Aws

Managing firewalls, VLANs, and access control lists might be second nature in a traditional IT setting. But when it comes to AWS, the terminology and tools can seem foreign. This beginner’s guide aims to bridge that gap, translating AWS security concepts into the world of on-premise security you already know. Why AWS Security Matters AWS is a leading cloud provider, and its popularity, unfortunately, makes it an attractive target for cyberattacks. It’s essential to grasp the principles of AWS security to protect your valuable data and applications. Remember, AWS operates on a Shared Responsibility Model – they secure the cloud itself, while you’re responsible for securing your workloads within it. ...

I started messing with GitHub Actions a little more in my Using GitHub to Manage Kubernetes post. I also did some tinkering around with Terraform in my How to Use Terraform to Deploy a Python Script to AWS Lambda post. As I started messing with Terraform even more, I realized how cool it would be to merge Terraform and GitHub Actions. As I started to do this, I ran into the problem of how to manage Terraform state files. This appears to be a rather common problem too. ...

I recently decided to deploy a Python script to AWS Lambda with Terraform. I had to create this Python code so that I could expose a simple API to the Internet. So that I didn’t have to maintain infrastructure, I figured the best approach was to deploy it as a Lambda function and API Gateway. Deploying as a Lambda and API Gateway sounded like a great way to go. While not maintaining infrastructure, I figured it was also a good idea to make the deployment easy. Me using Terraform to bundle everything was how I would make deployment easier. ...

In my previous Writing Tests For Your Python Project, I started writing tests for my Python code but then ran out of options because I had completed all tests that didn’t involve calls to the AWS API. Now we’ll begin testing Python AWS calls with Moto. You can view some additional details about Moto in their documentation. You will want to also review the list of Implemented Services in the Moto documentation to make sure you the API endpoints and methods are supported. The good news is that there are very few unsupported methods. The bad news is that they do not support the describe_export_tasks for the logs endpoint and we use that in our code. Because of this not being supported we’ll not create a test for it in this example. ...

I had to figure out how to get logs from CloudWatch into S3. This task is actually pretty easy because AWS provides a very nice tutorial, Exporting log data to Amazon S3, that explains how to do this either via Console or CLI. My problem is that I needed to do this daily so automating this task was my next struggle. The AWS tutorial provides details on setting up S3 and IAM for this solution so I won’t cover that here. I also found a great article by Omar Dulaimi that was the basis for my code (why completely reinvent the wheel?). With both of these laying the ground work, I got right to putting this together. ...