SCC

Brasil

os cloud gurus

AWS

Software Cloud Consulting

Your software development, cloud, consulting & shoring company

AWS Blog Wolfgang Unger & SCC Brasil

News, HowTos & Tutorials about AWS


Do you have doubts or questions on AWS topics?
This blog tries to answer common issues on AWS and cloud.
and provide Tutorials and HowTos to help you setup and maintain your cloud infrastructure.
Focus are DevOps & BuildToos, Infrastructure as Code, Security, Cost Optimization, Architecture, Account Setup.

Recent Posts

CloudFormation IaC Generator
Are you planning to use CloudFormation IaC Generator? If so, you should first read this blog. Yes, the IaC Generator can generate CloudFormation Templates, but there is still a lot missing before you can use these templates indeed. I made a very simple test with a EC2 but still could not re-deploy the instance due to multiple issues in the generated Template
VPC IPv6 - Running Fargate in private Subnets
How to run a Fargate or ECS Service on IPv6 ? You will face a couple of problems, if you try to run a Fargate Service in a IPv6 DualStack VPC in the private Subnets. This short tutorial will try to explain, how to get your Service healthy.
VPC IPv6 - Running EC2 Instances
Are you getting started with IPv6? How to run EC2 instances in a IPv6 VPC? Lets answer these questions in here.A short tutorial on how to connect with SSH, Sessions Manager, between instances and setup a Webserver and route from Route53
VPC - A introduction to IPv6
How to setup a VPC with IPv6 ? With the new IPv4 costs on AWS it is time to have a closer look on IPv6, because we are running out of IPv4 addresses and sooner o later you will have to switch to IPv6. This blogs explains the basics on IPv6 and how to setup a VPC with IPv6 in a short tutorial.
AWS Application Composer - How to get started
How to get started AWS Application Composer? AWS Application Composer was announced quite strong on the last Re-Invent, so time to have a closer look on the new service. This is a short tutorial on how to use AWS Application Composer and how to create a Serverless application and also a feedback on the status of the service
Amazon Bedrock - Titan Image Generator
Are you interested in the new AI services from AWS? How to get started with Amazon Bedrock? Amazon Bedrock among other AI services was announced quite strong on the last Re-Invent, so time to have a closer look on the new service. This is a short tutorial on how to use Titan Image Generator.
Tips how to pass AWS Certifactions
Are you planning to get AWS Certified ? Cloud Practitioner, AWS Solutions Architect Associate/Professional, AWS Certified SysOps Administrator, AWS Certified Developer Associate, AWS Certified DevOps Engineer etc ? How should you prepare for the exame? And are there any tips to pass the exam? This blog will cover some tips on how to increase your chances on getting your next AWS Certification
5 common problems and errors on AWS & cloud accounts
Is your AWS account and architecture really setup correctly? Is it really secure, resilent and reliable? This blog will cover the most common issues which you normally find on AWS You can use this blog as a checklist and do a self review on your account and architecture
Cognito Backup - How to backup Cognito
Do you want to backup you Cognito User Pool and its data? Are you using Cognito as identy and access management tool to authenticate your application users? You need to backup the data in you Cognito Pool but noticed Cognito has no out of the box functionality for this?
AWS Backup - Hot to backup cross region and cross account
What are the best practices for data backup and retention on AWS? AWS Backup is not quite easy to setup if you have an advanced backup strategy. This blog explains how to setup AWS backup for cross region and cross account backups and what you have to pay attention to

