Should you consider Terraform to manage your AWS resources, even though Amazon has a fully supported management tool in CloudFormation? The answer is a clear yes, if you a multicloud shop, but we’re going to explore the answer for AWS-only environments.
CloudFormation is fully supported by AWS, however, even today, nine years after the first public launch, Amazon still doesn’t mandate that their service development teams launch services with full CloudFormation support, occasionally leaving end users stuck waiting for Amazon to add support for features and services. In contrast, when using an open source tool like TerraForm, if the support isn’t there, you can add it yourself and submit a PR, and magically the tool now supports it! This leads to much fewer gaps in coverage. In addition, CloudFormation doesn’t support reusable code blocks, leaving one to have to use a third party meta templating tools like Troposphere or Lono (we strongly encourage you to use these tools if you chose to use CloudFormation). Be aware, that Terraform does require you to manage state, but you can store it in S3 or DynamoDB. TerraForm has built in functionality, allowing one to write DRY (Don’t Repeat Yourself) code. Be aware that CloudFormation still was one killer feature. If you want to share a preconfigured stack with another organization, you can share a CloudFormation template with little worries about compatibility or versioning. Like most AWS services, CloudFormation has excellent backward compatibility and this should “just work." Feel free to drop us a note, if you’d like to discuss your CloudFormation or Terraform deployments.
0 Comments
Our friendly local Linux User Group, NYLUG, is hosting Stephen Gallagher from RedHat, who will introduce attendees to the new features available in the recently-released Red Hat Enterprise Linux 8. Stephen will cover multiple topics: Application Streams, Image Builder, Insights, container tools (featuring the all-new Universal Base Image), new security features, Ansible-powered System Roles, the web console, and the virtual data optimizer.
Even if you aren’t using RedHat Enterprise Linux it’s worth checking out, as many of these features will work their way into CentOS 8, when it is released. CentOS is one of Brandorr’s recommended distros, and is very popular with our clients. RSVP is required, so please visit NYLUG’s meetup page, and let them know you are coming. https://www.meetup.com/nylug-meetings/events/261629022/ Cost management in AWS, especially in a large infrastructure can be a complex task, fortunately this can be simplified using tag management for cost allocation and tracking.
Because AWS Lambda functions can span multiple applications and regions, with customers potentially running hundreds, if not thousands of Lambda functions, tagging support is essential for many larger organizations that use billing tags to track and chargeback AWS usage. Today Amazon is introducing support for tagging AWS Lambda functions, providing the ability to use these tags to track your costs down to the individual Lambda function. In addition, Amazon announced Lambda support for Python. Lambda now supports 4 major languages: Python, Java (Java 8 compatible), C# (.NET Core) and JavaScript (NodeJS). This is a great set of languages, and we’re hoping to see this list grow over time as Lambda and serverless computing become ever more popular. -- Brandorr Group is an Advanced Amazon Web Services Consulting Partner with decades of experience architecting, automating, and managing cloud infrastructure using AWS best practices. We help our clients successfully execute their cloud strategy by providing architecture and implementation services with 24x7x365 oncall emergency response. We’d love to help with your automation/scaling needs, contact us today. It’s official, the world has run out of IP addresses, at least IPv4 addresses, those 32-bit numbers that we are all so used to in the networking field. The solution to this problem has been around since 1999, when IPv6 was deployed, but it did not have adoption and the internet community as a whole decided to stay with IPv4 until it ran out.
Now it is time to start deploying workloads using IPv6; thankfully over the last couple of years AWS has been releasing support for IPv6 on many regions and has prepared to help its users with a seamless experience. IPv6 has plenty of room for growth and also opens the door to new applications and new use cases. On December 1, 2016 AWS announced its support for IPv6 on EC2 Instances in Virtual Private Clouds (VPCs). Earlier announcements included IPv6 support for S3 (including Transfer Acceleration), CloudFront, WAF, and Route 53. The first region with EC2 support for IPv6 was the US East (Ohio) Region. Today AWS released IPv6 support for the following regions: US East (Northern Virginia), US East (Ohio), US West (Northern California), US West (Oregon), South America (São Paulo), Canada (Central), EU (Ireland), EU (Frankfurt), EU (London), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia Pacific (Mumbai), and AWS GovCloud (US) Along with EC2, AWS released support for Application Load Balancer (ALB) to have IPv6 in dual-stack mode, allowing access via IPv4 and IPv6, on the following regions: US East (Northern Virginia), US West (Northern California), US West (Oregon), South America (São Paulo), EU (Ireland), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), and AWS GovCloud (US) AWS continues to innovate and pushing the envelope to have more regions be able to support IPv6. When Amazon launched AWS WAF in October of 2015, it made many customers’ lives easier, but required that they use AWS CloudFront as their Content Delivery Network (CDN). Many customers already had other CDN partners, such as Akamai and Fastly, and couldn’t realistically switch to CloudFront to take advantage of AWS WAF. This has now changed, as just yesterday Amazon announced AWS WAF availability on the Application Load Balancer (ALB). This opens up a lot of opportunities for AWS customers that aren’t using CloudFront.
Web application firewalls (WAF) filter, monitor, report and potentially block HTTP traffic to and from web servers and web applications. WAFs inspect HTTP traffic looking for malicious behavior targeting known security flaws. In addition, WAFs can define the allowed behavior of web application users by enforcing a site navigation map of whitelisted URLs. In the case of AWS WAF, this is done by defining “web ACLs” (Access Control Lists). When security of your web application is important, WAFs are a great tool to protect your infrastructure, as WAFs can protect your web workloads against threats like SQL injection, cross-site scripting, session hijacking, parameter or URL tampering and buffer overflows. -- Brandorr Group is an Advanced Amazon Web Services Consulting Partner with decades of experience architecting, securing, automating, and managing cloud infrastructure using AWS best practices. We help our clients successfully execute their cloud strategy by providing architecture and implementation services with 24x7x365 oncall emergency response. We’d love to help with your automation/scaling needs, contact us today. |
AuthorBrandorr Group LLC is a one-stop cloud computing solution provider, helping companies manage growth and ship new projects using cloud and scalability best practices.
Recent Posts
June 2019
|