Have you deployed Control Tower and then deployed Security Hub and expected that AWS Config would be enabled in the Management account, but find that it isn’t? It’s a relatively simple fix that involves adding your account id to several StackSets and configuring a missing role: StackSets: AWSControlTowerBP-BASELINE-SERVICE-ROLES AWSControlTowerBP-BASELINE-ROLES AWSControlTowerBP-BASELINE-CONFIG Roles: AWSControlTowerExecution I’m generally deploying to the Sydney (ap-southeast-2) region, so my procedure will use this region. Read more

A few weeks back I set a goal of trying to find out which processor was the most performant. I created a repeatable approach to delivering a simple WordPress environment that we could manipulate the type of CPU and we had a way to measure the performance of the instances. Now we need to add pricing into the equation and do some comparisons. Calculations While the distributed testing tool does give us a nice UI to interface with and review results, to gather results from several tests would’ve been a little cumbersome. Read more

Following on from the second installment of our experiment to try and find which processor in the EC2 family of instances has the best price/performance we need to have a way to reliably build our WordPress stack for testing. CDK I’ve been using CloudFormation for many years now and have used a number of methods to orchestrate this. (Yes I wrote CloudFormation in JSON…). Reasonably early on I picked up and started to use CFNDSL to help construct CloudFormation and even wrote some an Ansible role and some very dodgy Ruby Rakefiles (sorry no public examples) to help orchestrate the CFNDSL code into CloudFormation and then manage validation (when cfn-lint became a thing) and ultimately build ChangeSets and deploy it. Read more

Following on from the first installment of our experiment to try and find which processor in the EC2 family of instances has the best price/performance we need to look out how we’ll determine performance. Cloudformation AWS fortunately has a really cool blueprint for load testing. It is really easy to deploy via CloudFormation, and you really only need to supply two parameters: Administrator Name Administrator Email You can leave all the other parameters with theit default settings. Read more

History Over the last few years AWS has branched out into building their own ARM based processor named Graviton and also to providing instances powered by other x86_64/AMD64 architectures, namely AMD EPYC processors. In late 2019, they also introduced their second generation Graviton2 processor. Though, this isn’t the first time AWS has used AMD processors. If you have been around AWS for a while you may remember in about 2011/2012, you used to be able to order an m1 instance family. Read more