How to dockerize your PHP application for AWS Fargate?
This blog post is an excerpt of our book Rapid Docker on AWS. The biggest game-changer for Docker on AWS was the announcement of AWS Fargate. Operating Docker containers could not be easier. With AWS Fargate, you launch Docker containers in the cloud...Read more
Analyze CloudWatch Logs like a pro
This post was originally published on the marbot blog. Centralizing the logs from all your systems is critical in a cloud infrastructure. Typical solutions to store and analyze log messages are: Elastic Stack (Elasticsearch + Kibana), Loggly, Splunk, ...Read more
School's Out For Summer
Michael and I have just returned from a trip to France where we enjoyed the sun, the beach, the pool, and - of course - the cheese. We are giving away 25 printed books Amazon Web Services in Action to students who are keen to get started with AWS during...Read more
AWS CloudTrail: your audit log is incomplete
Recently, I was investigating the size of a security breach caused by leaked AWS credentials. The first place to go in such a scenario is the audit log recorded by CloudTrail. When configured correctly, CloudTrail captures the requests to the AWS API an...Read more
EFS with TLS behind a proxy
Encryption of data at rest and in transit is the new normal. Or as WernerVogels (Amazon, CTO) says: “Dance like nobody’s watching. Encrypt like everyone is.” The Amazon Elastic File System (EFS) supports both: encryption at rest and encryption in transi...Read more
AWS SSM is a trojan horse: fix it now!
Recently, I held a security workshop together with a team of engineers. At some point, the team demonstrated how they use AWS Systems Manager (SSM) to run commands on a machine. What the team didn’t know: they enabled a backdoor that allows everyone wit...Read more
More than 25 SSL certificates with ECS
Both the Application Load Balancer (ALB) and the Network Load Balancer (NLB) provide TLS/HTTPS listeners allowing you to encrypt the data in transit from the clients to your cloud infrastructure. Together, with the Amazon Certificate Manager (ACM) which...Read more
Cronjob at the edge with AWS IoT
I’m working on a project where I have to manage a cronjob that runs on a small computer with an unreliable Internet connection. I want to configure the cronjob schedule expression (e.g., 0 10 * * *) remotely but the cronjob should not be interrupted if ...Read more
Download YouTube videos with AWS Lambda and store them on S3
Recently, I was faced with the challenge to download videos from YouTube and store them on S3. Sounds easy? Remember than Lambda comes with a few limitations: 512 MB of disk space available at /tmp 3008 MB of memory 15 minutes maximum execution time ...Read more
6 new ways to reduce your AWS bill with little effort
The last time we wrote about how to save AWS costs was at the end of 2015. AWS has changed a lot since then. It’s time for an update with six new tips to save AWS costs with little effort. EC2 AMD InstancesAWS introduced AMD-powered EC2 instances that...Read more
Incident Management for Slack
Team up to solve incidents with our chatbot marbot. Never miss a critical alert. Escalate alerts from your AWS infrastructure among your team members. Strong integrations with all parts of your AWS infrastructure: CloudWatch, Elastic Beanstalk, RDS, EC2, ...