Cross Region Internal Load Balancing  in AWS with VPC Peering

Load Balancing is a method of addressing High Availability in any Cloud deployment. Load Balancers note the health of backend resources, thereby not sending traffic to servers that are not able to fulfill requests. The main aim of load balancing is to prevent any single server from getting overloaded and possibly breaking down.

In this blog, we are talking about internal load balancing with Network Load Balancer and Application Load Balancer. Network Load Balancer automatically provides a static IP per Availability Zone (subnet) to be used by applications as the front-end IP of the Load Balancer.

Continue reading “Cross Region Internal Load Balancing  in AWS with VPC Peering”

AWS Gateway LoadBalancer: A Load Balancer that we deserve

Nowadays, LoadBalancing is one of the basic needs for the application systems to perform optimally while considering some important factors like- scalability and high availability. Every cloud is providing LBaaS (LoadBalancing as a Service) as an offering so the consumers don’t have to worry about the setup and management of load-balancers by themselves.

But it’s not like that cloud is offering a single type of load balancer for every use case because for different use-case we require a different type of load balancer. For example- we have different load-balancers for Layer4 and Layer7 level traffic.

Recently AWS had a new family member in their load-balancer family and they named it “Gateway Load Balancer“. So gateway load-balancer is a load-balancing service provided by AWS to send traffic to the different appliances, applications, firewalls, etc. that are not part of the current VPC.

Continue reading “AWS Gateway LoadBalancer: A Load Balancer that we deserve”

Know How to Access S3 Bucket without IAM Roles and Use Cases

We all have used IAM credentials to access our S3 buckets. But it’s not a very safe or recommended practice to keep our Access keys and Secrets stored in a server or hard code them in our codebase.
Even if we have to use keys, we must have some mechanism in place to rotate the keys very frequently (eg: using Hashicorp Vault). Another widely adopted method is to use IAM roles attached on the EC2 instance or the AWS service accessing the bucket.

But, what if we need access to the bucket from an on-premise Data Center where we can not attach an IAM role?

Yes, we can obviously use IAM credentials and secret tokens with the rotating mechanism. But setting up the key rotation mechanism itself could be another overhead if we do not have one already in place. What if we do not require keys or roles without making the bucket public?

In this blog, I will make an attempt to cater to this problem with another alternate and easy solution.

Continue reading “Know How to Access S3 Bucket without IAM Roles and Use Cases”

AWS Elastic Network Interface

Networking plays an important role in connecting the components of infrastructure. AWS networking feature works with various types of workloads and provides security, availability, and manageability. Now as most of the IT companies are working on cloud environments for cost reduction, high availability, data security, we are getting some interesting networking features as services. We can manage these quite easily too. Among those services is Elastic Network Interface (ENI) which we get by default when we create an EC2 instance on AWS and can be seen while the instance is being created. It may surprise many of us that the security group is attached to this elastic network interface.

Continue reading “AWS Elastic Network Interface”

Handling Private Affair: A Guide to Secrets Management System

Needless to say an automated system, no matter how big or small, must be designed with scale in mind. We’ll talk about laying foundation for a robust and malleable setup which is a useful read for everyone.

In my experience as DevOps and SRE, I’ve enjoyed quite a lot of things this profession offered. From the satisfaction of fulfilled curiosities to the anxiety of unforeseen mishaps, it delivered one day after the other. The nervousness in the face of new challenges, happiness on receiving appreciation, thrill during troubleshooting, the pride after a successful implementation, and a lot more. But the one I found myself seeking was boredom. Yes, plain old silence where no surprises are met, everything runs exactly as it should and you enjoy listening to dropping pins. This is especially true when the system in question is your own design. There’s no greater sentiment. It is like watching a bird that you’ve freed soar.

Continue reading “Handling Private Affair: A Guide to Secrets Management System”