Posted on

Best Practices for Logging in AWS Lambda

Today, we'll cover some things that you might find quite useful in your everyday work. We'll go through some of the best practices for logging into AWS Lambda, and we will explain how and why these ways will simplify your AWS Lambda logging. Let's start with the basics. What is logging?

Logging in AWS Lambda

AWS Lambda is a service that will automatically monitor Lambda functions for you, and it will report the metrics via Amazon CloudWatch. In order to help you with resolving the function failures, Lambda logs will manage all requests by your function as well as automatically store logs that are generated by your code through Amazon CloudWatch Logs.

Posted on

A Useful Overview Of The Cloud Controls Matrix

The Cloud Controls Matrix by Cloud Security Alliance (CSA) has always been the go-to standard when it comes to securing the cloud environment. The matrix itself is developed alongside industry players, cloud service providers, governments, and enterprises, making it the most comprehensive security standard on the market.

The latest update, the Cloud Controls Matrix 3.0.1, includes additions based on the security challenges of today. The matrix is designed to be a list of best practices and must-follow approaches, so it is easy to implement even when you have no specific expertise in cloud security. On top of that, the matrix is available for free.

Posted on

Migrating Spring Java Applications to Azure App Service (Part 1: DataSources and Credentials)

Originally published July 23, 2019

Running on the cloud is not only for cool new applications following 12-factor principles and coded to be cloud-native. Many applications could be converted to be cloud-ready with minimal adjustments — just to be able to run in the cloud environment. In the following few articles we will demonstrate how to address the most common migration items in legacy Spring applications — handling JNDI, and credentials, externalizing configuration, remote debugging, logging, and monitoring.

Posted on

Methodical Approach to Performance Troubleshooting Cloud APIs

This article is intended to be a step-by-step guide, laying out methodology and guidance when solving a performance problem with backend APIs or services. And in using the tools needed, we are able to get to the root cause of performance issues and add monitoring to issues seen in cloud services.

APM Tools

Image title

Posted on

How We Got to Hyperconverged Infrastructure

With hyperconvergence adoption on the rise, it’s hard to believe HCI is a relatively new player in the grand scheme of IT. In fact, according to the State of the Enterprise Datacenter report, 67% of respondents are either using or are planning to adopt a hyperconverged infrastructure.

Growing demands for simplified management, increased performance, and reduced time-to-market mean that now, technologies like hyperconvergence are business necessities, not just “nice to haves.” Maintaining a competitive advantage is an increasingly difficult task, so benefits like scalability, operational efficiency, and reduced costs that help foster innovation and drive execution are integral in reaching that goal.

Posted on

Secrets Management: Using Vault for Accessing the Cloud Infrastructure

Introduction

In the current IT world, there has been a need for having secured connectivity and having many private objects, which need to be accessible only for a limited set of applications or services. We call this orchestration “Secrets Management.” There are many tools currently available in the market that caters to this need. Some of them are inbuilt with the cloud-like Secrets Manager for AWS or Docker Secrets or Vaults. Today, in this post, we will discuss Managing Secrets by Vault and Hashicorp. There are many features that are exposed by Vault in regards to implementing and securing the application authorization and authentication.

We will discuss how dynamic secrets can be generated by Vault using AWS IAM Policies and how to send them to an application via API-based calls. An advantage of dynamic secrets is that they are generated when they are accessed. Dynamic secrets do not exist until they are read, so there is no risk of someone stealing them or another client using the same secrets. Because Vault has built-in revocation mechanisms, dynamic secrets can be revoked immediately after use, minimizing the amount of time the secret existed.

Posted on

The Best Cloud Migration Approach: Lift-And-Shift, Replatform, Or Refactor?

Migrating to a new infrastructure or environment is both thrilling and challenging. It is exciting because the move is usually accompanied by additional resources and new features being made available. These additions are almost always good for the app and the developers behind it. At the same time, the actual process of migrating to the cloud is cumbersome and often difficult to handle.

Cloud migration doesn’t always have to be a hassle though, you simply need to strategize for the move appropriately. Which is why one of the things you need to do when planning for cloud migration is to weigh up the best approach to use. However, there are so many approaches to choose from. In this article, we are going to focus on three of the main trends. Rehosting, replatforming or refactoring. Which of these methods is the best?

Posted on

This Week in Spring: Spring Boot, Azure, GCP, Tips, Tutorials, and More

Hi, Spring fans and welcome to another installment of This Week in Spring! This week, I’m off to pleasant Pittsburgh, PA, to speak at, among other places, DICK’s Sporting Goods. Join me!

Now that my entire six-part series on how to use Spring Boot with Microsoft Azure just concluded, with the final parts being released last week, I wanted to give you the whole thread here for your consumption.

Posted on

Devs Will Just Dev! The Cloud Foundry Promise

“Every company is a technology company” said Peter Sondergaard, Gartner's former executive vice president of research, and evidence of this is all around us. But it was not so easy becoming a technology company, as the entry barriers were high. Besides developing their business propositions, companies had to develop, maintain and operate the platform on top of which their businesses (i.e. applications) run. 

