Category: cloud

Categories
cloud sysadmin

New – Visualize Your VPC Resources from Amazon VPC Creation Experience | AWS News Blog

Finally. Amazon Web Services has released a new feature called Amazon Virtual Private Cloud (VPC) resource map, which simplifies the VPC creation experience in the AWS sonsole. This feature displays existing VPC resources and their routing visually on a single page, allowing users to quickly understand the architectural layout of the VPC.

The new VPC creation experience streamlines the process of creating and connecting VPC resources with just one click, even across multiple Availability Zones (AZs). The VPC resource map also allows users to quickly understand the architectural layout of the VPC, including the number of subnets, which subnets are associated with the public route table, and which route tables have routes to the NAT Gateway. Additionally, users can customize a Name tag per resource in the preview and easily change the default CIDR value and subnet mask. The Amazon VPC resource map is now available in all AWS Regions where Amazon VPC is available.

Categories
cloud network security

Tailscale

When I first know about Tailscale, I didn’t “get” it. I read that it is like VPN but not quite the same as your traditional VPN, but I don’t know the details. But since there are a lot of rave reviews from HN users I got curious. After trying it out, I am immediately sold. I have now installed it on all my personal devices.

Tailscale is a revolutionary new way of connecting devices together. Once setup – and it’s very easy to set up – your devices behave just like they are on the same network. No complicated VPN to setup, or persistent connection issues, or remembering IP addresses to access your devices. It just works.

Tailscale is akin to VPN what Dropbox is to file synchronizing.

Tailscale offers a wide range of benefits for businesses and individuals alike. One of the key benefits of Tailscale is that it allows users to access their networks and devices without the need for traditional VPN software. This means that users can access their networks and devices from any device, including smartphones, tablets, and laptops, without the need for additional software or configuration. This makes it extremely convenient for users who need to access their networks and devices while on the go.

Another benefit of Tailscale is that it offers top-of-the-line security. Tailscale uses state-of-the-art encryption to ensure that all data transmitted over the network is secure and protected from cyber threats. This makes it ideal for businesses and organizations that handle sensitive data and need to ensure that it is protected at all times.

The best part is Tailscale is extremely easy to use. It has a simple and intuitive user interface that makes it easy for users of all skill levels to set up and use.

I highly recommend trying it out to just to see how it works. Tailscale is free for personal use.

Categories
ai cloud

Amazon Polly speaks Cantonese

By now, text to speech systems are quite common and widely in use. Tiktok has this feature added as part of their app some time ago. Amazon Polly – Amazon’s version of text-to-speech service – was launched in 2016 and supports quite a large number of languages.

Just this week, AWS announced the availability of a female Cantonese voice to Polly. Upon reading about this, I have to test it out. For the test, I took a sample text from YES 933 facebook page and fed it to Polly. I must say I’m very impressed with the results.

Of course, Amazon Polly is not the first or only Cantonese text-to-speech service out there, but it’s definitely one of the most natural sounding one I’ve heard. Looking forward for more languages to be support.

Footnote: there are some minor modifications to the text to achieve the desired result, eg. to get pauses in the right places, to say nine-three-three instead of nine hundred thirty three etc. But otherwise only default settings are used.

Categories
cloud internet

Comparison of AWS Compute Options in 2022

This is a non-exhaustive comparison of the popular AWS compute options. Hopefully it will help someone who’s also evaluating the various options for running your workload in AWS.

EC2 is the oldest and the most popular option as it is the easiest to start with. However you do have to manage a lot of things if you are choosing this option (OS, scaling, HA, etc). As a developer who may not be so familiar with cloud architecture, this can be daunting. Over the years, AWS has been making it easier to deploy code and make it scale. The latest compute product App Runner is a super simple way to write web applications in AWS. Though there are some who reported teething issues using it, I have no doubt those will be fixed in due time when it hits general availability.

Reference:
https://nathanpeck.com/concurrency-compared-lambda-fargate-app-runner/

Categories
cloud sysadmin

Granting AWS billing access to IAM (non-root account) users

By default, IAM users will not be allowed to access the Billing dashboard. This is true even if the user has AdministratorAccess permission. If you use AWS as a non-root/owner account user, but require access to billing and payment, here’s how you can do it.

Create billing IAM policies

  1. Go to IAM: https://console.aws.amazon.com/iam/
  2. Select Policies > Create policy
    1. Choose a service > Enter “Billing”
    2. Check All billing actions
  3. Review > name it “BillingFullAccess” > Create policy

Attach billing policy

You can attach billing policy to users or user groups. For simplicity, let’s assume we are applying it a user.

