Let’s imagine you have objects archived in S3 Glacier tier and you got a request made them available. For this the restoration is required - because Glacier Archive tier is a magnetic tape, and restoration is a batch job, there will be few hours delay after restore initiation. Commands - taken from https://motilevy.medium.com/permanently-restore-s3-objects-from-glacier-f4b88503a5e6 Create objects list, which needs to be restored aws s3api list-objects-v2 \ — bucket <bucket-name> \ — query “Contents[?...
RDS Disaster Recovery using Snapshot sharing tool
Lets imagine the scenario, when attacker gains access to the production AWS account and can modify or remove RDS databases and snapshots, affecting business continuity. To mitigate such risks we should have disaster recovery solution is in place in the form of an RDS snapshot tool that runs on a daily basis in two accounts in parallel: the production account and the backup account. Production account: RDS snapshot tool creates encrypted snapshots of the RDS databases and recrypts them with a KMS key shared from the backup account....
SSH access to AWS EC2 with SSM
The AWS Well-Architected Framework consists of five pillars that represent the key areas of focus for building and operating reliable, secure, efficient, and cost-effective systems in the cloud - Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization. By using AWS SSM for secure EC2 access we are matching Security pillar in several ways: Centralized access control through AWS Identity and Access Management (IAM) policies Encrypted communications - all data is encrypted in transit between the SSM client and the SSM service, and between the SSM service and the EC2 instance...
k8s operator with kubebuilder - domain, group, kind, version
While trying to close my k8s knowledge gaps, I’ve followed titorual on how to create k8s operator with kubebuilder. After executing few magic commands, like kubebuilder init --domain tutorial.kubebuilder.io --repo tutorial.kubebuilder.io/project kubebuilder create api --group batch --version v1 --kind CronJob I’ve keen to know more - what are domain, group, kind, why they needed at all and can we omit them? There is some information on that topic in kubebuilder tutorial - Groups and Versions and Kinds, oh my!...