DevTools

Pipeline for automatic CloudFormation Deployments
Do you need an automation to deploy your CloudFormation Templates to your AWS Account(s)? A Pipeline or a tool that will automatically create a CloudFormation Deployment Pipeline for each of your stacks ? Read this blog about my Github Project to setup such a Pipeline for your CloudFormation Templates
Pipeline for automatic CloudFormation Deployments (CDK)
Do you need an automation to deploy your CloudFormation Templates to your AWS Account(s)? A Pipeline or a tool that will automatically create a CloudFormation Deployment Pipeline for each of your stacks ? Read this blog about my Github Project to setup such a Pipeline for your CloudFormation Templates with CDK
Azure Devops Pipeline for Terraform Deployments
Are you using Azure Devops and Terraform? You need a Pipeline to automate your Deployments to the cloud? This blog shows how to deploy Terrafrom with Azure Devops to a AWS Account by creating a Pipeline step by step. Of course you could also deploy to Azure or GCP.
How to setup a Multi Branch Pipeline with Webhook
This tutorial will cover how to setup a feature branch pipeline with CDK and CodePipeline. Since there is no native support for this functionality in CodePipeline and many other Build Tools, we have to implement this on our own. Based on my Github Project I will explain the setup and how to adapt for your requirements.
How to get started with Amazon Code Catalyst
Code Catalyst is a new Service to offer a unified software and development service to enable teams to easier develope and deploy their applications on AWS.
This tutorial and HowTo shows how to setup CodeCatalyst and create your first project.
AWS Code Whisperer
AWS Code Whisperer is an awesome tool to speed up your coding, therefor let's have a look on it. A HowTo and Quickstart for Code Whisperer
Using Git Submodules in CodePipeline
If you use Git Submodules in your Project you won't be able to use this in CodePipeline out of the box, meaning using the Source Step as for a simple Git Project. There are some additional steps required, this tutorial will show you how to proceed. Your Main Github Project will remain the Source of your Pipeline ( probably defined as Source Step in your Pipeline) For the Git Sub-Module you will have to add a CodeBuild Project and a Buildspec Yaml.
CodePipeline with CDK Python and generic Superclass
This tutorial will cover various topics about AWS Code Pipelines for deploying AWS Resources and Stacks to your accounts First, how should in general the account structure and setup look like to deploy with AWS codepipeline? Next, how should the CodePipeline be implemented in CDK (Python). See my example on github : Git Wolfgang Unger CDK Pipeline I will also cover here how to use object orientated features in your CDK Python Project to
CodePipeline - Pass variables from Source to other Stages
If you worked with CodePipeline, you might know you have normally various stages, like Source, Build, Test etc The Source Stage will checkout the Source Code needed for the other stages from Github or CodeCommmit The following stages could be a CodeBuild Project, could include Actions like ShellScripAction or other Actions Sometimes you might need some Git Infos in one of these actions or stages

IaC - Infrastructure as Code

CloudFormation IaC Generator
Are you planning to use CloudFormation IaC Generator? If so, you should first read this blog. Yes, the IaC Generator can generate CloudFormation Templates, but there is still a lot missing before you can use these templates indeed. I made a very simple test with a EC2 but still could not re-deploy the instance due to multiple issues in the generated Template
IaC - infrastructure as Code
What is AWS CloudFormation? What is Terraform? If you want to create Resources on AWS not just for your first steps on AWS, but for live environments, you probably already know, you should use IaC to do so. Let's have a look on the alternatives in this blog. We will discuss CloudFormation, Terraform and the CDK. To see which one might be the best fit for your use case.
Terraform example structure
If you start to work with terraform will maybe ask yourself, how should you structure your terraform project? You can find various example repos and projects in the web, but not all will server for your use case. Indeed a found a lot of not really good sample projects, creating a lot of copy&paste files.
How to organize your CloudFormation Templates
You are using CloudFormation as IaC Tool but you have doubts how to organize your templates? How many Templates should you have, how should you group your resources, how define layers? What are Best Practices on this questions and for CloudFormation?
Pipeline for automatic CloudFormation Deployments
Do you need an automation to deploy your CloudFormation Templates to your AWS Account(s)? A Pipeline or a tool that will automatically create a CloudFormation Deployment Pipeline for each of your stacks ? Read this blog about my Github Project to setup such a Pipeline for your CloudFormation Templates
How to create your own pip modules for your generic, reusable cdk consrtucts
If you have worked with cdk for a while and also in several projects, you might have already asked yourself, how to reuse some of the code you have already written ( and tested) for a similar requirement in the next project. If you use an object oriented language like for example Python with the CDK, one option might be create reuse Superclasses and adapt the behaviour if needed in a project subclass.
API Gateway with CDK
Lets have a look how to create a API Gateway with CDK (Python) The first approach is using the RestApi Class and code the resources and methods. The second by using a Swagger/Open API file. Both APIs will use lambda integrations. We will also see how to use Authorizers with Cognito and Custom Lambda.
CDK - Overview on Stacks and Constructs
If you are working with CDK, especially starting to work with the CDK, you may have had some doubts on how to organize your IaC within CDK There are Stacks in the CDK, there are also Constructs, which you will create and then there are there is the Construct Library, which got 3 different kinds of Constructs L1, L2 and L3. This short Tutorial should give you an overview about how to deal with this.
Get started with the AWS CDK (Python)
In this short tutorial let's give a quick overview on how to get started with the CDK ( this example is for Python). For all of those who don't have yet big experience on this. How to setup our first cdk project and also some important links to find informations on the next steps. The first link you should know is the official AWS Documentation for the CDK
S3 Block public access VS Terraform/Cloudformation
Since April 2023, AWS has change the default configuration of new buckets to "Block public access", if you use a IAC tool like Terraform or Cloudformation, this can cause a lot of problems if you try to create new public buckets.
Useful terraform commands
Terraform is a powerful tool to manage your infrastructure as code. Here are some useful commands to troubleshoot problems in your terraform project.
Terraform State: Best Practices and Options
Terraform state is a very important concept in terraform. It is the source of truth for your infrastructure. This blog will cover best practices and options to manage your terraform state remotely.

