You can now schedule and manage EC2 snapshots from the AWS console. No longer is it necessary to script this out. How's this done? At a high level, You can create a policy to snapshot every 12 or 24 hours based on a tag, setting the number of snapshots to retain. Enable policy, tag instances … Continue reading AWS Snapshot Lifecycle Policies- Finally!
I recently deployed AWS GuardDuty for a client and wanted to share some thoughts on the services at a high level. If unfamiliar, GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior by evaluating VPC Flow Logs, CloudTrail and DNS Logs (if using AWS DNS). The Good A single click … Continue reading Thoughts on AWS GuardDuty
AWS recently introduced spread placement groups, an important piece for high availability for certain types of smaller deployments. Let's say your workload required 4 instances and you've placed 2 instances Availability Zone A and 2 in Availability Zone B within a single region. With a normal deployment, it would be possible for the instances in … Continue reading Spread Placement Groups
A while back, I did a post on creating snapshots of EC2 instances with Powershell here. Well, in November, AWS released an option to do VSS-aware snapshots via SSM. You'll find AWS' post about that here. From the AWS post... To create VSS-enabled EBS snapshots by using AWS Tools for Windows PowerShell: Send-SSMCommand -DocumentName AWSEC2-CreateVssSnapshots … Continue reading An update on Windows EC2 Instance Snapshotting with Powershell
This hasn't happened to me, but knowing that it could encourages me to take note of how to address the scenario if it occurs. I came across a great example here (great step-by-step instructions). To sum up: Shutdown your instance Create an AMI Launch an instance from an AMI where you can create/choose a private … Continue reading What To Do If You Lose Your EC2 Private Key
I came across and interesting approach recently for resetting a misplaced/undocumented Windows administrator passwords in a reddit post. This technique is only valid for instances with SSM installed. "SSM Agent is installed by default on Windows Server 2016 instances and instances created from Windows Server 2003-2012 R2 AMIs published in November 2016 or later." As … Continue reading Resetting the password on your Windows EC2 instance via SSM
In Part 1, we successfully initiated a snapshot with Powershell. Here we'll continue building out the script. Cleaning Up Old Snapshots Anyone who's ever worked with regularly scheduled snapshots knows you need regularly scheduled cleanup or your AWS invoices will slowly creep up over time. I'll be filtering by Description to determine which snapshots do … Continue reading Snapshotting Windows EC2 Instances with Powershell – Part 2