Patrolaroid - инструмент для проверки на безопасность рабочего прода:

https://github.com/rpetrich/patrolaroid

Вместо установки утилит на живой прод, Patrolaroid делает его снэпшот и ставит через SSH нужное на поднятый из него дубликат, где посредством YARA rules проверяет систему на различные уязвимости.

#security

The Serverless Rules are a compilation of rules to validate infrastructure as code templates for AWS against recommended practices.

They are available as cfn-lint or tflint plugins. So, you can check your CloudFormation or Terraform code against them.

#aws #serverless

Incident with Issues and GitHub Pages:
We are investigating issues with our CDN rendering static assets. We are monitoring progress and will provide updates when we have them.
Jun 8, 10:10 UTC
https://www.githubstatus.com/

Глобальные проблемы с интернетом - https://downdetector.com/

So, first big announcements from HashiConf Europe, which is happening right now.

Terraform goes 1.0 at last!!

People were expecting this release for a long time. Also, it seems like there gonna be less jokes about Terraform's production readiness from now on.

#hashicorp #terraform

50% скидка на экзамен!
https://pages.awscloud.com/GLOBAL_TRAINCERT_takethechallenge.html

Hint. Если в Alarm в Action вы видете
Failed to execute action <arn>. Received error: ""
то посмотреть ошибку можно с помощью
aws cloudwatch describe-alarm-history --alarm-name <alarm-name> --history-item-type Action
Например:

        {
            "AlarmName": "Name",
            "AlarmType": "MetricAlarm",
            "Timestamp": "2021-06-07T04:50:25.910000+00:00",
            "HistoryItemType": "Action",
            "HistorySummary": "Failed to execute AutoScaling action: No step adjustment found for metric value [0.0, 0.0] and breach delta -1.0",
            "HistoryData": "{\"actionState\":\"Failed\",\"stateUpdateTimestamp\":1623041425825,\"notificationResource\":\"<arn>\",\"publishedMessage\":null,\"error\":null}"
        },

Уже сегодня!

https://aws.amazon.com/events/summits/online/emea/

Старт-стоп RDS по расписанию с помощью SSM:

https://aws.amazon.com/blogs/database/schedule-amazon-rds-stop-and-start-using-aws-systems-manager/

Старт-стоп RDS по расписанию с помощью Лямбды:

https://aws.amazon.com/blogs/database/schedule-amazon-rds-stop-and-start-using-aws-lambda/

#RDS #SSM #Lambda

​​Новый AWS регион в 2023-м году — Тель-Авив, Израиль:

https://aws.amazon.com/blogs/aws/in-the-works-aws-region-in-tel-aviv-israel/

Регион планируется к сдаче в первой половине 2023-го года.

#AWS_Regions

Для тех кто пропустил, ночью был сбой в AWS Frankfurtl (eu-central-1) который продлился с 8 до 11 вечера по UTC ( по нашим данным). В итоге отлетела одна AZ.
Официально это звучит как "connectivity issues to some EC2 instances, increased API errors rates, and degraded performance for some EBS volumes within a single Availability Zone"

Официальная причина:
"The root cause of this issue was a failure of a control system which disabled multiple air handlers in the affected Availability Zone. These air handlers move cool air to the servers and equipment, and when they were disabled, ambient temperatures began to rise. Servers and networking equipment in the affected Availability Zone began to power-off when unsafe temperatures were reached. Unfortunately, because this issue impacted several redundant network switches, a larger number of EC2 instances in this single Availability Zone lost network connectivity. While our operators would normally had been able to restore cooling before impact, a fire suppression system activated inside a section of the affected Availability Zone. When this system activates, the data center is evacuated and sealed, and a chemical is dispersed to remove oxygen from the air to extinguish any fire. In order to recover the impacted instances and network equipment, we needed to wait until the fire department was able to inspect the facility. After the fire department determined that there was no fire in the data center and it was safe to return, the building needed to be re-oxygenated before it was safe for engineers to enter the facility and restore the affected networking gear and servers. The fire suppression system that activated remains disabled. This system is designed to require smoke to activate and should not have discharged. This system will remain inactive until we are able to determine what triggered it improperly. In the meantime, alternate fire suppression measures are being used to
protect the data center. Once cooling was restored and the servers and network equipment was re-powered, affected instances recovered quickly. "

Если кратко - у ребят сбойнула система охлаждения, перегрелись коммутаторы и все накрылось пушным зверем. А потом еще сработала пожарка что помешало быстро восстановиться. Короче было весело. В итоге все рассосалось, сеть восстановили и все стало хорошо.

Fastly: Summary of June 8 outage

8 июня половина интернета внезапно выключилась. Упали deb репы, куча статики и куча знаменитых сайтов. По ссылке - публичный summary их постмортема, выводы - Time-to-Recover 1 час 13 минут - вполне нормально для современного интернета:
- 09:47 Initial onset of global disruption
- 11:00 Majority of services recovered

Второй вывод - акции Fastly подросли на 16% после инцидента. Оказывается, неработающий сервис может быть полезным для бизнеса.

Третий вывод - если ваш Time-to-Recover меньше чем 1 час 13 минут, вы всегда можете аргументировать ‘Мы восстановились быстрее, чем Fastly’ 😁

https://www.fastly.com/blog/summary-of-june-8-outage

​​Котейнер.

#пятничное

​​Сеньор сказал в бэклог, значит в бэклог!

Девопсы в день релиза.

Запуск нескольких параллельных SSM сессий в одном окне:

https://github.com/elpy1/ssm-multi-tmux

#SSM