Automate-it-logo
C'est parti

Using Epsagon for tracing and monitoring in AWS

Problem statement A modern microservices architecture allows a large application to be separated into smaller independent parts, with each part having its functionality and responsibility. To serve a single user request, a microservices-based application can call on many internal microservices to compose its response. The advantage here is that different teams/developers can work on their […]

Custom Kubernetes scheduler with EKS and Step Functions for machine learning workloads.

headline image

Problem statement Sometimes companies have complicated business logic that requires a custom scheduler or autoscaler in a Kubernetes cluster. The initial machine learning application design included 3 pods: web application (platform), pre-processing pod (preliminary data preparation), and processing pod with ML application. The main problem here was that the solution was NOT scalable and cost-effective. […]

Ephemeral environments for serverless applications in AWS using Terraform and GitHub Actions

Problem statement Many organizations try to achieve higher development release velocity, especially in a competitive environment. Moreover, in a big team, where many developers work on various features in parallel, release process acceleration (even for a few minutes) saves a considerable amount of time. One more important thing is the cost of the environment. Cloud […]

Palo Alto Prisma Cloud for AWS and Kubernetes

Problem statement Security in a cloud contains many layers, so it can be quite challenging to cover everything, especially if you have many different workloads and need to pass a compliance audit, like HIPAA or PCI DSS. Moreover, security issues can be related not only to the cloud itself. Libraries and packages can have vulnerabilities, […]

Using GitHub Actions with AWS IAM roles

blog image

Problem statement There are many different and interesting DevOps tools on the market nowadays. Companies can use and combine them depending on use cases, cost, historical reasons, personal preferences, etc. Some tools can be integrated with others quite well, others – not. No matter which tools we use, there are fundamental and critical areas that […]

Deploying Hashicorp Vault to EKS cluster with DynamoDB backend.

image header

Problem statement Kubernetes secret is not the best place to keep sensitive data. Even though EKS supports adding KMS envelope encryption to enhance security for secrets, we still can not apply fine-grained control access to kubernetes secrets via RBAC. A better idea is to use an external secrets store, for example AWS Secrets Manager, Hashicorp […]

Enabling AWS Budget for multiple accounts within AWS Organization

Problem statement Using a multi-account AWS environment was mentioned many times in previous posts as the best practice for companies which helps apply flexible security controls, simplifies billing and in general enables you to move faster and build differentiated products and services. There are many different approaches for organizing accounts, depending on the company’s type, […]

Cross-account monitoring with Amazon CloudWatch

Automat-it branded element design

Problem statement Using multiple AWS accounts is one of guidelines to set up a well-architected environment. By using multiple accounts, you can best support your security goals and business processes. In previous posts we already covered multi-account logging, backups and security services integrations. In this post we will look at multi-account monitoring with Amazon CloudWatch, […]

AWS Security Hub integrations

headline image

Security is essential for every organization, that’s why Automat-it pays great attention to it during project delivery and well-architected review. AWS has several really impressive security related services that help us build a safe infrastructure and continuously monitor compliance. In the previous post we demonstrated how to enable AWS Security Hub for a multi-account AWS […]

Multi-account backup copy in AWS

In the previous post about the Landing Zone solution we checked what AWS Backup Policy is and how we can centrally manage AWS Backup service across multiple AWS accounts. Backups were created in the same account and region with the target resource, but what can we do if we need to copy backups to another […]