Chef server and suite of automation tools for continuous deployment, automated testing for compliance, and a user interface for visibility into your nodes. URL
AWS Personal Health Dashboard Dec 1, 2016 GA AWS Personal Health Dashboard gives you a personalized view of AWS service health. You’ll get alerts when services you are using are impacted, and guidance to help keep your AWS resources healthy. Blog | URL
Amazon EC2 Systems Manager Dec 1, 2016 GA Amazon EC2 Systems Manager, helps you automate important management tasks such as collecting system inventory, applying OS patches, automating image creation, and configuring OS and applications at scale. In addition, you can record and govern your instance’s software configuration with AWS Config. URL
Database
Amazon Aurora with PostgreSQL Compatibility Nov 30, 2016 Preview Amazon Aurora is now PostgreSQL compatible. You can get up to twice the performance of the typical PostgreSQL database and the features you love in Amazon Aurora. Blog | URL
Analytics
Amazon Athena Nov 30, 2016 GA Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using SQL. Athena is serverless, so there is no infrastructure to manage. You pay only for the queries you run. Blog | URL
AWS Glue TBD Pre-Announcement AWS Glue is a fully managed ETL service that makes it easy to understand your data sources, prepare the data, and move it reliably between data stores. It simplifies and automates data discovery, transformation, and job scheduling tasks. URL
Application Services
AWS Step Functions Dec 1, 206 GA AWS Step Functions makes it easy to coordinate the components of distributed applications and microservices using visual workflows. Blog | URL
Enhanced Context for CustomAuthorizers in Amazon API Gateway Dec 1, 2016 GA Developers use custom authorizers to authorize API requests to their backend using bearer token strategies such as OAuth. URL
API Gateway Documentation generation Dec 1, 2016 GA Ability for API Gateway to generate documentation based on an API definition Blog | URL
Amazon API Gateway Integration with AWS Marketplace Dec 1, 2016 GA Launch of AWS API Marketplace with the integration between API Gateway and the AWS Marketplace Blog | URL
Storage
AWS Snowball Edge Nov 30, 2016 GA AWS Snowball Edge is a petabyte-scale data transfer service with on-board storage and compute. Blog | URL
AWS Snowmobile Nov 30, 2016 GA AWS Snowmobile is an exabyte-scale data transfer service used to move extremely large amounts of data. Blog | URL
File Gateway for S3 Nov 29, 2016 GA Storage Gateway that provides customers an NFS mount point mapped to an S3 bucket. Files on the mount point are backed by objects in customers S3 bucket. Gateway manages data transfer to AWS, and provides local caching for low latency access to subset of data on premises. URL
On-Prem DX Access to EFS DEC 1, 2016 GA This feature will allow customers to mount EFS file systems on servers running on prem. URL
Security, Identity & Compliance
AWS Organizations Nov 29, 2016 Preview AWS Organizations is a new administrative capability, which allows customers to control multiple AWS accounts centrally, enabling them to organize and manage their accounts to meet their business’ budgetary, security, and compliance needs Blog | URL
AWS Shield Dec 1, 2016 GA AWS Shield is a managed DDoS protection service that safeguards your web applications using Elastic Load Balancing (ELB), Amazon CloudFront, and Amazon Route 53. Blog | URL
Desktop & App Streaming
AppStream 2.0 Dec 1, 2016 GA fully managed, secure application streaming service that allows you to stream desktop applications from AWS to any device, without rewriting them. AppStream 2.0 provides users with instant-on access to the applications they need, and a responsive, fluid user experience running in an HTML5 web browser. Blog | URL
Artificial Intelligence
Amazon Polly Nov 30, 2016 GA Amazon Polly is a service that turns text into lifelike speech. It supports 24 languages and 47 lifelike voices. Create apps that talk, enabling you to build entirely new categories of speech-enabled products. Blog | URL
Amazon Rekognition Nov 30, 2016 GA Amazon Rekognition is a service that makes it easy to add image analysis to your applications. With Rekognition, you can detect objects, scenes, and faces in images. You can also search and compare faces. Blog | URL
Amazon Lex Nov 30, 2016 Preview Amazon Lex is a service for building conversational interfaces using voice and text. With Lex, the same deep learning engine that powers Alexa is now available to any developer, enabling you to bring sophisticated, natural language chatbots to new and existing applications. Blog | URL
Developer Tools
CodeBuild Dec 1, 2016 GA AWS CodeBuild builds and tests code in the cloud. CodeBuild scales continuously, so your builds are not left waiting in a queue. You are charged by the minute for the compute resources you use. You can also use CodeBuild with other AWS services. For example, you can plug CodeBuild into AWS CodePipeline, which automates building and testing code in CodeBuild each time you commit a change to your source repository. CodeBuild is also integrated with AWS Elastic Beanstalk, enabling you to easily build and test code in CodeBuild for your Elastic Beanstalk applications. Blog | URL
AWS X-Ray Dec 1, 2016 Preview X-Ray captures trace data from code running on EC2 instances (including ECS containers) Blog | URL
Internet of Things
AWS Greengrass Nov 30, 2016 Preview AWS Greengrass is software that lets you run local compute, messaging & data caching for connected devices. Run IoT applications seamlessly across the AWS cloud and local devices using AWS Lambda. Blog | URL
Mobile Services
Amazon Pinpoint Dec 1, 2016 GA Amazon Pinpoint makes it easy to run targeted push notification campaigns to improve user engagement in mobile apps. You can use Pinpoint to define your target segments, run your campaign, and measure results. Blog | UR