The rise of DevOps culture, automated pipelines, container technologies, and microservices, all contributed to an improved situation. And all these are still evolving and getting increasingly popular. But still, businesses have to deal with things outside the development of their specific business propositions. There is still an operational load to carry, and the load seems to be moved now to the hands of developers. Cloud Foundry helps to eliminate this operational load and the need for building platforms and utility components that have no relation to your business propositions. Cloud Foundry makes it possible to develop only what contributes to your bottom line while it takes care of the rest. It allows developers to just develop! 

Posted on

DevOps Automation and IaC

In my previous blog, I talked about DevOps and compared it to the manufacturing of physical goods. I also mentioned the four key tenets of DevOps (CAMS) and stressed the importance of the automation component.

  • Culture
  • Automation
  • Measurement
  • Sharing

With DevOps, automation manifests itself in two forms, automation of the

Posted on

API Authentication With GCP Identity-Aware Proxy

Cloud Identity-Aware Proxy (Cloud IAP) is a free service that can be used to implement authentication and authorization for applications running in Google Cloud Platform (GCP). This includes Google App Engine applications as well as workloads running on Compute Engine (GCE) VMs and Google Kubernetes Engine (GKE) by way of Google Cloud Load Balancers.

When enabled, IAP requires users accessing a web application to log in using their Google account and ensure they have the appropriate role to access the resource. This can be used to provide secure access to web applications without the need for a VPN. This is part of what Google now calls BeyondCorp, which is an enterprise security model designed to enable employees to work from untrusted networks without a VPN. At Real Kinetic, we frequently bump into companies practicing Death-Star security, which is basically relying on a hard outer shell to protect a soft, gooey interior. It’s simple and easy to administer, but it’s also vulnerable. That’s why we always approach security from a perspective of defense in depth.

Posted on

Customizing Docker Images

Back in the day, when I was beginning to work on public-facing projects, setting up a development environment was really tedious. You have to install all the required software’s on the host machine. Relocating a project from one host to another sometimes comes to be the real work.

Now, the trend seems to have been changed. Once you want to work on a project, you start setting up a virtual machine on a remote computer that your company provides or a local virtual machine (at least in my company people prefer to work on virtual machines). There are many benefits, but one that I use all the time is the ability to take a virtual machine from one host and run it on a different one. Other than that, the ability to have multiple operating systems is very valuable for both development and testing.

Posted on

Strategies and Technologies for Container Security

When adopting any new technology, the ability of that technology to mitigate or reduce security risks should always be on the table. Organizations hesitant to adopt containers are often wary of how their existing processes and paradigms address the challenges of securing containers in production.

For their many benefits, containers effectively represent a new layer in the application stack, which requires a new way of thinking about application security. In its Application Container Security Guide, NIST points out that as containers revolutionize application deployment, organizations must adapt their security strategies to new, dynamic production environments.

Posted on

5 Tricks to Help You With AWS Cost Optimization

By the end of 2019, more than 30% of the 100 largest vendors’ new software investments will move to a “cloud-only” from a "cloud-first" strategy. Any “no-cloud” policies will be nearly extinct by the year 2020. This is mainly because large, medium and small firms are looking for an alternative to reduce their capital expenditure-intensive IT models. Cloud provides a variable cost and pay-as-you-go model, making it economical. Additionally, the scalability and flexibility that comes along with using AWS make it a superior solution than the traditional methods. Companies adopt cloud computing because of its scalability, security or maybe just because cloud computing is the latest trend. Regardless, many have noticed that AWS cost have spiked and spend trends keeps going upwards.

The pricing methods at first look very simple but as you expand, mixing lots of products, it gives you a hard time tracking the ever-growing cost of your cloud infrastructure. Thus, it is really important that you maintain strict Amazon Web Services billing hygiene. Let us, in this short article, examine a few strategies that will help you maintain this hygiene.

Posted on

Kubernetes on AWS: How to Connect to RDS

Hey there! It’s time to write a new blog post about something really hot — Kubernetes. In order to make this article even spicier, I want to talk about Kubernetes in terms of AWS and access to a database. So basically this post is for those of you who want to set up a Kubernetes application on Amazon Cloud and configure access to RDS (Postgres/MySQL) from the application. Let’s get started!

A long time ago, the software development world was taken by storm with the concept of containerization. Since that time, every backend developer should know what is Docker and how to use it. That was only the beginning of something bigger. Today, I can definitely say that containers without proper orchestration and service discovery mechanism are pretty useless. Here is where Kubernetes comes in.

Posted on

Introduction to Kubernetes Pod Networking, Part 1

The Ultimate Guide to Kubernetes Networking on AWS

In this three-part series, we deep dive into the Kubernetes Pod networking options on Amazon, and provide a bit of guidance around the various trade-offs involved in selecting a particular Kubernetes Network technology for your cluster on Amazon.  

If you are looking for an intro to Kubernetes, please have a look at our recent article "What is Kubernetes and Why It's So Popular."

Posted on

Just How Safe Is the Cloud? Security Tips for SMBs

The future of computing exists in the cloud. Businesses and everyday internet users alike are adapting to this new technology at a growing rate, whether it’s for storage or to access the growing "Everything-as-a-Service" (XaaS) market — which includes Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and more.

As of this year, approximately 80% of organizations use the cloud for its data storage benefits. Globally, the public cloud market was valued at $176 billion in 2018 and is projected to grow by 17.3% year-on-year. Software-, Platforms-, and Infrastructure-as-a-Service are growing in popularity, with Microsoft’s Office 365 and Amazon’s Web Services serving as popular examples.