  1. Go to IAM: https://console.aws.amazon.com/iam/
  2. Select users > choose the user that you want to apply
  3. Select Add permissions > Attach existing policies directly
  4. Check BillingFullAccess
  5. Review > Add permission

Activating access to the AWS billing console

From AWS documentation,

By default, IAM users and roles within an AWS account can’t access the Billing console pages. This is true even if the IAM user or role has IAM policies that grant access to certain Billing features.

The last step is to enable this permission. To do so,

  1. Sign in as root/account owner
  2. Click on your username on the top right and select Account
  3. Scroll down to IAM User and Role Access to Billing Information
  4. Click Edit, check Activate IAM Access
  5. Update

And it’s done. You can now login as the IAM user and access the billing dashboard.

Categories
cloud security sysadmin

New for Amazon GuardDuty – Malware Detection for Amazon EBS Volumes | AWS News Blog

Once configured, AWS GuardDuty will now scan EBS volumes for malware and report its findings when it detects suspicious activities. If you haven’t enable it already, you should do so.

https://aws.amazon.com/blogs/aws/new-for-amazon-guardduty-malware-detection-for-amazon-ebs-volumes/

When you have GuardDuty Malware Protection enabled, a malware scan is initiated when GuardDuty detects that one of your EC2 instances or container workloads running on EC2 is doing something suspicious.

Categories
cloud internet privacy

The Era of Borderless Data Is Ending – The New York Times

From data privacy and data residency to digital sovereignty, change is happening, and not necessarily in a good way. The wild west that characterize the Old Internet is being chipped off one block at a time. Some predicts this will lead to the end of general computation and further entrench incumbents, making it even more difficult for new players to break in.

Nations are accelerating efforts to control data produced within their perimeters, disrupting the flow of what has become a kind of digital currency.

Source: The Era of Borderless Data Is Ending – The New York Times

Categories
cloud IoT security

“I’m totally screwed.” WD My Book Live users wake up to find their data deleted

This is like the worse case scenario that security researchers have been warning about. Someone exploited an old vulnerability for some WD devices and wiped out all the data in those devices that are exposed in the internet.

WD advises customers to immediately unplug their My Book Live and My Book Live Duo from the internet.

“I have a WD mybook live connected to my home LAN and worked fine for years,” the person who started the thread wrote. “I have just found that somehow all the data on it is gone today, while the directories seem there but empty. Previously the 2T volume was almost full but now it shows full capacity.”

It’s too easy to blame IoT device manufacturers, but this is a very tough problem. The following comment from HN says it best.

There’s really no winning with this.

You can release patches 6 years after your device is EoL but there will forever be more security issues and people using your ancient product (think how long it takes some versions of Windows to truly reach less than 100k active machines. Hell I wonder if Windows 3.1 has really reached that number or not. The long tail is going to be loooong). Not to mention you’ve created a precedent that the device is still getting patches and can be used by users, only making the lifecycle issue worse.

You can release a version which severely limits the capability of the product or effectively disables it but this is just a guaranteed way of getting bad press and even more customers will be mad at you for killing a device early.

You can turn the device over to the community (if you can managed to get it through legal and 3rd party agreements) but that isn’t actually going to solve anything as it’s not a product for extremely tech savvy users, at best it buys deflection in the news report in exchange for the effort of doing this (if you can at all).

You can claim the lifecycle is over and years later and be technically correct but still get the bad press and user feedback anyways.

Source: “I’m totally screwed.” WD My Book Live users wake up to find their data deleted

Categories
cloud

Troubleshoot Boot and Networking Issues with New EC2 Serial Console | AWS News Blog

This is extremely useful for those times when the system is unable to get to the stage where sshd is running, or there are network-related issues which prevent a normal ssh connection from working. This is akin to the console view of a VM through the hypervisor.

https://aws.amazon.com/blogs/aws/troubleshoot-boot-and-networking-issues-with-new-ec2-serial-console/

… EC2 Serial Console, a simple and secure way to troubleshoot boot and network connectivity issues by establishing a serial connection to your Amazon Elastic Compute Cloud (EC2) instances.

Categories
cloud internet

AWS Fault Injection Simulator – Fully managed chaos engineering service – Amazon Web Services

Chaos engineering originated at Netflix with the creation of Chaos Monkey. The idea is that large-scale distributed systems require a different approach to test for failure, since there are so many moving parts. AWS is announcing a new service in 2021 that will help teams to implement chaos engineering to test their setup.

https://aws.amazon.com/fis/

With Fault Injection Simulator, teams can quickly set up experiments using pre-built templates that generate the desired disruptions, such as server latency or database error.