Be it logs, metrics, or traces, in the ideal case, there should be no component in your system that acts like a black box. Every service, be it managed or unmanaged, should log events in your central observability platform. This is also an important criterion when selecting a particular service from cloud providers. It always […]
Category: Amazon CloudWatch
What is DevSecOps? – Implementing DevSecOps with AWS
Simply put, DevSecOps is the practice of integrating security tests into every stage of the software delivery life cycle. It is an extension of the DevOps approach that we have discussed so far in this book. Using tools and processes, it promotes collaboration between development, operations, and security teams. This results in software artifacts that […]
Amazon CloudWatch, Application components, AWS Certification Exam, Early identification of issues, Microsoft Exams
Load testing your application to generate data – Enabling the Observability of Your Workloads
A simple way to load test your To-Do List Manager application could be to run a curl query that targets the application load balancer URL, from within your Cloud9 IDE’s terminal. For hash generation, we can leverage the RANDOM variable and derive a md5 checksum value from it, using the following command: echo $RANDOM | […]
Benefits of observability – Enabling the Observability of Your Workloads
There are multiple benefits that teams get when they make their systems observable: typically spend on filling up a particular form? How many clicks does it take for a user to order an item on my website? How many users are passing wrong parameters to my APIs, and so on? Having established a foundational understanding […]
Application components – Running Containers in AWS
This is supposed to bea long-running application that will primarily consist of two containers – a web application and a database. We can define them in their respective container definitions, which can then both be mapped to a single task definition. ECS offers the service construct to manage such long-running applications, so we will use […]
Improved security awareness of team members – Implementing DevSecOps with AWS
Developers and operation team members often find themselves in situations where they could easily adopt an existing open source tool or third-party library to implement functionality. While it is always a good practice to approach these decisions with a build versus buy mindset and not reinvent the wheel, usage of such external code bases can […]
Trade-offs and challenges of security – Implementing DevSecOps with AWS
Every software team can have its own unique set of challenges to solve, be it technical or cultural. Before we dive into the specifics of DevSecOps, let’s try to understand what led to the need for an iteration of existing DevOps methodologies. Along the way, we will discuss why security can sometimes be seen as […]
Amazon CloudWatch, Application components, AWS Certification Exam, Early identification of issues, Software Composition Analysis
Deploying the stack in an AWS account – Enabling the Observability of Your Workloads
At this point, we can deploy our CDK stack in the AWS account. Alongside core infrastructure elements such as VPCs, subnets, and gateways, it will provision the ECS cluster, which contains three containers – the application, the database, and the OpenTelemetry collector. We will also deploy an independent workspace for Amazon-managed Prometheus. Toward the end, […]
Ensuring security patch readiness when CVEs are identified – Running Containers in AWS
With ECS on Fargate, you can offload the security patching work to AWS and the cloud provider takes responsibility for dynamically patching your instances for any newly identified Common Vulnerabilities and Exposures (CVEs). However, if you are running ECS on EC2, you have to be aware of the Shared Responsibility Model from AWS (https://aws.amazon.com/compliance/ shared-responsibility-model/) […]