During a recent audit we did for a customer's AWS environment, I was looking for an efficient way to analyse the security profile for each IAM user, without too many clicks and navigating back and forth on the IAM console. You know, checking if MFA is enabled, when last security keys were rotated, that kind of stuff. I found a very quick and easy way to do this via the AWS CLI.
Post updated: 2019-08-21 Version2 of the lambda function available. Git repo: https://github.com/smitphilip/Ec2-Auto-StartStop It's been an interesting week… I've been getting my hands dirty with a number of new AWS tasks, as I'm part of a task-force type team that is busy developing a new product where components of it will live in AWS. This is part of a larger internal proof of concept, and in the light of cost-saving, while building our MVP, the team decided to shut down the EC2 instances while we're not working on them.
Wow! What a journey it's been so far. I'm officially a Red Har Certified Engineer! I was able to score 261 (out of 300). What a rough exam. I have massive respect for anyone that even attempt this exam. It's by far the most difficult vendor based exams I've ever written. It requires you to think on your feet and to make the solution work, and just to add another level of difficulty, time is not on your side.
A good technique to support fault tolerance in production server environments is to bond/team multiple physical interfaces together. This way, if one interface would fail, another interface is ready (with the same IP) to provide connectivity. Another benefit would be to provide higher performance using the combined bandwidth of both interfaces. The result is a single logical link (at layer 2). RHEL and CentOS support two methods to aggregate multiple links; bonding and teaming.
Nobody is a master at anything from day one. Anything that you attempt for the first time, takes a number of iterations and attempts before you're really good at it. I work in new environments, new networks, and on new systems fairly often, and do work for companies that are based in countries which are always a bit behind the curve of international IT trends. Without any existing integration between systems, and orchestration systems in place, I find that it always takes so much longer to automate from the start.