<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:media="http://search.yahoo.com/mrss/"><channel><title><![CDATA[Emronix]]></title><description><![CDATA[Thoughts, stories and ideas about Cloud Technology]]></description><link>https://emronix.com/</link><image><url>https://emronix.com/favicon.png</url><title>Emronix</title><link>https://emronix.com/</link></image><generator>Jamify 1.0</generator><lastBuildDate>Fri, 11 Jun 2021 19:15:28 GMT</lastBuildDate><atom:link href="https://emronix.com/rss/" rel="self" type="application/rss+xml"/><ttl>60</ttl><item><title><![CDATA[How to Deploy Containerized App with AWS App Runner]]></title><description><![CDATA[You can use AWS APP Runner service to deploy your Containerized App without handling AWS Infrastructure management task.]]></description><link>https://emronix.com/how-to-deploy-containerized-app-on-aws-app-runner/</link><guid isPermaLink="false">Ghost__Post__60c0ff8b8fabd60556da317f</guid><category><![CDATA[Container]]></category><category><![CDATA[AWS]]></category><dc:creator><![CDATA[Saurabh Jain]]></dc:creator><pubDate>Fri, 11 Jun 2021 18:02:00 GMT</pubDate><media:content url="https://emronix.com/static/a5c669aef16d0fd6fed53954286a7013/Deploy-Containerized-App-using-AWS-App-Runner.png" medium="image"/><content:encoded><![CDATA[<img src="https://emronix.com/static/a5c669aef16d0fd6fed53954286a7013/Deploy-Containerized-App-using-AWS-App-Runner.png" alt="How to Deploy Containerized App with AWS App Runner"/><p>As an AWS user, have you ever thought that how to run your containerized app in AWS? Well, it can be done in multiple ways but a simpler way is via the AWS App Runner service. As per AWS, you don't need any orchestrator, load balancer, setup any build pipeline, TLS certificate, or manage any server.</p><p>Either you can bring your container image or you can use the container build service by connecting your GitHub repository. A simple architectural overview is shown below:</p><figure class="kg-card kg-image-card fluid-image" style="flex: 1.7624633431085044 1 0"><img src="http://172.16.120.128:2368/content/images/2021/06/app-runner-architecture.png" alt="How to Deploy Containerized App with AWS App Runner" loading="lazy" width="601" height="341" srcset="http://172.16.120.128:2368/content/images/size/w600/2021/06/app-runner-architecture.png 600w, http://172.16.120.128:2368/content/images/2021/06/app-runner-architecture.png 601w" maxWidth="601"/></figure><p>Let's dive into the steps to deploy the containerized app.</p><h3 id="step-1-specify-container-image-source">Step 1: Specify Container Image Source</h3><p>If you are going to link your GitHub repo, select Repository type <strong>"Source Code"</strong>, and if in case you going to use AWS ECR (Elastic Container Registry), select Repository type <strong>"Container Registry". </strong>In this section, I am going to  use public AWS ECR. I didn't found an option to specify a public image from Docker Hub. In my opinion, AWS should consider supporting Docker Hub, as it is a popular repository to host private and public repo. After selecting Repository type, specify the link to container image as shown below and click <strong>"Next"</strong>.</p><figure class="kg-card kg-image-card fluid-image" style="flex: 2.038095238095238 1 0"><img src="http://172.16.120.128:2368/content/images/2021/06/aws-app-runner-container-image-source.png" alt="How to Deploy Containerized App with AWS App Runner" loading="lazy" width="2000" height="981" srcset="http://172.16.120.128:2368/content/images/size/w600/2021/06/aws-app-runner-container-image-source.png 600w, http://172.16.120.128:2368/content/images/size/w1000/2021/06/aws-app-runner-container-image-source.png 1000w, http://172.16.120.128:2368/content/images/size/w1600/2021/06/aws-app-runner-container-image-source.png 1600w, http://172.16.120.128:2368/content/images/size/w2400/2021/06/aws-app-runner-container-image-source.png 2400w" sizes="(min-width: 720px) 720px" maxWidth="2996"/></figure><h3 id="step-2-configure-settings-for-your-service">Step 2: Configure Settings for your Service</h3><p>Specify the name, port to be used. You can configure optional configurations as per your requirement. For this example, I am keeping them as default. Click <strong>"Next"</strong>.