Automate-it-logo
Comenzar

Create an EC2 inventory report in a multi-account AWS environment

headline image

Problem statement When a company has ~100 AWS Accounts (12 AWS regions), many different departments, environments, and sandboxes, it may become difficult to look after budgets and resource usage. In this case, we had to check all accounts and regions weekly and create a CSV report with the following fields: Account ID, Account name, Region, […]

Reliable monitoring with AWS-managed Prometheus and Grafana

image header

Problem statement Prometheus is an open-source monitoring system with a dimensional data model, flexible query language, efficient time series database, and a modern alerting approach. It is widely used for monitoring different parts of the infrastructure, including Kubernetes clusters. An excellent helm chart can be used to deploy Prometheus in Kubernetes (Amazon EKS in our […]

Send an agregated security report from AWS Security Hub

blog image

Problem statement AWS Security Hub is an excellent service that collects and aggregates security findings from many AWS services (e.g. Amazon GuardDuty, Amazon Inspector, Patch Manager, AWS Config, Amazon Macie, etc.) and different third-party tools. It works with multi-account environments and provides informative dashboards in AWS Web Console, but some security standards require continuous monitoring […]

Overview of third-party addons for EKS (Datree, GuardDuty EKS Runtime Monitoring)

Automat-it branded element design

This is the third post where we continue the discovery of EKS add-ons. The first one was about Kubecost, Dynatrace, and Istio. The second one was about Teleport. In this one, we will take a look at Datree. Datree secures your Kubernetes by blocking the deployment of misconfigured resources. Amazon GuardDuty EKS Runtime Monitoring will […]

Overview of third-party addons for EKS (Teleport)

In the previous post we checked several EKS addons (Kubecost, Dynarace and Istio), but we still have others. In this post we will look at Teleport. Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, RDP, Kubernetes API, MySQL, MongoDB and PostgreSQL wire protocols. Add-on installation Teleport can be installed into your EKS […]

Overview of third-party addons for EKS (Teleport)

blog image

In the previous post we checked several EKS addons (Kubecost, Dynarace and Istio), but we still have others. In this post we will look at Teleport. Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, RDP, Kubernetes API, MySQL, MongoDB and PostgreSQL wire protocols. Add-on installation Teleport can be installed into your EKS […]

Overview of third-party addons for EKS (Kubecost, Dynarace, Istio)

Automat-it branded element design

AWS introduced EKS addons in the EKS v1.20. Just a few add-ons appeared back then, e.g. VPC CNI plugin, CoreDNS, and Kube-proxy. All Amazon EKS add-ons include the latest security patches, bug fixes, and are validated by AWS to work with Amazon EKS. Amazon EKS add-ons allow you to consistently ensure that your Amazon EKS […]

Egress traffic inspection using Palo Alto VM-series firewall in multi-account AWS environment

Problem statement Centralized network security may be challenging but absolutely required by some companies. Auditors might need evidence, that network traffic undergoes an inspection, and the tool/appliance that fulfills this function is strictly isolated and protected. We can achieve this by placing the tool in the dedicated AWS account, according to the best security practices. […]

Optimizing CI/CD process for machine learning application in Kubernetes

Problem statement Sometimes companies are so focused on product development and feature release, which may result in flaws in security, velocity, and cost-optimization (especially for startups). Automat-it as a company of DevOps experts not only implements customer requests, we also analyze environments and prepare recommendations regarding possible improvements. One of our customers had a Docker […]