Accessing EC2 with AWS SSM Session Manager

AWS offers a way to access EC2 in private subnet without needing outbound connection to the internet with AWS Systems Manager Session Manager. This is useful for situation where a bastion server is needed for accessing databases / cache. Some of the benefits in using Session Manager: Access using IAM policies No opening of inbound ports to EC2 needed No management of SSH keys needed Easy access through AWS Console / AWS CLI Logging and auditing sessions through AWS CloudTrail / S3 / CloudWatch Logs Below is an example of an architecture showing how user access the instance which is in the intra subnet (without internet access). ...

November 11, 2024 路 5 min 路 Hazmei

Code Signing for Lambda 馃攼

A couple of months ago, I was working on increasing the security posture of our AWS Lambda functions. Code Signing was one of the AWS features that I tested out. In this post I will talk a bit about my experience with Code Signing for Lambda. Introduction AWS Code Signing for Lambda was released 4 years ago in 2020. This ensures that only trusted code can be deployed to the Lambda functions by validating the code signature with the signing profile. AWS Signer is one of the requirement in implementing code signing. The good news is that there is no additional charge to use AWS Signer with AWS Lambda. 馃帀 ...

January 28, 2024 路 5 min 路 Hazmei

Debugging Pods Stuck In Init/ContainerCreating State

Here at Ascenda Loyalty, we are using AWS managed kubernetes service (EKS) to run out applications. Some background info EKS, aka Elastic Kubernetes Service is a managed kubernetes service offered by AWS. They help to manage the control plane of the kubernetes cluster and the worker nodes (for EKS Fargate). Security group for pods are used for our application pods and some internal services. This allows us to manage the network security out of the kubernetes layer and between the AWS resources (ie. RDS, ElastiCache). Due to a limitation in the amount of pods that can use security group (only supported by most nitro based Amazon EC2 instance family and limited number of pods allowed to have SG), we are unable to use it for all of our pods. ...

September 19, 2021 路 5 min 路 Hazmei