</p><figure class="kg-card kg-image-card fluid-image" style="flex: 1.9945578231292518 1 0"><img src="http://172.16.120.128:2368/content/images/2021/06/aws-app-runner-configure-service.png" alt="How to Deploy Containerized App with AWS App Runner" loading="lazy" width="2000" height="1003" srcset="http://172.16.120.128:2368/content/images/size/w600/2021/06/aws-app-runner-configure-service.png 600w, http://172.16.120.128:2368/content/images/size/w1000/2021/06/aws-app-runner-configure-service.png 1000w, http://172.16.120.128:2368/content/images/size/w1600/2021/06/aws-app-runner-configure-service.png 1600w, http://172.16.120.128:2368/content/images/size/w2400/2021/06/aws-app-runner-configure-service.png 2400w" sizes="(min-width: 720px) 720px" maxWidth="2932"/></figure><h3 id="step-3-review-and-create">Step 3: Review and Create</h3><p>In this step, review your configurations and then click <strong>"Create &#x26; deploy"</strong>.</p><figure class="kg-card kg-image-card fluid-image" style="flex: 1.9259723964868256 1 0"><img src="http://172.16.120.128:2368/content/images/2021/06/aws-app-runner-service-created.png" alt="How to Deploy Containerized App with AWS App Runner" loading="lazy" width="2000" height="1038" srcset="http://172.16.120.128:2368/content/images/size/w600/2021/06/aws-app-runner-service-created.png 600w, http://172.16.120.128:2368/content/images/size/w1000/2021/06/aws-app-runner-service-created.png 1000w, http://172.16.120.128:2368/content/images/size/w1600/2021/06/aws-app-runner-service-created.png 1600w, http://172.16.120.128:2368/content/images/size/w2400/2021/06/aws-app-runner-service-created.png 2400w" sizes="(min-width: 720px) 720px" maxWidth="3070"/></figure><p>Your Application will get deployed behind a load balancer with a TLS certificate. You can check logs and once your application is in RUNNING state, you can click on the URL generated by AWS. You can also configure your custom Domain.</p><h3 id="summary">Summary</h3><p>After reading this article you can easily deploy your containerized app using AWS App Runner. It will be great if in the future we see Docker Hub integration with App Runner. Other providers do support Docker Hub.</p><h3 id="want-to-leave-a-comment">Want to leave a comment?</h3><p>Join the discussion on <a href="https://twitter.com/TechNSaurabh/status/1403428994452656129?s=20">Twitter</a>.</p>]]></content:encoded></item><item><title><![CDATA[Security Analysis and Compliance Monitoring with AWS CloudTrail]]></title><description><![CDATA[When it comes to Security Analysis and Compliance in AWS, you can use CloudTrail service provided by AWS.]]></description><link>https://emronix.com/security-analysis-and-compliance-monitoring-with-aws-cloudtrail/</link><guid isPermaLink="false">Ghost__Post__60b91397b26a3d02c76f2098</guid><category><![CDATA[Security]]></category><category><![CDATA[AWS]]></category><dc:creator><![CDATA[Saurabh Jain]]></dc:creator><pubDate>Thu, 03 Jun 2021 17:39:28 GMT</pubDate><media:content url="https://emronix.com/static/d513e2270d720b184b8511eea1cdfd5a/Security-Analysis-and-Compliance-Monitoring-with-AWS-CloudTrail.png" medium="image"/><content:encoded><![CDATA[<img src="https://emronix.com/static/d513e2270d720b184b8511eea1cdfd5a/Security-Analysis-and-Compliance-Monitoring-with-AWS-CloudTrail.png" alt="Security Analysis and Compliance Monitoring with AWS CloudTrail"/><p>AWS CloudTrail provides the ability to record all API calls and resource changes that helps to build preventative and detective security controls for your AWS environment. CloudTrail records the API requests with metadata in your environment and then sent them to AWS S3 to store these event logs. You can use these logs for Security Analysis and Compliance Monitoring.