Wednesday, April 27, 2022

SSM - Session Manager - System - SSM Port Forwarding, Bastionless

BastionLess VM ,  VM is in private Subnet with private IP with access to NAT gateway

NAT Gateway should have a route to Internet G/W



  1. Verify that SSM Agent is installed on the instance.
  2. Create an AWS Identity and Access Management (IAM) instance profile for Systems Manager. You can create a new role, or add the needed permissions to an existing role.
  3. Attach the IAM role to your private EC2 instance.
  4. Make sure on respective Bastionless VM, you can reach following VPC Endpoints -  curl 


Make sure that you have specified all VPC endpoint for SSM:

  • com.amazonaws.region.ssm: The endpoint for the Systems Manager service.
  • com.amazonaws.region.ec2messages: Systems Manager uses this endpoint to make calls from SSM Agent to the Systems Manager service.
  • com.amazonaws.region.ec2: If you're using Systems Manager to create VSS-enabled snapshots, you need to ensure that you have an endpoint to the EC2 service. Without the EC2 endpoint defined, a call to enumerate attached EBS volumes fails, which causes the Systems Manager command to fail. - com.amazonaws.region.ssmmessages: This endpoint is required only if you are connecting to your instances through a secure data channel using Session Manager. For more information, see AWS Systems Manager Session Manager.

Thursday, March 31, 2022

R-LANE , Lift/Shift, Re-platform, Modernization

 



















"













Migration" - Moving Enterprise Workload from On-Premise DataCentre to Public/Private Clouds

"Modernize" - Refactor Monolith Codebase and Expose APIS on top of that new refactored code deployed in cloud

"Build Native" - From Zero - Re-design - Microservices.



https://www.youtube.com/watch?v=yWByEVB0VJE&list=WL&index=57

----------------------------------------------------------------------

6R's - https://www.youtube.com/watch?v=AmyuEIux6xs&list=WL&index=56


Rehost     - IAAS - Lift and Shift - Forklift - Very Early  - Low Resistance Migration Strategy

Replatform - PAAS - Elastic BeanStalk - Minor changes

Repurchase - Ending License - Properitiary - CRM 

Refactor   - Re-architect - Recoding - Decompose Monolith

Retain     - Not Ready to migrate - legacy/critical - 

Retire     - Not needed - Turn off


----------------------------------------------------------------------

https://www.youtube.com/watch?v=68z4XZTpSIA&list=WL&index=62


Assess

Migrate

Optimise

Secure and Manage


VFunction

https://www.youtube.com/watch?v=y1Jt3d3C0ZU


  • JVM - "Dynamic and Static Analysis"

Data Collection and Learning  -> VFunction Agents -  Analyse JVM -> Coverage 

Identify Userflows, Boundaries of Services

Algorithms - Entrpoint of Services


  • "Interactive Platform"

Architect gets an interactive platform which is result of Dynamic/Static Analysis done by agents

RIch info about Services and allows Architect to merge/Split Services

System Creates based on Architect's input - Specification of Service which is a JSON File


  • "Code Generation"

JSON Entrypoint, Parameters, Classes +  Scans Orginal Code  => Automation Engine

creates a new project with well defined APIs 

Tuesday, January 25, 2022

GoLang, Go - Links

https://www.youtube.com/watch?v=yyUHQIec83I

https://www.youtube.com/watch?v=YS4e4q9oBaU

https://www.youtube.com/watch?v=1NF2LtWbA1g


https://go.dev/play/

https://go.dev/tour/


https://go.dev/docs

https://pkg.go.dev


https://gobyexample.com/

https://golangbot.com/

https://www.golangprograms.com/


EKCTL - Command Sheet - Cheat Code

https://eksctl.io/usage/unowned-clusters/


  • Create:
    • eksctl create nodegroup (see note below)
    • eksctl create fargateprofile
    • eksctl create iamserviceaccount
    • eksctl create iamidentitymapping
  • Get:
    • eksctl get clusters/cluster
    • eksctl get nodegroup
    • eksctl get labels
  • Delete:
    • eksctl delete cluster
    • eksctl delete nodegroup
    • eksctl delete fargateprofile
    • eksctl delete iamserviceaccount
    • eksctl delete iamidentitymapping
  • Upgrade:
    • eksctl upgrade cluster
    • eksctl upgrade nodegroup
  • Set/Unset:
    • eksctl set labels
    • eksctl unset labels
  • Scale:
    • eksctl scale nodegroup
  • Drain:
    • eksctl drain nodegroup
  • Enable:
    • eksctl enable profile
    • eksctl enable repo
  • Utils:
    • eksctl utils associate-iam-oidc-provider
    • eksctl utils describe-stacks
    • eksctl utils install-vpc-controllers
    • eksctl utils nodegroup-health
    • eksctl utils set-public-access-cidrs
    • eksctl utils update-cluster-endpoints
    • eksctl utils update-cluster-logging
    • eksctl utils write-kubeconfig
    • eksctl utils update-coredns
    • eksctl utils update-aws-node
    • eksctl utils update-kube-proxy



Kubectl and EKSCTL - Story

  • eksctl creates Cluster using Cloudformation template
  • Cluster is mapped to EC2-Role and it here where we get visibility
  • Each Cluster is mapped to  "Context" in ~/.kube/config File which is a config file used by kubectl
  • kubectl knows what its target vms are or context is.
  • Each Context/Target Nodes can be shared between many different Project by using "namespaces"

Azure - Pipeline - Add Approver for Stage

https://learn.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass