Five Functional Facts about AWS Identity and Access Management

This post is part of an open-ended series I’m writing where I take a specific protocol, app, or whatever-I-feel-like and focus on five functional aspects of that thing in order to expose some of how that thing really works.

The topic in this post is the AWS Identity and Access Management (IAM) service. The IAM service holds a unique position within AWS: it doesn’t get the attention that the machine learning or AI services get, and doesn’t come to mind when buzzwords like “serverless” or “containers” are brought up, yet it’s used by–or should be used by–every single AWS customer (and if you’re not using it, you’re not following best practice, tsk, tsk) so it’s worthwhile to take the time to really get to know this service.

Let’s begin!

Continue reading Five Functional Facts about AWS Identity and Access Management

AWS ABCs – Network Building Blocks

Given that my technical background is largely in the networking space (exhibit A, exhibit B, exhibit C(CIE)), one of the first things I tried to wrap my head around when being introduced to AWS is how networking works in the AWS cloud.

What I attempted to do was build a mental model by relating cloud networking constructs such as Virtual Private Cloud (VPC), subnets, and routing tables to on-prem, physical networking constructs. This worked pretty well but I did get tripped up at times because some of these constructs don’t map exactly one-for-one.

This post will explain the mental model I used while also calling attention to the elements or behaviors that don’t map exactly between on-prem and AWS.

Continue reading AWS ABCs – Network Building Blocks

AWS ABCs – Can I Firewall My Compute Instances?

In a previous post, I reviewed what a public subnet and Internet Gateway (IGW) are and that they allowed outbound and inbound connectivity to instances (ie, virtual machines) running in the AWS cloud.

If you’re the least bit security conscious, your reaction might be, “No way! I can’t have my instances sitting right on the Internet without any protection”.

Fear not, reader. This post will explain the mechanisms that the Amazon Virtual Private Cloud (VPC) affords you to protect your instances.
Continue reading AWS ABCs – Can I Firewall My Compute Instances?

AWS ABCs – EC2 Internet Connectivity

So, you’ve created a compute instance (ie, a virtual machine) on Amazon EC2. Next question: does the instance require access to and/or from the Internet?

Protip: just because you created the instance in the public cloud, i.e. the cloud that you get to over the Internet, it doesn’t mean that your instances all need to sit on the Internet. They can have direct inbound and outbound Internet access, no Internet access, or something in between (which I’ll explain).

The basic building block for networking on AWS is the VPC (Virtual Private Cloud). Within a VPC, you define your IP space, gateways, ACLs, DHCP options, and more. Gateways will be the focus of this article. Continue reading AWS ABCs – EC2 Internet Connectivity

AWS ABCs – Logging Into a New EC2 Instance

Ok, you’ve just launched an Amazon EC2 instance (ie, a virtual machine) and you’re ready to login and get to work. Just once teeeensy problem though… you have no idea how to actually connect to the instance!

This post will walk through how to log into brand new Linux/BSD and Windows instances (the steps are slightly different for different OS families). Continue reading AWS ABCs – Logging Into a New EC2 Instance

Starting a new series: AWS ABCs

I’d be lying if I said that since starting my new job at Amazon Web Services (AWS), I wasn’t looking forward to writing about all the new things I was going to learn. Obviously there’s the technology and services that make up the platform itself. But there’s also the architectural best practices, the design patterns, and  answers to questions like “how does moving to the cloud improve my performance/security/reliability?”

Admittedly, I have a lot to learn. With my background being mostly in the network space for my entire career, stepping out of that and into a software and cloudy world means I’m ramping up on a lot of new skills and knowledge.

I believe I’m not the only one on this journey of learning and that, like me, there a lot of folks who are having to learn the basics of the cloud and specifically, AWS.

This has inspired me to start a new, open-ended series of blog posts that I’ve dubbed AWS ABCs, targeted at people who have a lot of experience designing, operating, and architecting on-premesis systems but are now trying to up-skill by learning how to do the same in the cloud. These posts will focus on basic topics that are relevant to people just getting started on AWS and will provide pointers to resources where they can dive deeper.

You can see the list of posts in this series by clicking on the awsabc tag.

Happy learning!

On Why I’m Shifting my Career Focus to Software

For the past few months I’ve been involved in a case study project with some colleagues at Cisco where we’ve been researching what the most relevant software skills are that Cisco’s pre-sales engineers could benefit from. We’re all freaking experts at Outlook of course (that’s a joke 🤬) but we were interested in the areas of programming, automation, orchestration, databases, analytics, and so on. The end goal of the project was to identify what those relevant skills are, have a plan to identify the current skillset in the field, do that gap analysis and then put forward recommendations on how to close the gap.

This probably sounds really boring and dry, and I don’t blame you for thinking that, but I actually chose this case study topic from a list of 8 or so. My motivation was largely selfish: I wanted to see first-hand the outcome of this project because I wanted to know how best to align my own training, study, and career in the software arena. I already believed that to stay relevant as my career moves along that software skills would be essential. It was just a question of what type of skills and in which specific areas.

Continue reading On Why I’m Shifting my Career Focus to Software

Networking. Unix. Cloud. Cyber Security. Code. Protocols. System Architecture.