The Orbit Blog

Learn about best practice, news, how-tos, and insight. The goal? Accelerate your AWS Journey.

Using a Deletion Policy to protect resources deployed using AWS CloudFormation

By Brett Gillett //

This post is part of a series of introductory articles related to building AWS services using AWS CloudFormation. You can read about CloudFormation Conditions, CloudFormation Parameters, and the DependsOn attribute in earlier posts By default, when you delete a CloudFormation Stack, all resources are deleted (there are some exceptions - check the AWS DeletionPolicy documentation page to be sure). In most situations, this may be what you would like to happen; however, you may have business-critical resources that require an extra level of protection.

Automation is the public cloud's true superpower

By Brett Gillett //

Regardless of the platform you use, automated deployments, remediation response, and daily tasks are the public cloud’s real power. Since all providers are nothing more than a collection of APIs (I like to use the bucket of lego analogy), there’s no right answer on how to automate. The one thing to keep in mind is that automation is a marathon and not a sprint. If you’re getting started, it’s crucial not to overwhelm yourself with what’s possible.

Using Conditions in your CloudFormation templates

By Brett Gillett //

This post is part of a series of introductory articles related to building AWS services using AWS CloudFormation. You can read about CloudFormation Parameters and the DependsOn attribute in earlier posts The simplest way to think about Conditions within a CloudFormation template is to treat them like ‘if’ statements in your favourite programming language. By using Conditions, we’re able to create templates that can be used across multiple environments within our AWS accounts, which results in a lower number of templates to manage - which is a good thing.

Setting Up an SFTP Server on AWS

By Travers Annan //

Sometimes you just need a quick and secure solution to share some files between multiple users. In AWS, there is a service called the AWS Transfer Family that works with Amazon S3 to help users securely move and store files in the cloud. There are several transfer protocol options available, namely FTP, FTPS, and SFTP. In this article, we will explore how to deploy and use a serverless SFTP solution in the AWS cloud.

Identity and Access Management (IAM) - Practice Least Privilege

By Chuck Ingram //

IAM is the main source of access for your AWS account and ensuring that everything is secure is an important part of maintaining your environment. Let’s say a new contractor is going to start working with your team and you’ve been tasked with creating a new user for them that allows them to perform specific EC2 and RDS actions within the four AWS accounts you use; Identity (where IAM users exist), Prod, Test, and Sandbox.

Using Parameters in your CloudFormation templates

By Brett Gillett //

This post is part of a series of introductory articles related to building AWS services using AWS CloudFormation. You can read about CloudFormation Conditions and the DependsOn attribute in earlier posts While Parameters are technically optional, they are essential to building flexible CloudFormation templates. Think of Parameters as variables; they are interpreted by CloudFormation when performing actions on your CloudFormation stacks. Here’s a simple example of creating a parameter for setting a tag value: 1 2 3 4 5 6 environment: Type: String Default: development AllowedValues: - development - production

Using CloudWatch to Monitor VPN Connections

By Travers Annan //

VPNs are essential for modern internet security, and most organizations use them as part of their IT infrastructure. Cloud IT systems are no different, however in a cloud environment there are some interesting opportunities for automating the monitoring and maintenance of IT resources. A great example in AWS is that you can set up CloudWatch alarms to track the status of your resources and take automatic action in case of a failure event.

CloudWatch Logs Retention Periods

By Brett Gillett //

If you’re not familiar with CloudWatch Logs its a feature of the CloudWatch service which allows us to persist logs from applications and operating systems on the AWS platform. Once you’ve installed - and configured - the Unified CloudWatch Log agent, you’re able to gather logs from both EC2 and Server instances (on-premise). By default, CloudWatch Logs stores log data indefinitely. This is fantastic, but we need to remember that we pay for log storage.

Using the Cloudformation attribute DependsOn to control resource creation

By Brett Gillett //

This post is part of a series of introductory articles related to building AWS services using AWS CloudFormation. You can read about CloudFormation Conditions and about CloudFormation Parameters in earlier posts By default, Amazon CloudFormation deploys resources defined in a template in parallel. When you think about it, this makes a lot of sense; deploying in parallel CloudFormation can reduce the amount of time it takes to create the services you’ve defined in your template.

Using CloudWatch Log Insights and AWS Athena to troubleshoot Network issues

By Chuck Ingram //

Enabling logs and configuring them is an important step in securing your AWS environment, however you have to also be using them effectively! Just monitoring your environment isn’t enough, you should also be proactive with the data you’re collecting. Today I’ll focus on VPC Flow Logs, where and how they’re stored, and how to use that data to troubleshoot common network issues. Finding your Logs First off, determine if VPC Flow Logs are enabled.