S3 bucket access from the same and another AWS account

Creating an S3 bucket is easy enough, but to apply the principle of least privilege properly we need to understand how to create the right permissions for specific IAM identities. This might be straightforward if it weren’t for the multiple ways to configure permissions in S3, each having its own rules and edge cases. This article helps you navigate this minefield, with details not only of how the S3 permissions work, but also how you can implement some common real-world scenarios such as S3 bucket access from another AWS account....

Published 30 Nov 2020 · 14 min read · Tom Gregory

AWS Fargate Spot vs. Fargate price comparison

Discover how much Fargate Spot could save you on your AWS bill with this price comparison between 100 Fargate Spot and 100 Fargate containers. Did you know you could save money in AWS by switching from Fargate to Fargate Spot? If you’re using ECS, Fargate Spot offers significant cost reductions by using spare capacity in the AWS cloud. But just how much could you save? AWS say up to 70%, but we’re going to put that to the test with a head-to-head price comparison between 100 Fargate Spot and 100 Fargate containers running over 24 hours....

Published 2 Nov 2020 · 8 min read · Tom Gregory

Setup Spring Boot behind a load balancer using the X-Forwarded headers

If you’ve ever deployed Spring Boot behind a load balancer, you might be aware of issues coming from differences between the request into the load balancer and the request into your application. These requests will often have a different protocol, host, or port. If Spring Boot isn’t correctly setup it can lead to all sorts of mayhem, such as generating incorrect URLs for you application. In this article you’ll discover how to make use of the X-Forwarded headers passed from a load balancer to your Spring Boot application, to help your application generate URLs correctly based on the originating request....

Published 12 Oct 2020 · 8 min read · Tom Gregory

VPCs, subnets, and gateways - fundamentals for working with containers in AWS

Let’s be honest, for most developers getting their software written and working on their own machine and maybe a test environment is the main priority. Deploying to production? Ah, that’s another team. All the AWS network ‘stuff’ - VPCs, subnets, gateways? Someone else’s business, right? Secondary to the contents of the holy Docker image and the beautiful code within. This couldn’t be further from the truth. The current trend is to developers owning their work all the way through from concept to production....

Published 31 Aug 2020 · 12 min read · Tom Gregory

Prometheus service discovery for AWS ECS

Having Prometheus automatically discover your AWS ECS services makes life a lot easier since you don’t have to manage Prometheus target configurations across environments. Although Prometheus doesn’t provide it out-of-the-box, in this article you’ll discover exactly how to setup service discovery for ECS by combining a few simple tools. By the end, we’ll have a full working example with Prometheus running in AWS ECS and discovering other ECS services whose metrics we’re interested in....

Published 15 Jun 2020 · 17 min read · Tom Gregory

Spring Boot default metrics

Spring Boot 2’s actuator module provides monitoring and management capabilities for your application, and includes the Micrometer metrics collection facility. Micrometer comes preconfigured with many useful default metrics, and also includes the ability for you to configure your own. In this article we’ll run through the most important default metrics provided in Spring Boot, and how you can use them to more effectively highlight problems within your application. Spring Boot Actuator and Micrometer overview The Spring Boot Actuator exposes many different monitoring and management endpoints over HTTP and JMX....

Published 22 May 2020 · 10 min read · Tom Gregory

AWS SNS for CloudWatch alarm email notifications

Do you want to learn how to setup email notifications to tell you about important events that happen in CloudWatch? In this article you’ll discover how to setup the AWS Simple Notification Service (SNS) to send you emails whenever a CloudWatch alarm gets triggered. We’ll run through a full working example, setting up the alarm and SNS resources, and demonstrating the notifications coming through in real time. What is AWS SNS?...

Published 1 May 2020 · 7 min read · Tom Gregory

Shipping AWS EC2 logs to CloudWatch with the CloudWatch agent

Want to learn how to monitor EC2 logs automatically without having to manually log into servers? Well, in this article we’ll explore how to setup the CloudWatch agent on an EC2 instance to easily stream your logs to AWS. We’ll also setup a simple alarm for when the logs contain certain text that we want to watch out for, all within a worked example. Why would you want to ship your EC2 logs to CloudWatch in the first place?...

Published 24 Apr 2020 · 10 min read · Tom Gregory

Running Docker in Docker on Windows (Linux containers)

If you need to run Docker within a container, or in other words Docker in Docker, this can sometimes be confusing, especially in Windows where it’s not obvious how Docker is setup. In this article, we’ll be lifting the covers on Docker for Windows and exploring how to run Docker commands in containers. Note that we’ll be covering only Linux based containers in this article. UPDATED in June 2021 to use the now default Docker for Windows WSL 2 engine....

Updated 30 Jun 2021 · 8 min read · Tom Gregory