Architecture and the 5 pillars of the well architected Framework

5 common problems and errors on AWS & cloud accounts
Is your AWS account and architecture really setup correctly? Is it really secure, resilent and reliable? This blog will cover the most common issues which you normally find on AWS You can use this blog as a checklist and do a self review on your account and architecture
Cost optimization strategies | How to save money on AWS
How can I optimize costs on AWS? You want to save money on AWS, your AWS bill is too high? Take a look in this blog to understand approaches to avoid unnecessary expenses.
AWS Cost Savings - Schedule/Stop your instances automatically
You want to reduce your AWS bill? One way is to reduce usage hours. We got simple Lambda Function that can stop and start your EC2, Autoscaling and RDS instances. Read more about it in this blog
Security Best practices on AWS | How to secure your AWS Account
How can I secure my AWS resources? How can we ensure the security of our data and applications on AWS? As you might already know, AWS works with the shared responsibility model to secure your cloud resources. This means, AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. But you are responsible for what runs inside the cloud.
What is Performance Efficiency?
You might already know it form the AWS Well-Architected Framework, the Performance Efficiency Pillar, but what does this really mean?. We will explain this in this blog. Understand the 5 principles and the 4 areas to focus on
What about Reliability?
What means Reliability from the 5 pillars of the Well architected Framework exactly? How do I scale my infrastructure on AWS? We will have a closer look in this blog on this question.
Multi Account Setup
How many accounts will you need to run your workloads in AWS? How to define your AWS Account Structure? This blog explains the principles and best practices of AWS Multi Account Setup and what to consider for organizing your overall AWS environment.
7 R's - the 7 cloud migration strategies
Lets have a look on the 7 R's, the 7 cloud migration strategies. If you plan to migrate your On Premise workloads to the cloud, it is essential to know the options and choose the best one for your use case. The 7 R's are: 1. Retire 2. Retain 3. Relocate 4. Rehost 5. Repurchase 6. Replatform 7. Refactor
Disaster Recovery (RTO/RPO)
RTO and RPO are normally associated with Disaster Recovery, and Business Continuity Plan, these RTO and RPO targets set the time frame that a business can support after a outage, as companies rely more in applications to keep support, sales and production running, this matter become a serious one, saving or costing companies reputation and money.