</p><h3 id="cloudtrail-events">CloudTrail events</h3><p>A CloudTrail event is the record of activity in your AWS environment. For example, events can be like users creating/deleting a DynamoDB table, modifying the configuration of EC2, or any activity made through the AWS Management Console, etc.</p><p>There are 3 types of events:</p><ol><li><strong>Management events</strong> – control plane (management and network) operations performed on the resources in your AWS environment, such as IAM role configuration, VPC network configuration, EC2 subnet creation/update, etc.</li><li><strong>Data events</strong> - data plane operations and are often high-volume activities. It is disabled by default. Data events charge an additional cost for logging.</li><li><strong>CloudTrail Insight events</strong> – Record unusual activity in your AWS environment such as excessive API calls in a short period. It is disabled by default. CloudTrail Insight events charge an additional cost for logging.</li></ol><h3 id="cloudwatch-vs-cloudtrail">CloudWatch vs CloudTrail</h3><p>Though both are monitoring services from AWS, they are used for different purposes. CloudWatch is used to log all events for AWS service and resources whereas CloudTrail is used to log all events inside your AWS environment.</p><p>CloudWatch is used to monitor:</p><ul><li>Performance and metrics of your AWS resource and application.</li><li>User-defined logs in your application.</li><li>CloudWatch events and you can automate actions based on these events.</li><li>Alarms, where you can define thresholds for the resources. When the threshold reaches, the alarm will get triggered and you can define actions(like sending you a mail notification).</li></ul><p>Whereas, CloudTrail is used to monitor:</p><ul><li>"Who" has performed "what" action in your AWS environment.</li><li>"When" and "where" the action has been performed.</li></ul><p>These two services when used together, will give you a robust monitoring solution provided by AWS.</p><h3 id="cloudtrail-best-practices">CloudTrail Best Practices</h3><p>You can consider below mentioned best practices while using the CloudTrail service. This list does not represent a complete cloud security solution, but you can refer to it when you are setting up your security solution for your organization.</p><ul><li>To get a complete record of events in your organization, configure CloudTrail on all Accounts and Regions.</li><li>Set up different trails for different use cases.</li><li>To monitor data plane events, consider enabling data events. By default it is disabled. It has an additional cost.</li><li>Have a dedicated S3 bucket to store CloudTrail events log files with a security policy in place.</li><li>Enable MFA delete and versioning on S3 bucket which stores CloudTrail events log files.</li><li>Enable CloudTrail log files integrity validation.</li><li>Enable encryption on CloudTrail log files in the S3 bucket.</li><li>Use event selectors with data events. It will give you more control of your data events logs.</li><li>When used with CloudWatch, you will get a robust monitoring solution provided by AWS.</li><li>You can enable CloudTrail Insights. Insights automatically analyze management events and deliver the event to the S3 bucket whenever there is any unusual activity in your AWS environment. Then you can create a workflow to send notifications of these unusual events.</li></ul><h3 id="summary">Summary</h3><p>In this post, I have covered the basics of CloudTrail Concepts and how it can be used for Security analysis and compliance monitoring. You can use CloudWatch with CloudTrail to provide additional monitoring capabilities to your monitoring solution. Also, you can refer to some of the best practices mentioned in this post.</p><h3 id="want-to-leave-a-comment">Want to leave a comment?</h3><p>Join the discussion on <a href="https://twitter.com/TechNSaurabh/status/1400894159678935040?s=20">Twitter</a>.</p>]]></content:encoded></item></channel></rss>