Tag Archives: AWS

AWS Config Rules!

I know what you did last summer…opening all those insecure ports in your security groups to quickly troubleshoot that nasty bug, then in the rush to close this issue, forgot to close back the gate! AWS Config is your friend then 🙂

AWS Config Rules is built on top of AWS Config and it allows you to get notified or have action taken when a configuration change is made where it breaches the AWS best practice rules or any of your own set of rules.

Here is the video session on this and the main goodies as well as important notes I found:

  1. It is a change control and auditing solution completely automated! No need for scripts, data store or tracking done by you.
  2. You can troubleshoot and run a time travel like view through your resources, their state and relationships to any other dependent resources exiting through any point in time, including any change or deletion done.
  3. Your data is highly reusable: You get a JSON formatted record of any change to your resources, and where relevant it compatible with the relevant AWS describe commands so you can use that match for validation scenarios.
  4. Powerful correlation: It will use CloudTrail to show you who and when change a resource.
  5. Easily expandable: You create your own rules through AWS Lambda using any language it supports. Rule verifications are triggered based on time or AWS API event (tag created, instance deleted, etc)
  6. Targeted: You easily get a report of what changed when, resources that exist while they shouldn’t or are missing.
  7. Turn events into data by routing AWS Config events SNS notifications into your own event repository in real time.
  8. Coverage: Everything EC2, VPC and CloudTrail related, and now the holy grail: IAM, so now you can dig into who added that policy, or detect when an admin user has been added where it shouldn’t have been.
  9. Availability: AWS Config is available everywhere and AWS Config rules is only available in North Virginia.
  10. Spread: Regional. You need to run and review it in each region separately.. Not quiet as powerful if it were account centered..
  11. Pricing: Right here!

Slides Decks is here:

Launching Ubuntu VM on Windows Azure in less than 1 Min.

Yeh, you all are using Amazon AWS…

But sometimes when you get the urge to try something new, maybe control your AWS operation from an other cloud providers cloud, maybe try Azure 🙂

Here is how to quickly Launch a Ubuntu (or basically any Linux) VM on Windows Azure in less than 1 Min.

Firstly, you may want to set-up this environment for better Azure usage

  1. Sign up at Azure (Free Trial here) + Special free offers and discounts for MSDN Subscribers here
  2. Install the Windows Powershell for Azure (and/or Python and/or Azure command-line interface – CMD) from this link: http://azure.microsoft.com/en-us/downloads/
  3. For Powershell: Use Add-AzureAccount command to add your Windows Azure credentials to your local Powershell install

Setting the Ubuntu VM:

Create the certificate for your new Ubuntu VM: (use Cygwin or any Linux):

openssl req -x509 -days 365 -newkey rsa:2048 -keyout myPrivateKey.key -out myCert.pem

More info: http://azure.microsoft.com/en-gb/documentation/articles/virtual-machines-linux-use-ssh-key/#generate-a-key-from-an-existing-openssh-compatible-key

Using the Azure Web Portal create a new Ubuntu or VM from the Azure templates and use the myCert.pem for the Azure new VM configuration

Prepare a Putty version of your Azure Cert for the VM:

openssl rsa -in ./myPrivateKey.key -out myPrivateKey_rsa

load myPrivateKey_rsa into puttygen and ask it to create a new private key of this
Use .ppk for the output of puttygen private key
Use the new .ppk file for putty ssh session to the Azure Linux VM

Power on the VM (at the Azure portal)

Use putty to login to the new VM (and now you can “sudo apt-get install awscli” or any other stuff you want to do on that Ubuntu VM)

Verifying VM Console & Logs:

Not simple…nothing yet like “aws ec2 get-console-output”

More info:

Simplifying Virtual Machine Troubleshooting using Azure Log Collector (March 2015) –  works for Windows VMs only!! Support for Linux VMs is on the works
Virtual machine console access (Jan 2015)

Verifying VM state in Powershell:

Use the command: Get-AzureVM