• Using Deployment Time Values from Parameter Store in a Launch Template's User-Data Script with AWS CDK

    I’ve been starting to port all of our hand-managed infrastructure over to AWS CDK. CDK is a program by Amazon available for a few programming languages which allows you to define your infrastructure in code. I for myself use it with Python. CDK comes with two different types of classes: L1 and L2 constructs. L1 constructs are a direct mapping between Cloudformation types and CDK classes, L2 constructs are an abstraction. I use only L1 constructs, because I feel I have better control with them.

  • Chainloading Ubuntu with GRUB 2 from Archlinux with SYSLINUX

    I’m running a dual boot system on my Notebook with one OS being my private one and the other being the one for my employer. This week my company operating system died and I had to re-install it. For my private operating system I use Arch Linux with a SYSLINUX bootloader and for the company I use Ubuntu (which by default uses GRUB 2 as bootloader). Both of my installations use root volume encryption.

  • Updating Amazon VPC Subnets - and some Pitfalls

    Today I updated some subnet layouts in the VPC of an AWS service. Back in the day when the service had started it ran on only one subnet per availability zone. I wanted to change this to a cleaner architecture with a public and a private subnet per availability zone. Each private subnet communicates with the public internet over a NAT gateway.

  • List AWS Parameter Store Values in the Command Line in a Table

    Today I want to show a very simple snippet for AWS, again. I am currently starting to configure our services with AWS Systems Manager Parameter Store instead of managing the configuration files in each AMI manually. It works well so far, but for some reason the AWS Web Console does not include the configuration value in the tabular overview. So, getting a quick overview over all defined values is not possible.

  • Towards a more Restricted Set of AWS IAM Permissions for Packer

    Packer allows us to build images for different platforms, one of them being AWS. AWS images are built within the AWS environment, which means that Packer requires permissions to AWS in order to build an image. If we look at the official documentation it gives us the set of required permissions with "Resource": "*". This applies to all API endpoints they use, including for example DeleteKeyPair, DeregisterImage and TerminateInstances.