Implementing «for each» logic in the CloudFormation template for dynamic input parameters.
Problem statement In some cases, CloudFormation’s capabilities may be limited compared with those of other IaC tools, such as Terraform, CDK, Pulumi, etc. For example, in the previous post, we looked at implementing a «sleep» timeout using the Custom CloudFormation resource. Here, we look at the case where we must create a Route 53 Resolver […]
Using AWS IAM Identity Center for SSO to access shared services (OpenVPN, OpenSearch, Grafana, ArgoCD)
Automat-it, as an AWS Well-Architected Partner, gains expertise in building high-quality solutions, implementing best practices, checking the state of workloads, and making improvements to fit business and customer needs. Security Pillar is the most popular for our reviews, and one of the first questions we ask is, «How do you manage identities and permissions for […]
Cloud Intelligence Dashboards Framework for AWS Organization
According to the Shared Responsibility Model AWS is responsible for «Management of the Cloud”, while a customer is responsible for Security and Operations in the Cloud + attention to costs as AWS provides virtually unlimited capacity on the «pay as you go» model. There are native AWS tools like AWS Trusted Advisor, AWS Cost Explorer, […]
Simulating failures in Amazon Aurora MySQL / PostgreSQL
Clouds allow us to design highly-available and fault-tolerant systems quite easily. Moreover, we can use managed services (for example, databases) to reduce the operational overhead and focus on our business logic. Design and implementation are not enough; we should also test how our system tolerates failures and continuously improves. In this post, we will look […]
Determining data sentiment in the Amazon Aurora database using Amazon Comprehend
Problem statement Collecting customer feedback is essential for every business. But collecting is not enough. We must understand and react to them to improve our product and grow the business. Processing feedback manually was a common thing earlier, and many companies still do it nowadays, but we live in the era of machine learning, and […]
Monitoring costs of containerized workloads in EKS using OpenCost and AWS Managed Prometheus / Grafana
Problem statement Using clouds is convenient and has many advantages, like allocating as much workload as you need immediately, deploying globally pretty fast, focusing on business instead of maintaining a data center, etc. But on the other hand, you need to be really careful about costs, understand how cloud providers charge you, and how to […]
Retired third-party CloudFormation extensions. Registering a private extension.
Problem statement A long time ago, we used public third-party CloudFormation extensions to deploy the EKS cluster with deployed Helm charts as part of a single CloudFormation template. AWS introduced many cool things since then, for example, EKS add-ons, so such an approach may not be entirely relevant nowadays. But in our case, the customer […]
Monitoring Kubernetes jobs status in Amazon EKS. Cronitor or Prometheus
Problem statement In the previous post, «How we migrated applications from Heroku to AWS» I described the migration planning, process, and problems encountered. Once we migrated, operations and monitoring became a cornerstone. Just for general understanding, here is what we got after the migration: EKS cluster with several node groups, a set of controllers (Cluster […]
Implementing «sleep» in the CloudFormation stack for the delay caused by IAM eventual consistency
Problem statement Our customer uses Customizations for AWS Control Tower for the account vending. A new account in the specific organizational unit should deploy different resources as a baseline, for example, IAM roles, VPC with all networking components, and ECS cluster for further application deployment. ECS cluster creation requires a service-linked role that should be […]
How we migrated applications from Heroku to AWS. Issues and limitations from AWS and Heroku sides.
Inputs and requirements Our customer had a production-running application in Heroku, consisting of several containerized Web applications and APIs (dynos), PostgreSQL database, Redis, RabbitMQ, and Jobs (Workers) running depending on a message queue in RabbitMQ. The business decision was made to migrate to AWS because Heroku became too expensive, and Automat-it was chosen to design […]