Below is the typical ingress solution for many organizations' AWS workloads. The data flow is: Users -> CDN (e.g Akamai,Cloudflare) -> Ingress internet-facing ALB -> Ingress ASG (e.g Nginx, HAProxy) -> TGW -> Workload internal ALB -> Workload applications (ASG or K8S services). As you can see, the improvements are the adoptions of some Cloud … Continue reading Serverless Ingress Solution on AWS
Summary AWS Support App in Slack is a new AWS feature that allows users to manage AWS support case in Slack. This is pretty useful for teams that are heavily on Slack. Here are a quick summary of what I have found so far: User can create/search/resolve cases with AWS support app (Type /awssupport help in the … Continue reading AWS Support App in Slack
Continue with my previous post Automate VPN connection and its TGW attachment, in this post I would like to share the solution for VPN failover via TGW attachment. The key components in the solution are: Network Manager for Transit GatewayEventBridgeLambda The basic idea is: Register TGW to Network Manager, as Network Manager can monitor the tunnel … Continue reading Automate VPN failover via TGW attachment
If you use the CloudFormation resource AWS::EC2::VPNConnection to create the VPN connection and attach it to the Transit Gateway (TGW), you may notice that it does not return the TGW attachment ID. So it is a bit annoying if you would like to tag the attachment and associate the attachment to a non-default TGW route table. … Continue reading Automate VPN connection and its TGW attachment
A couple years back I wrote a post to share how to create AWS instance profile for on-premise servers. That was to use SSM agent and Lambda function to manage the IAM credentials for the on-premise servers. Starting early this month, the AWS native solution for such use cases are available - AWS IAM Role … Continue reading AWS IAM Roles Anywhere
Jackie Chen's IT Workshop 