I’ve been using AWS WAF a bit recently and I needed a way to query the logs that are shipped to S3. Athena is the logical solution to this. There is great documentation to get you started with querying WAF logs via Athena and also how to setup WAF logging. My specific requirement required me to start off with the WAF in COUNT mode. While WAF has an excellent facility to to see samples, they only last for 3 hours so I needed the ability to get the logs. Read more

Infrastructure as Code or IaC is becoming a staple for configuring, deploying and maintaining infrastructure and service configuration in the cloud. Both of the large Hyperscalers, AWS and Azure support their own version of IaC. AWS has CloudFormation, and Azure has ARM (Azure Resource Manager). Then there is the ever popular open source Terraform from Hashicorp. AWS released CloudFormation on 25th February 2011, Azure released Azure Resource Manager in April 2014 around the same time that Hashicorp started hacking on Terraform. Read more

Have you deployed Control Tower and then deployed Security Hub and expected that AWS Config would be enabled in the Management account, but find that it isn’t? It’s a relatively simple fix that involves adding your account id to several StackSets and configuring a missing role: StackSets: AWSControlTowerBP-BASELINE-SERVICE-ROLES AWSControlTowerBP-BASELINE-ROLES AWSControlTowerBP-BASELINE-CONFIG Roles: AWSControlTowerExecution I’m generally deploying to the Sydney (ap-southeast-2) region, so my procedure will use this region. If you are deploying Security Hub and Control Tower in other regions substitute as appropriate. Read more

A few weeks back I set a goal of trying to find out which processor was the most performant. I created a repeatable approach to delivering a simple WordPress environment that we could manipulate the type of CPU and we had a way to measure the performance of the instances. Now we need to add pricing into the equation and do some comparisons. Calculations While the distributed testing tool does give us a nice UI to interface with and review results, to gather results from several tests would’ve been a little cumbersome. Thankfully it is stored in DynamoDB and with a little bit of python I could extract the data into CSV output. Read more

Following on from the second installment of our experiment to try and find which processor in the EC2 family of instances has the best price/performance we need to have a way to reliably build our WordPress stack for testing. CDK I’ve been using CloudFormation for many years now and have used a number of methods to orchestrate this. (Yes I wrote CloudFormation in JSON…). Reasonably early on I picked up and started to use CFNDSL to help construct CloudFormation and even wrote some an Ansible role and some very dodgy Ruby Rakefiles (sorry no public examples) to help orchestrate the CFNDSL code into CloudFormation and then manage validation (when cfn-lint became a thing) and ultimately build ChangeSets and deploy it. Read more