2019-06-27
I plan on uploading cloudformation templates and AWS sample files to this repo. Any other AWS related bits will end up here as well.
- Windows is different.
While trying to setup an ALB with two windows instances, I kept running into issues with my metadata. I was using configsets for my linux instances and those work as expected. For windows, for some reason once a reboot happens, the process discontinues running the rest of the userdata section.
In the end, if a reboot is required for windows, there is race on the reboot and handing off the signal. You can read more here.
I got rid of the config set and just ran all my metadata in one config set. I made sure cfn-init.exe ran cfn-signal.exe last to let my CreationPolicy know my instance was ready.
- Documentation is key.
I was trying to make a NLB using AWS::ElasticLoadBalancingV2::LoadBalancer. When I got to the section of specifying subnets, for some reason I kept getting an error saying that was not valid. I read, and reread, the documentation about V2 but it seemed to imply that if I am trying to make an NLB, I can't use Subnets.
Eventually a colleague of mine pointed out that yes you can use Subnets as he has done it already.
Ah documentation. You fickle, fickle beast.
- Trying terraform.
Completed setting up an environment to allow public access to two web servers via terraform. I am starting to look at 0.12 and see where I can improve my code.
- VSS-Enabled Snapshots for EBS Volumes
So I have been following the guide Using Run Command to Take VSS-Enabled Snapshots of EBS Volumes. I was using the 2018.01 version of the windows AMI which should have contained all the components necessary for the VSS enabled snapshot. What I found was that any windows AMI made after 11/28 dropped the VSS component due to issues between backup software and the component. It has yet to be baked in again.
I had to create a State Manager association to push out the VSS component on all the windows instanced that required it. Once that was done, I was able to run the AWSEC2-CreateVssSnapshot command document and get my snapshots.
Next phase is to test out the snapshots by cloning them and rebuilding a new server out of them. That and tagging the snapshots with the date and time of the snapshot and what instance they come from.
- Using VPC Endpoints
So while tooling around with my templates, how would one go about ensuring external access for internal services? Originally a NAT Gateway should handle it but came across VPC Endpoints. This not only saves you money from a NAT gateway running 24/7 but ensures your services only get the access they need. I'll add this to my base template so I can minimize the need for public subnets.
To-Do:
Setup AWS Environment.NOTE: Built base CFT and TF code for an environment- Build my own git server. NOTE: I will add a separate module or stack for this. No plans on moving off github though. https://gitea.io/en-us/
Setup my personal chef server.NOTE: Currently using the hosted chef server. I will skip this since there is aws native chef available alreadyBuild a docker environment.Try out ECS.- Pass the AWS CSA Pro Exam before Aug 2019 EOM.