AWS Gateway LoadBalancer: A Load Balancer that we deserve

Nowadays, LoadBalancing is one of the basic needs for the application systems to perform optimally while considering some important factors like- scalability and high availability. Every cloud is providing LBaaS (LoadBalancing as a Service) as an offering so the consumers don’t have to worry about the setup and management of load-balancers by themselves.

But it’s not like that cloud is offering a single type of load balancer for every use case because for different use-case we require a different type of load balancer. For example- we have different load-balancers for Layer4 and Layer7 level traffic.

Recently AWS had a new family member in their load-balancer family and they named it “Gateway Load Balancer“. So gateway load-balancer is a load-balancing service provided by AWS to send traffic to the different appliances, applications, firewalls, etc. that are not part of the current VPC.

Continue reading “AWS Gateway LoadBalancer: A Load Balancer that we deserve”

Know How to Access S3 Bucket without IAM Roles and Use Cases

We all have used IAM credentials to access our S3 buckets. But it’s not a very safe or recommended practice to keep our Access keys and Secrets stored in a server or hard code them in our codebase.
Even if we have to use keys, we must have some mechanism in place to rotate the keys very frequently (eg: using Hashicorp Vault). Another widely adopted method is to use IAM roles attached on the EC2 instance or the AWS service accessing the bucket.

But, what if we need access to the bucket from an on-premise Data Center where we can not attach an IAM role?

Yes, we can obviously use IAM credentials and secret tokens with the rotating mechanism. But setting up the key rotation mechanism itself could be another overhead if we do not have one already in place. What if we do not require keys or roles without making the bucket public?

In this blog, I will make an attempt to cater to this problem with another alternate and easy solution.

Continue reading “Know How to Access S3 Bucket without IAM Roles and Use Cases”

AWS Elastic Network Interface

Networking plays an important role in connecting the components of infrastructure. AWS networking feature works with various types of workloads and provides security, availability, and manageability. Now as most of the IT companies are working on cloud environments for cost reduction, high availability, data security, we are getting some interesting networking features as services. We can manage these quite easily too. Among those services is Elastic Network Interface (ENI) which we get by default when we create an EC2 instance on AWS and can be seen while the instance is being created. It may surprise many of us that the security group is attached to this elastic network interface.

Continue reading “AWS Elastic Network Interface”

Handling Private Affair: A Guide to Secrets Management System

Needless to say an automated system, no matter how big or small, must be designed with scale in mind. We’ll talk about laying foundation for a robust and malleable setup which is a useful read for everyone.

In my experience as DevOps and SRE, I’ve enjoyed quite a lot of things this profession offered. From the satisfaction of fulfilled curiosities to the anxiety of unforeseen mishaps, it delivered one day after the other. The nervousness in the face of new challenges, happiness on receiving appreciation, thrill during troubleshooting, the pride after a successful implementation, and a lot more. But the one I found myself seeking was boredom. Yes, plain old silence where no surprises are met, everything runs exactly as it should and you enjoy listening to dropping pins. This is especially true when the system in question is your own design. There’s no greater sentiment. It is like watching a bird that you’ve freed soar.

Continue reading “Handling Private Affair: A Guide to Secrets Management System”

Learn the Hacks for Running Custom Scripts at Spot Termination

Nowadays, it is very common to run applications on Spot instances. In this scenario, where a spot instance could be terminated at any point of time because of AWS pulling back their resource or ASG Scale-In incident, we need to have something in place to handle the termination smoothly so that we can complete our final tasks before the system shutdown. It could be executing some scripts, unmounting some storage device, shipping final log files to S3, or uploading cache data in a centralized server like Redis.
Today, I will attempt to cater to this problem.

First of all, let’s think of trying to run a custom script prior to shutdown in our local system. If everything works fine, the same would be applicable for ec2 spot instances too.

Continue reading “Learn the Hacks for Running Custom Scripts at Spot Termination”