AWS - Correct process to migrate to M5/C5 instance types
Often when resizing instance types it just a simple case of shutting the EC2 down, changing the type then starting it up but when changing to an M5 or C5 type the EC2 may not boot up which is normally because it does not have either the enhanced networking module installed, the NVMe module installed or you may have block devices mounted using the device names, fortunately there is an AWS script that can be used to run the pre-requisite tests to ensure these are identified and rectified before attempting the resizing of the instance.
This guide shows you how to run the pre-requisite script to give you the best chance of a successful instance resizing.
Read more: AWS - Correct process to migrate to M5/C5 instance types
Firefox - Configuring DNS over HTTPS (DoH)
Firefox have recently launched a feature that allows you to encrypt your DNS traffic, historically DNS uses a combination of UDP and/or TCP on port 53 which has always been available to see in plain text. This controversial feature moves DNS away from the network OS level to the application level.
With this setting enabled the domain name you typed is sent to a DNS-over-HTTPS (DoH) compatible server using an encrypted HTTPS connection instead of a plain text one. This prevents third parties (malicious or not) from observing your DNS traffic.
This article shows you how to enable the setting in Firefox and show the setting in action within Wireshark.
Azure - NAT and PAT through an Azure Load Balancer
Azure load balancers act as a highly available single point of contact that evenly distributes traffic to hosts in a backend pool, they can be utilised with health probes to ensure layer 4 traffic (TCP/UDP) is consistently and evenly distributed to healthy VM's.
This article shows you how to build an Azure load balancer then configure Network Address Translation (NAT) and Port Address Translation (PAT) rules for SSH traffic through for support or monitoring purposes, then lock it down through a network security group. This can easily be adapted for many other types of traffic.
Read more: Azure - NAT and PAT through an Azure Load Balancer
Azure - Control costs by configuring a budget and alerting
Cloud costs can easily spiral out of control with simple administrative mistakes with temporary VM's being left on, misunderstanding storage costs, over provisioning and many more which can present serious problems when the Azure billing is invoiced. Azure budgets can be easily utilised at a subscription level to bring an element of cost control to your Azure estate, they can be scoped so they can be based on subscription, resource groups or a collection of resources and can be configured to trigger numerous types of alerts so you can address a small issue before it becomes a large issue with financial consequences.
This article shows you how to look at your monthly projected forecast, set a budget then setup a trigger to send an email based on a percentage of the budget.
Read more: Azure - Control costs by configuring a budget and alerting
AWS - EC2 Resource Optimisation
AWS have recently launched Amazon EC2 Resource Optimisation Recommendations with certain similarities to 3rd party tools such as CloudCheckr, which can identify idle and underutilised EC2 instances across your accounts and regions using a combination of cloudwatch, resource usage and existing reservations can propose recommendations for reducing costs. Many individuals/companies building new instances or lifting and shifting on-premise servers often have excessive resources allocated which in the cloud world costs you money.
This guide looks at enabling EC2 Resource Optimisation to analyses your spend with the goal to ultimately reduce your AWS costs.
Azure - Configure Global VNet to VNet Peering
Global VNet to VNet peering is when you connect different virtual networks (VNet) across Azure regions. Once the connectivity is established between the virtual networks, traffic is then privately routed through the Microsoft backbone infrastructure providing a low-latency, high-bandwidth connection between your resources meaning no public internet, gateways or encryption is required in the communication between the virtual networks.
This guide shows you how to peer a VNet in the UK South region with a VNet in East US.
AWS - Enable Amazon GuardDuty and trigger a DNS alert
GuardDuty is a security monitoring service that analyses and processes VPC Flow events, CloudTrail and DNS logs. It uses threat intelligence feeds and machine learning to identify unexpected and potentially unauthorised and malicious activity within your environment such as escalation of privileges, or communication with malicious IPs, URLs, or domains. It can detect compromised EC2 instances serving malware or mining bitcoin, monitoring access behaviour for signs of compromise such as unauthorised infrastructure deployments or unusual API calls.
This article shows you how to enable GuardDuty then run a DNS query against a known bad DNS server to trigger an alert.
Read more: AWS - Enable Amazon GuardDuty and trigger a DNS alert
AWS - Migrate Joomla MySQL Database to Amazon RDS
Amazon RDS for MySQL offers many benefits over building and maintaining your own MySQL environments giving you time to focus on application development by managing time-consuming database administration tasks including backups, software patching, monitoring, scaling and replication.
This guide shows you how to move your Joomla MySQL database from an Ubuntu server to an AWS RDS MySQL Database, although this guide focuses around Joomla it could be applied to other MySQL to RDS migrations.
Read more: AWS - Migrate Joomla MySQL Database to Amazon RDS
AWS - Setup Session Manager to access your EC2's via SSH or Powershell
AWS Session Manager is a component of AWS System Manager that allows you to manage your instances through a browser-based shell or AWS CLI. It uses a lightweight agent installed on your servers to execute server management tasks accessible through the console, this can eliminate the requirement of bastion hosts, minimise inbound ports/public ip's or maintaining SSH keys. This tool can also be extremely useful if you have lost communication to your EC2 via your normal method.
This guide shows you how to configure it to connect via SSH to a Linux EC2 and powershell to a Windows EC2 using the session manager within systems manager.
Read more: AWS - Setup Session Manager to access your EC2's via SSH or Powershell