• Updating Amazon VPC Subnets - and some Pitfalls

    Today I updated some subnet layouts in the VPC of an AWS service. Back in the day when the service had started it ran on only one subnet per availability zone. I wanted to change this to a cleaner architecture with a public and a private subnet per availability zone. Each private subnet communicates with the public internet over a NAT gateway.

  • List AWS Parameter Store Values in the Command Line in a Table

    Today I want to show a very simple snippet for AWS, again. I am currently starting to configure our services with AWS Systems Manager Parameter Store instead of managing the configuration files in each AMI manually. It works well so far, but for some reason the AWS Web Console does not include the configuration value in the tabular overview. So, getting a quick overview over all defined values is not possible.

  • Towards a more Restricted Set of AWS IAM Permissions for Packer

    Packer allows us to build images for different platforms, one of them being AWS. AWS images are built within the AWS environment, which means that Packer requires permissions to AWS in order to build an image. If we look at the official documentation it gives us the set of required permissions with "Resource": "*". This applies to all API endpoints they use, including for example DeleteKeyPair, DeregisterImage and TerminateInstances.

  • Load Balancing and Auto Scaling with Open Source HAProxy

    When your application has more demand than can be handled by a single machine or when you want to safe-guard against failure or a single server, you might want to load balance it. There are different patterns to load balance an application, e.g. you can offload the heavy processing through a message queue, or you can redirect traffic directly to different servers. In this tutorial we will look at the latter.

  • Run an Action on all VMs in an AWS Auto Scaling Group

    Proponents of ephemeral servers say that one should treat infrastructure like cattle instead of pets. The counter argument is that a farmer would not just let their investments (animals) die, but at least try to give them some medicine. While I don’t perform changes on individual servers in my server fleet, there are definitely times when I need to to ssh into them and check something.