Computing

AWS Batch - A deep dive
Working with AWS Batch to run container in parallel is not quite simple. There are a bunch of configurations you must set up correct to launch the right instance types and amount of instances. This tutorial will try to clarify the imporant configurations and parameters you need to run batch as expected.
Copy a Lambda Function
If you worked with Lambda you might have been in a situation where you want to test your changes on a existing Lambda Function without changing the productive Lambda Version If you have only code to copy, you can just copy it to the code editor, ok. But if you have a Lambda Function with additional dependencies/packages it is little more effort.
Deploy a Elastic Beanstalk Application in 1 min
This short tutorial shows how to deploy a simple ElasticBeanstalk application ( and environment ) Install the EB commandline If you don't have the EB CLI yet installed, please take a look in this docu and install Install EB CLI Basically you have to execute pip install awsebcli --upgrade --user and add %USERPROFILE%\AppData\Roaming\Python\Python37\Scripts to you PATH variable ( on windows)
Session Manager
If you worked with AWS and EC2 for a while, you probably connected a lot with key pairs and ssh. For example 'ssh -i "mykeypair.pem" ec2-user@myIpAdress With this approach you need the keypair on your local machine and you need to allow traffic from you VPC where the instance is hosted to your local machine and of course you need to open the SecurityGroup of your instance to allow traffic to you local machine If you are not connected with DirectConnect or VPN this is already a security issue. You will have to open Port 22 for the internet or you have to adapt the public IP address of you local machine in the SecurityGroup
Amazon Textract
Amazon Textract is a service that automatically extracts text and data from scanned documents. This blog will cover how to get started with Amazon Textract and how to use it in your applications.

Networking and Content Delivery

VPC IPv6 - Running Fargate in private Subnets
How to run a Fargate or ECS Service on IPv6 ? You will face a couple of problems, if you try to run a Fargate Service in a IPv6 DualStack VPC in the private Subnets. This short tutorial will try to explain, how to get your Service healthy.
VPC IPv6 - Running EC2 Instances
Are you getting started with IPv6? How to run EC2 instances in a IPv6 VPC? Lets answer these questions in here.A short tutorial on how to connect with SSH, Sessions Manager, between instances and setup a Webserver and route from Route53
VPC - A introduction to IPv6
Do you want to get started with IPv6 ? With the new IPv4 costs on AWS it is time to have a closer look on IPv6, because we are running out of IPv4 addresses and sooner o later you will have to switch to IPv6. This blogs explains the basics on IPv6 and how to setup a VPC with IPv6 in a short tutorial.
VPC Considerations in 2024
February 2024 AWS started to charge not only unused IP addresses but by now all public IP Adresses. Together with the NAT costs, which have increased also a lot over the years, a VPC is now a considerable cost factor especially for small workloads. Time to rethink how to setup a VPC in 2024.
Multiple s3 origins and Origin Access Control on Cloudfront
If you want to securely deliver content from your s3 buckets, you can use Cloudfront with Origin Access Control. This blog will show you how to setup Cloudfront with multiple s3 origins and how to use Origin Access Control to restrict access to your s3 buckets.



Do you have doubts or questions on AWS topics?
Hopefully we can provide the answers in our blog.

How do I create an AWS account?

All you need is a email address and a Credit Card.
Signup AWS Account
You can try a lot of services in the free tier.

What are AWS services?

AWS got more than 200 services. Compute, Database, Storage, Containers, Developer Tools and much more

How do I launch an EC2 instance on AWS?

If you want to use the WebConsole just open EC2 and press Launch Instance.
You can than choose between a lot of option, like instance size, Image and OS and lot more

How do I set up an RDS database on AWS?

It is quite simple, follow these steps:
Navigate to RDS,Click "Create database." Select your database engine.
Set instance identifier, username, and password. Set instance type, storage, VPC, and other options.
Define database name, port, etc. Review settings and click "Launch." Use endpoint, username, and password to connect.

How does AWS billing work?

AWS (Amazon Web Services) billing is based on a pay-as-you-go model,
allowing users to pay only for the services they use without any upfront costs or long-term commitments.
The following costs will be charged:
Usage-based Pricing, Hourly Billing, Data Transfer Costs, Reserved and Spot Instances.

How can I secure my AWS resources?

Follow the IAM rules, keep your services and databases in private Subnets, restrict any ports and more.
Read more about this in our blog
Security best practices

What is AWS IAM (Identity and Access Management)?

AWS IAM (Identity and Access Management) is a web service provided by Amazon Web Services (AWS)
that enables users to securely control access to AWS services and resources. IAM allows you to manage users, groups, roles,
and their permissions within your AWS environment. Here are key aspects of AWS IAM:
Users, Groups, Roles, Policies, Permissions, MFA, Access Keys.

