Wednesday, April 27, 2022

SSM - Session Manager - System - SSM Port Forwarding, Bastionless

BastionLess VM ,  VM is in private Subnet with private IP with access to NAT gateway

NAT Gateway should have a route to Internet G/W

  1. Verify that SSM Agent is installed on the instance.
  2. Create an AWS Identity and Access Management (IAM) instance profile for Systems Manager. You can create a new role, or add the needed permissions to an existing role.
  3. Attach the IAM role to your private EC2 instance.
  4. Make sure on respective Bastionless VM, you can reach following VPC Endpoints -  curl 

Make sure that you have specified all VPC endpoint for SSM:

  • com.amazonaws.region.ssm: The endpoint for the Systems Manager service.
  • com.amazonaws.region.ec2messages: Systems Manager uses this endpoint to make calls from SSM Agent to the Systems Manager service.
  • com.amazonaws.region.ec2: If you're using Systems Manager to create VSS-enabled snapshots, you need to ensure that you have an endpoint to the EC2 service. Without the EC2 endpoint defined, a call to enumerate attached EBS volumes fails, which causes the Systems Manager command to fail. - com.amazonaws.region.ssmmessages: This endpoint is required only if you are connecting to your instances through a secure data channel using Session Manager. For more information, see AWS Systems Manager Session Manager.

Thursday, March 31, 2022

R-LANE , Lift/Shift, Re-platform, Modernization



Migration" - Moving Enterprise Workload from On-Premise DataCentre to Public/Private Clouds

"Modernize" - Refactor Monolith Codebase and Expose APIS on top of that new refactored code deployed in cloud

"Build Native" - From Zero - Re-design - Microservices.


6R's -

Rehost     - IAAS - Lift and Shift - Forklift - Very Early  - Low Resistance Migration Strategy

Replatform - PAAS - Elastic BeanStalk - Minor changes

Repurchase - Ending License - Properitiary - CRM 

Refactor   - Re-architect - Recoding - Decompose Monolith

Retain     - Not Ready to migrate - legacy/critical - 

Retire     - Not needed - Turn off





Secure and Manage


  • JVM - "Dynamic and Static Analysis"

Data Collection and Learning  -> VFunction Agents -  Analyse JVM -> Coverage 

Identify Userflows, Boundaries of Services

Algorithms - Entrpoint of Services

  • "Interactive Platform"

Architect gets an interactive platform which is result of Dynamic/Static Analysis done by agents

RIch info about Services and allows Architect to merge/Split Services

System Creates based on Architect's input - Specification of Service which is a JSON File

  • "Code Generation"

JSON Entrypoint, Parameters, Classes +  Scans Orginal Code  => Automation Engine

creates a new project with well defined APIs 

Azure - Pipeline - Add Approver for Stage