The Orbit Blog

Learn about best practice, news, how-tos, and insight. The goal? Accelerate your AWS Journey.

Public EBS snapshots and other things to worry about

By Brett Gillett //

NOTE: This article originally appeared on LinkedIn. By now, I’m sure most of you have seen the recent article on TechCrunch related to public EBS snapshots. If you haven’t let me sum it up for you - like S3 if you do silly things, your data may end up in the wrong hands. In the article, the security researcher - Ben Morris - estimates that there “…could be as many as 1,250 exposures across all Amazon cloud regions.

Running Windows-Based Business Applications on the AWS Platform

By Brett Gillett //

How we helped a multinational recruiting firm run their Windows-based business applications on the AWS platform. The Customer Our client is a recruiting firm with locations across the globe. Last year alone they placed tens of thousands of people in permanent and temporary employment positions. We were engaged by the Americas business unit to help them better leverage the AWS platform by speeding up deployment and development work, as well as streamlining the maintenance of the business applications running on AWS.

Running a Windows-Based SSO Solution on AWS

By Brett Gillett //

How we helped a Canadian-based multinational automotive manufacturer deploy a Windows-based SSO solution to support their national Content Management System (CMS). The Customer Our client is a multinational automotive manufacturer with operations located in Canada. We were engaged by the Canadian team to help migrate their existing national CMS to the AWS platform. As part of the migration process we also had to design and deploy a Single Sign On (SSO) solution based on the Windows platform.

Leveraging AWS CloudFormation Change Sets to manage change

By Brett Gillett //

Summary of Environment A large automotive manufacturing company approached us to help them with a hybrid deployment of a commercial content management system (CMS) on the AWS platform. Once deployed, the solution would provide services to a network of dealers across Canada. We worked with their in-house team to develop and implement a solution based on AWS CloudFormation and integrated it with GitLab. By combining the Continuous Integration (CI) capabilities of GitLab with the native functionality of AWS CloudFormation, we were able to create a system which allowed fast, efficient and repeatable deployments across multiple environments - including production - and AWS accounts.

AWS CloudFormation and GitLab CI Pipeline

By Brett Gillett //

Summary of Environment A multinational recruiting firm required a large hybrid deployment to support their main business functions in North America - including, but not limited to, payroll, finance, and time tracking. AWS CloudFormation is used to manage all environments - including production - across several AWS accounts and AWS regions. We took a ‘microservices approach’ to the creation of the templates used to deploy and maintain the environment. Virtually all aspects of the AWS deployment are managed via small, easy to operate and maintain CloudFormation templates.

AWS Shared Responsibility

By Brett Gillett //

Yes, you have responsibilities. Just because you’re using someones else’s computer doesn’t mean you get to ignore all the boring stuff and hope that someone else takes care of it for you. Want to know who’s responsible for what? Make sure you read the AWS Shared Responsibility Model. Here’s the Coles notes version for those of you who still won’t read it. AWS is responsible for the security of the cloud; you are responsible for security in the cloud.

Reduce EC2 Spending

By Brett Gillett //

EC2 is one of the ‘big three’ of AWS spending. In many cases, the majority of your AWS bill is made up of EC2, EBS, and RDS consumption. Reducing EC2 spending is easy - You don’t need fancy tools or in-depth analysis. When a resource like an EC2 instance isn’t in use - shut it down. If your Proof-of-Concept (POC) project is complete - terminate the resources. We recently worked through this process for a customer - you can see the results below.

Putting the AWS Security Audit program to the test in FinTech

By Brett Gillett //

In a recent post, I shared details of the AWS Security Audit program offered by Curious Orbit. Today I want to show you how this program helped a real customer. 3rd party validation to verify security requirements CASHiQ is a FinTech startup company based in Hamilton, Canada. The company produces a third party application that financial advisors can use to improve efficiency through online interactions. For example, the app can be used to store documents, share portfolio information, and even correspond with clients in real time.

AWS Well Architected Framework

By Brett Gillett //

The AWS Well Architected Framework (WAF) is a series of documents maintained by the subject matter experts at Amazon Web Services. The goal of the Well Architected Framework is to provide you with guidance on how to build more flexible, resilient, secure, cost-effective solutions on the platform. Currently, there are five ‘pillar’s, three ‘lens,’ and an overview document. Pillars consist of the following documents: Operations Excellence Security Reliability Performance Efficiency Cost Optimization The three lenses are:

VPC Flow Logs - an Introduction

By Brett Gillett //

If you’re running solutions on the AWS platform, you most likely have a Virtual Private Cloud (VPC). The majority of deployed VPCs don’t have an essential feature enabled - VPC Flow Logs. VPC Flow logs provide insight into the traffic flowing in (and out) of your VPC. You can enable logging for an entire VPC, subnets or network interfaces within a VPC. During the setup process, you can decide what you want to record - Rejected, Accepted, or All traffic.

Customer Spotlight

The Canadian Press

Founded in 1917, The Canadian Press is Canada's independent news agency. More than 180 journalists provide real-time, bilingual multimedia stories across a diverse number of platforms. Read about how The Canadian Press partner with us to build a dynamic, cost-effective solution on AWS.

Read Customer Story