Generally, we create Linux instances allowing port 22 to access via SSH. Using AWS Systems Manager Session Manager instead of directly accessing via SSH we don't need inbound rules to open ports in Security Groups. There are no inbound rules. Normally we’d require tcp 22 to ssh into this instance. If we go back to Systems Manager, we can go to instance actions, start a session, and..what’s gonna happen? We are connected to our instance! We strongly recommend using AWS Systems

Sometimes, we want to know if we have the necessary permissions to execute a certain command, but we don’t really want to execute it! And let’s say that for some reason we can’t access IAM and check our permissions For this, we have --dry-run, a parameter that is applicable to some commands that we can use in our AWS CLI. Suppose we want to know if our user has the necessary permissions to run instances! we have a test user, teratip. A correct example of run-instances would b

There is a new and much easier way to interact with CodeCommit repositories from git. Forget the times when you need to run git config for setting helper scripts for authentication and enter the XXI century with git-remote-codecommit. In a nutshell, this new git helper gives you two features: Authenticate using your aws cli credentials automatically Use a new codecommit:// protocol that simplifies the url and naming of the repositories. How to install it Install the helper wi

October is Cybersecurity Awareness Month. And just today, Twitch has been breached, badly. How does this relate to phishing, you wonder? Well, 91% of cyberattacks start with Phishing, that’s how. Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Bad actors continually capitalize on

As our world becomes more and more data-oriented, we need good conceptual frameworks for communicating our ideas and for making the best design decisions. On one hand, this blog post describes a mental model of a data processing pipeline with two main goals: to establish common language and concepts and to help us to design data pipeline architectures following the best practices. From a practical standpoint, this framework will guide you in designing and evaluating any data

The very first step to hit any API REST is to read the documentation because every API is a world. While some of them are very intuitive, others require a lot of time on thinking about how to make every single call due to the resource's format required. The Github API REST has calls requiring a very specific format of input parameters. Might be in the header, in the URL's path, as URL GET parameters, or inside a JSON formatted body. But this is not all, because the answer wil

We have many options to get cross-account access to resources, but when talking about the Kubernetes cluster, things can get a little bit tricky! So, in this blog, I'll share a solution to do it in the safest way using the principle of least privilege. A typical scenario is to have two accounts, Account A, with an EKS cluster and Account B with an S3 bucket (example_bucket) that needs to be accessed by a pod from account A. We have many options for this: We can create a bucke

If when you look at your invoice you see that the amount you have to pay because of CloudWatch Logs keeps growing, this tip will definitely interest you. One of the main items that make the monthly CloudWatch Logs charge increase is PutLogEvents, which is the ingestion of logs into log groups. But the problem now is to find how much each log group is getting charged to know how to reduce the costs. It might seem that there is not a straightforward way to do this. However, the

In this Teratip scenario, we are in a GNU/Linux console environment, which could be inside a Jenkinsfile for example, and we need a JSON object. A very common situation actually. Along many years we have seen things like: echo '{"channel":"main","text":"Hello %%USER%%"}' > message.json With also very complex to read sed structures to fill placeholders. Or even run a sh script in a jenkinsfile that calls python code to be able to use the python library to create the JSON and l

Once you have all your environments working with Direnv, Advanced Direnv for Devops, if you are working with Terraform namespaces there is another improvement you can make to automate further. We use another directive from direnv called watch_file, which reloads the environment each time a particular file is changed. We can point this directive to the .terraform/workspace file, which holds the currently selected workspace in Terraform. The following code in the .envrc file im