Here are three of the simplest - often overlooked - ways to quickly improve the security of your AWS account.
Enable a Password Policy I’m always amazed when we audit an AWS account, how many folks don’t have a password policy enabled in their AWS account. We would never do this on-premise, but for some reason, it happens all the time on AWS. Enabling a password policy takes all of two minutes and ensure that your users have high-quality passwords.
In case you missed it, back in July AWS announced a new feature for EBS snapshots called Data Lifecycle Management (DLM). DLM removes much of the heavy lifting associated with ensuring your EBS volumes are properly backed up - also known as ‘snapshotting.’ All you need to do is create an IAM role; DLM will do this for you, but you could also use CloudFormation, tag your EBS volumes and then create one or more policies.
Last week, I had the opportunity to attend a Smart Cities meet up co-sponsored by the Town of Oakville and Silicon Halton. It was interesting to have a chance to hear many different perspectives on what precisely a Smart City is. Many people spoke at the event including town employees and consultants, as well as from Silicon Halton members.
After the formal part of the meeting had concluded I had the opportunity to chat with a few different folks about Smart Cities in general and in particular Open Data.
Last week I taught an Architecting on AWS course. During the course, we spend a fair amount of time talking about Compute (Elastic Compute Cloud) and Storage (Elastic Block Storage), which always leads to some great discussion around how to get started.
We’ve talked about ‘right-sizing’ your compute and what reserved instances are before on the site, but I’ve never dived into how to get started - so here we go.
Slack is an essential tool at Curious Orbit. We use it to communicate internally - whether we’re looking for project updates from Asana, figuring out who is on vacation, or even who is at the front door. We also use it for all our AWS Managed Support customers as a way to provide technical support and keep our customers up-to-date with what is happening in their AWS account.
Before building this solution we used the Simple Notification Service (SNS) to send emails to customers when CloudWatch detected something out of the ordinary occurring in their AWS account - maybe a root login, or someone logging in without a multi-factor authentication (MFA) token associated to their IAM account.
A few weeks back, I wrote about how we help organizations find talent with the attributes we feel make excellent members of an AWS team. This week, I’d like to build on the topic and describe to you how we help organizations construct a CCoE.
Think of the Cloud Center of Excellence as a hub of a wheel; it’s the team within the organization which sets the overall direction and empowers other groups within the company to move as fast as they can within a set of guardrails built and maintained by the members of the CCoE.
At the last Re: Invent conference AWS announced several additions to their Artificial Intelligence and Machine Learning portfolio. One of the new services, in particular, caught my attention - AWS Comprehend. In previous posts, I’ve talked about how important AWS’ AI/ML solutions are to organizations, as well as how easy they are to use.
AWS Comprehend is no different. It’s an easy to use Natural Language Processing (NLP) service which allows you to analyze text.
If I had to weigh the difficulty of the AWS platform versus finding the right technical resources, by far the search for the best resources for your team is the most challenging aspect of building solutions on the AWS platform.
Over the last year and a bit, we’ve helped dozens of organizations build their internal teams. In this article, I’ll outline some of the most important things we look for when scouting for AWS resources.
A significant selling point for AWS is the ability to go global in minutes. To better understand what that means, this article is going to break down Amazon’s existing global infrastructure for AWS. To start, let’s look at the world; on any globe, we group countries into continents, and that is where the AWS footprint starts: Regions. Each Region is a physical location in the world comprised multiple Availability Zones.
IAM Access Keys - Does the user really require them? I have very strong feelings when it comes to IAM Access Keys which I can sum up rather quickly - never - ever - provide Access Keys to your users - end of story.
Let me explain why I take this stance - in my experience 99% of the time the user doesn’t actually require them. Sure you have power users within the organization who want to interact with AWS via the CLI or maybe a script or two (more on that later), but in my experience the vast majority of AWS users interact with the platform via the AWS Management Console and these users do not need keys.