RSInfoMinds

  The below post is the first step in learning the AWS Developers Tool.  We will see how to integrate Pycharm IDE with GitHub. First, We need a GitHub Account and we need to generate a Token. I have a GitHub repo called "aws_code_deploy". Now let's set up a secure encrypted communication between the PyCharm IDE & the GitHub Repository. To ensure that your PyCharm IDE can access your GitHub Repository, you must generate a Personal Access Token from  here . The scopes gist, read:org, and repo are the minimum that must be granted to the access token. Any additional scopes can be granted as per requirement. Now, We have the token generated. In PyCharm go to File Menu→ Settings → Version Control → GitHub. Now, the GitHub account is added. Now PyCharm is permitted to access your GitHub Repo, but we still need to technically enable the secure encrypted exchange via SSH. Unless this is done, it will not be possible to Clone the Repository or Pus...

  Amazon Simple Notification Service (Amazon SNS) sends notifications two ways, A2A and A2P. A2A provides high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications.  These applications include Amazon Simple Queue Service (SQS), Amazon Kinesis Data Firehose, AWS Lambda, and other HTTPS endpoints. A2P functionality lets you send messages to your customers with SMS texts, push notifications, and email.  In this post, we will see how to protect sensitive data from being sent to the endpoints. We already have a TOPIC and EMAIL subscription in place. Let's test it by sending a message with a US mobile number. And we got the message. Let's create a "Data Protection Policy" with DENY for USA Mobile Numbers. Edit the TOPIC. The Deny Statement has predefined Data Identifiers like Phone numbers and others. In the above statement, I have added a DENY for PHONE NUMBER US. DENY DIRECTION can be INBOUND a...

  Today I was working on a weird request. The ask was to create an SQS notification for the ASG Instance launch.  ASG comes with an option of SNS notification while provisioning. But for SQS is kind of complicated. Steps: 1) Create a launch template 2) Create an ASG. 3) Create an SQS of STANDARD type. FIFO SQS does not support notification. 4) Make sure the SQS access policy allows sending Messages. 5) Create an IAM role with assumable service to "Service": "autoscaling.amazonaws.com" and the SQS actions like "SendMessage". 6) Create a lifecycle hook via CLI. Because UI does not provide an option for notification target (SQS). Let's create a launch template: Let's create an ASG with the above launch template: We are done with ASG. Will proceed with SQS. Will proceed to create IAM role with assumable service  "Service": "autoscaling.amazonaws.com" and the SQS actions like "SendMessage". Now, Let's cr...

 In this post, we will see how to do an AZ failover for an EKS Cluster. Above is the typical multi-region failover where we will have 2 DNS records. Primary EKS cluster in US-EAST-1 with DNS east.eks.com Secondary EKS Cluster in US-WEST with DNS west.eks.com This means we will have 2 A records for the address www.app.com. DNS failover will happen whenever there is a health check failure. But in this post, we will how to perform AZ resiliency. Regions are a collection of AZs. Let's imagine an EKS Cluster is created on a single region us-east-1 with 2 AZs us-east-1a and us-east-1b. In this single region architecture, We have core nodes 1 or 2 in each AZ (Nodes where K8s core components like Kube-API, Kube Scheduler, ETCD, and others will be running). Similarly, We will have a set of worker nodes running on both the AZs (US-EAST-1A and US-EAST1B). When we create a deployment with 2 replicas, each will be created in one AZ. 1st copy in US-EAST-1A  2nd copy in US-EAST-1B This can b...