How do I deploy a web application on AWS?

This depends on you architecture.
A JS Frontend can be hosted in S3, Backend Services might run in ElasticBeanstalk, ECS, EKS, AppRunner or EC2.

How do I scale my infrastructure on AWS?

Scaling your infrastructure on AWS involves adjusting the capacity of your resources to meet the changing demands of your applications.
AWS provides various services and features to help you scale your infrastructure both vertically and horizontally.
Here's an overview of the key concepts and methods for scaling on AWS:
Vertical Scaling, Horizontal Scaling, Auto Scaling, Load Balancing, Serverless Architecture an more.

What is AWS CloudFormation?

A IaC Tool to create and maintain AWS resources by a YAML or JSon file.
Read more about Cloudformation and IaC in our blog
IaC - Infrastructure as Code

How can I optimize costs on AWS?

Rightsizing, Autoscaling, Reduce usage hours, Use Sport instances, reserved instance and saving plans
Read more about this in our blog
cost optimization

What are AWS certifications, and how do I prepare for them?

The easiest one is Cloud Practitioner, there are multiple others like Solutions Architect Associate etc
Read more about certifications and how to prepare in this Blog
aws certifications

What is AWS Elastic Beanstalk?

AWS Elastic Beanstalk deploys web applications so that you can focus on your business.
Read more about how to deploy an EB application in 2 minutes in our blog
Elastic Beanstalk

What is AWS VPC (Virtual Private Cloud)?

AWS VPC (Virtual Private Cloud) is a service that allows you to create a logically isolated section of the AWS Cloud
where you can launch AWS resources in a virtual network that you define. This provides you with more control over your network configuration,
including the selection of your IP address range, creation of subnets, and configuration of route tables and network gateways

How can I troubleshoot AWS issues?

Troubleshooting AWS issues involves a systematic approach to identify and resolve problems.
Here are steps you can take to troubleshoot AWS issues effectively:
Check Service Health Status, Review Logs and Metrics, Verify Network Connectivity, Check Resource Limits and many more.

How can AWS or Azure benefit my organization?

Amazon Web Services (AWS) or Azure can bring several benefits to organizations across various industries.
Here are some key ways AWS/Azure can benefit your organization:
Scalability, Global Reach, Cost Savings, Flexibility and Choice, Flexibility and Choice, Security and Compliance, Managed Services, Innovation.

What are the cost implications of using AWS, and how can we manage expenses effectively?

There are a lot of options like saving plans and right-sizing, horizental scaling and more.
Read more about this in our blog
cost optimization

What are the best practices for managing AWS resources and ensuring cost control?

There are a lot of options like saving plans and right-sizing, horizental scaling and more.
Read more about this in our blog
cost optimization

How can we ensure the security of our data and applications on AWS?

Follow the IAM rules, keep your services and databases in private Subnets, restrict any ports and more.
Read more about this in our blog
Security best practices

What AWS services are relevant to our specific business needs?

To determine which AWS services are relevant to your specific business needs, it's essential to understand your business requirements, objectives,
and the nature of your applications.
Services which might be useful: Compute, Database, Storage, Analytics and Big Data, Machine Learning and AI and others

How do we build a cloud strategy and roadmap for our organization using AWS or Azure?

Building a cloud strategy and roadmap for your organization using AWS involves a systematic approach.
Here are steps to help you develop an effective plan:
Define Business Objectives
Conduct a Cloud Readiness Assessment
Engage Stakeholders
Establish a Cloud Center of Excellence
Define Governance and Compliance Policies
Develop a Migration Plan
Choose Appropriate AWS/Azure Services

What is AWS Well-Architected Framework, and how can we apply it to our projects?

The AWS Well-Architected Framework is a set of best practices and guidelines designed to help organizations build and optimize secure,
high-performing, resilient, and efficient cloud architectures. Introduced by Amazon Web Services (AWS), the framework provides
a consistent approach for evaluating architectures, identifying potential issues, and making informed decisions when building or migrating workloads to the AWS Cloud.
Take a look at our blog, we have several topics on Architecture and the 5 pillars of the well architected Framework
AWS Blog

How do we monitor and optimize the performance of our applications on AWS?

