Session Manager – Modern Bastion


Are you tired of dealing with key pairs? Maybe tired of securing them with KeyPass? Or configuring SSH daemon for ease of use? Don’t worry, Systems Manager – Session Manager is here to save you from all these.

Session Manager is announced on 11 September 2018 with this blog post. Seriously, I remember being excited like potatoes thrown into hot oil. Because the process for connecting RDS Instances via Bastion Hosts were literal pain in our workplace. All those SSH private keys, security of them, jumping one from another for again, security reasons… All I can say is, it was taking long.

At this point, you might say, “Why aren’t you using a third party UI such as Bastillion EC2 for connecting Instances?” That’s because there are intermediate EC2 Instances  involved with jump process. Complexity is already high, no need to increase it.

Now, you might also say, “But you know you can use a tool to add people’s IP to the security group of the Instances when they try to connect? Then let’s say, after 12 hours, you might remove the IPs from the security group.” For curious cats, it is explained in this Medium Story. That’s an option for sure, but I don’t like the idea of changing the state of a resource that much. Needlessly to say, we want immutable infrastructure in the end, right?

Continue reading

ECS Cluster Hibernation-Scheduled Stop/Start

But Why?

Intensely utilized ECS Clusters can cost lots of Benjamins. Needless to say, there is no way around to lower the costs in Production environments besides provisioning appropriate type of instances for the tasks, coding efficiently, architecting a well-planned infrastructure and so on since the clusters must be running all the times. But of course an Infrastructure Engineer can take actions on Development environments to lower the costs.

I’m shutting down all clusters on Development environment between 23:00-07:00 in my way by a Python Lambda script which gets deployed by Terraform. I stop clusters by setting their Auto Scaling Group to 0. This makes all Container Instances to shut down. But what about the inital ASG states? Where do minimum, maximum and desired values go? I write them to a DynamoDB Table before setting them to 0.

I start the clusters by reading and setting the initial values for Cluster specific ASG from that DynamoDB Table.

For the schedule, I’m using CW Event Rules to trigger the Lambda script.

Let’s see the scripts!

Continue reading

The Ultimate DevOps Explanation

Dream Has Come True!

I am a person who believes that if someone wants to do a successful job, they first need to understand what the job is fundamentally. I love how Albert Einstein put it as he states:

If you can’t explain it simply, you don’t understand it well enough.
– Albert Einstein

With that being said, I consider Amazon’s DevOps definition as a simple yet amazing definition. It describes DevOps in a rough way but also covers nearly everything. Although, it needs some elaboration.

From what I’ve seen, ~99% of the definitions on the internet don’t cover up everything related to DevOps. Let’s be ~1%.

If you know what DevOps actually is, you will start seeing things from a different, constructive, rewarding and top-view perspective and contribute even more to your team.

Continue reading

Creating Cloudwatch Dashboards per Environment with Python

Show Me The Code Already

After installing Cloudwatch Agent to the machines you want to monitor, it’s time to create dashboards to view real-time metrics.

There are some ways to create Cloudwatch Dashboards such as creating them manually by selecting widgets from AWS Console, with Cloudformation etc.

I’ve decided to create them with Python because in DevOps literature, there is no such a thing as manually creating something. I also didn’t want to use Cloudformation because I like scripting and we have many applications to monitor in our company, thus, I needed something to iterate over our environments and create dashboards for each of them.
Continue reading