The Orbit Blog

Summary of Environment A multinational recruiting firm required a large hybrid deployment to support their main business functions in North America - including, but not limited to, payroll, finance, and time tracking. AWS CloudFormation is used to manage all environments - including production - across several AWS accounts and AWS regions. We took a ‘microservices approach’ to the creation of the templates used to deploy and maintain the environment. Virtually all aspects of the AWS deployment are managed via small, easy to operate and maintain CloudFormation templates.

Yes, you have responsibilities. Just because you’re using someones else’s computer doesn’t mean you get to ignore all the boring stuff and hope that someone else takes care of it for you. Want to know who’s responsible for what? Make sure you read the [AWS Shared Responsibility Model] (http://aws.amazon.com/compliance/shared-responsibility-model/). Here’s the Coles notes version for those of you who still won’t read it. AWS is responsible for the security of the cloud; you are responsible for security in the cloud.

EC2 is one of the ‘big three’ of AWS spending. In many cases, the majority of your AWS bill is made up of EC2, EBS, and RDS consumption. Reducing EC2 spending is easy - You don’t need fancy tools or in-depth analysis. When a resource like an EC2 instance isn’t in use - shut it down. If your Proof-of-Concept (POC) project is complete - terminate the resources. We recently worked through this process for a customer - you can see the results below.

In a recent post, I shared details of the AWS Security Auditprogram offered by Curious Orbit. Today I want to show you how this program helped a real customer. 3rd party validation to verify security requirements CASHiQ is a FinTech startupcompany based in Hamilton, Canada. The company produces a third party application that financial advisors can use to improve efficiency through online interactions. For example, the app can be used to store documents, share portfolio information, and even correspond with clients in real time.

The AWS Well Architected Framework (WAF) is a series of documents maintained by the subject matter experts at Amazon Web Services. The goal of the Well Architected Framework is to provide you with guidance on how to build more flexible, resilient, secure, cost-effective solutions on the platform. Currently, there are five ‘pillar’s, three ‘lens,’ and an overview document. Pillars consist of the following documents: Operations Excellence Security Reliability Performance Efficiency Cost Optimization The three lenses are:

If you’re running solutions on the AWS platform, you most likely have a Virtual Private Cloud (VPC). The majority of deployed VPCs don’t have an essential feature enabled - VPC Flow Logs.VPC Flow logs provide insight into the traffic flowing in (and out) of your VPC. You can enable logging for an entire VPC, subnets or network interfaces within a VPC. During the setup process, you can decide what you want to record - Rejected, Accepted, or All traffic.

A few weeks back, my nephew spent a few days with us to finish his March break. Like many gamers, he spends most of his time in Fortnite, but when he arrived, he reminded me about our AWS Minecraft server from the previous year. His memory is (much) better than mine, so I had to go digging - but I found the Amazon Machine Image (AMI) we created when we mothballed the Minecraft adventure from the year before.

Originally posted to ORBIT - our weekly newsletter - back in December. Want content earlier? Sign up now! As we get closer to the end of the year I’ve been spending time looking at the work we’ve done for customers and the most common questions we’ve received from students in our AWS training sessions. This week I decided to create a list of ‘Resolutions’ for 2019 when it comes to deploying (and/or supporting) solutions on the AWS platform.

Today, let’s talk about security — of your AWS account and cloud infrastructure. If it keeps you up at night, you’re not alone. Many business leaders struggle with the notion of audits, or the security of their account. For instance, maybe you’re thinking about the increasing trend of cyber attacks, which have become more prominent in recent years. Many high-profile organizations have revealed network compromises that led to customer information being stolen or, at minimum, placed at serious risk.

If memory serves me correctly, the upcoming Re: Invent conference in Las Vegas will be my fourth. Every year it gets bigger, and I figured it was about time that I wrote about what I’ve learned about how best to survive Re: Invent. Tip #1: Stay in one spot each day Last year was the first time the conference was spread across many hotels on the Vegas strip. Because everything was so spread out, AWS provided shuttle services between the venues so that people could get to their sessions.