Monitoring and optimizing the performance of your applications on AWS is crucial for ensuring reliability,
efficiency, and a positive user experience. Here are key steps to monitor and optimize application performance:
Utilize AWS CloudWatch, Implement AWS X-Ray for Distributed Tracing, Use AWS Lambda Insights for Serverless Applications and others

How can we implement disaster recovery and high availability solutions on AWS?

Implementing disaster recovery (DR) and high availability (HA) solutions on AWS involves designing and deploying architectures
that can withstand and recover from failures. AWS provides a variety of services and features that enable organizations
to build robust and resilient solutions
Read more about this in our Blog
AWS Backup - How to backup cross region and cross account

What is AWS Compliance and how do we ensure regulatory compliance for our applications?

AWS Compliance refers to the alignment of your applications and infrastructure with regulatory standards and requirements.
Achieving and maintaining regulatory compliance is crucial for organizations to ensure the security, privacy,
and integrity of their data and applications. AWS provides a secure and compliant cloud infrastructure,
and customers are responsible for implementing controls and practices to meet their specific compliance requirements.

What are the best practices for data backup and retention on AWS?

You should definitely make snapshots and backups. You can also do cross region or cross account.
Read more about this in our Blog
AWS Backup - How to backup cross region and cross account

How can we migrate our existing applications and data to AWS?

There are various strategies, Replatform, Refactor, Lift & Shift etc
Have a look in our blog about the 7 R's
7 R's - Cloud Migration strategies

What is AWS Marketplace, and how can we leverage it for third-party solutions?

AWS Marketplace is an online store that allows AWS customers to find, buy, and deploy software and services from third-party vendors
that are pre-configured to run on AWS. It serves as a centralized platform where customers can discover, compare, and purchase
a wide range of software solutions, including software as a service (SaaS), machine learning algorithms,
data products, and various infrastructure software.

How do we manage and analyze our AWS billing and usage reports?

Managing and analyzing your AWS billing and usage reports is essential for effective cost management and optimization. AWS provides
several tools and features to help you understand and control your spending.
AWS Billing and Cost Management Console, AWS Billing and Cost Management Console, Budgets, AWS Organizations, Cost and Usage Reports

What is AWS CloudFormation, and how can it help us automate infrastructure provisioning?

A IaC Tool to create and maintain AWS resources by a YAML or JSon file.
Read more about Cloudformation and IaC in our blog
IaC - Infrastructure as Code

How do we handle staffing and training to build AWS expertise within our team?

Besides experience consider to achieve AWS Certifications. The easiest one is Cloud Practitioner, there are multiple others like Solutions Architect Associate etc
Read more about certifications and how to prepare in this Blog
AWS Certification Tips


What is AWS Elastic Beanstalk?

AWS Elastic Beanstalk is a fully managed platform-as-a-service (PaaS) offering from Amazon Web Services (AWS) that simplifies the deployment,
management, and scaling of applications. It allows developers to focus on writing code without dealing with the complexities
of infrastructure setup and management. Elastic Beanstalk supports a variety of programming languages and frameworks,
making it versatile for different types of applications.

What are the AWS support and service level agreement (SLA) options?

AWS provides several support plans and service level agreements (SLAs) to meet the needs of different customers.
These plans offer varying levels of technical support, access to AWS resources, and response times

How do we leverage AWS managed services and serverless computing?

Leveraging AWS managed services and serverless computing allows organizations to offload operational overhead,
reduce infrastructure management tasks, and focus more on building applications.
Here's how you can leverage these offerings effectively

What case studies or success stories can provide insights into how other organizations have benefited from AWS?

Please have a look on our Cases:
Cases
Take also a look at the AWS Case Studies Site:
AWS Case Studies


SCC Brasil Cost

Autor

...

Wolfgang Unger

AWS Architect & Developer

6 x AWS Certified

1 x Azure Certified

A Cloud Guru Instructor

Certified Oracle JEE Architect

Certified Scrum Master

Certified Java Programmer

Passionate surfer & guitar player