Below is the typical ingress solution for many organizations' AWS workloads. The data flow is: Users -> CDN (e.g Akamai,Cloudflare) -> Ingress internet-facing ALB -> Ingress ASG (e.g Nginx, HAProxy) -> TGW -> Workload internal ALB -> Workload applications (ASG or K8S services). As you can see, the improvements are the adoptions of some Cloud … Continue reading Serverless Ingress Solution on AWS
Summary AWS Support App in Slack is a new AWS feature that allows users to manage AWS support case in Slack. This is pretty useful for teams that are heavily on Slack. Here are a quick summary of what I have found so far: User can create/search/resolve cases with AWS support app (Type /awssupport help in the … Continue reading AWS Support App in Slack
It is quite convenient to use the AWS Config advance queries against the aggregator, a simple use case is like - Find out which instances in which accounts have public IP address cross the organisation. Instead of writing a script to describe instances across all the accounts, we can just simply run the following query … Continue reading AWS Config Advance Queries against Aggregator sample
Continue with my previous post Automate VPN connection and its TGW attachment, in this post I would like to share the solution for VPN failover via TGW attachment. The key components in the solution are: Network Manager for Transit GatewayEventBridgeLambda The basic idea is: Register TGW to Network Manager, as Network Manager can monitor the tunnel … Continue reading Automate VPN failover via TGW attachment
If you use the CloudFormation resource AWS::EC2::VPNConnection to create the VPN connection and attach it to the Transit Gateway (TGW), you may notice that it does not return the TGW attachment ID. So it is a bit annoying if you would like to tag the attachment and associate the attachment to a non-default TGW route table. … Continue reading Automate VPN connection and its TGW attachment
Jackie Chen's IT Workshop 