This helps get a 10,000 foot view of any EC2 instances running across all EC2 regions. Output looks like this:
You can now schedule and manage EC2 snapshots from the AWS console. No longer is it necessary to script this out. How's this done? At a high level, You can create a policy to snapshot every 12 or 24 hours based on a tag, setting the number of snapshots to retain. Enable policy, tag instances … Continue reading AWS Snapshot Lifecycle Policies- Finally!
I recently deployed AWS GuardDuty for a client and wanted to share some thoughts on the services at a high level. If unfamiliar, GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior by evaluating VPC Flow Logs, CloudTrail and DNS Logs (if using AWS DNS). The Good A single click … Continue reading Thoughts on AWS GuardDuty
AWS recently introduced spread placement groups, an important piece for high availability for certain types of smaller deployments. Let's say your workload required 4 instances and you've placed 2 instances Availability Zone A and 2 in Availability Zone B within a single region. With a normal deployment, it would be possible for the instances in … Continue reading Spread Placement Groups
A while back, I did a post on creating snapshots of EC2 instances with Powershell here. Well, in November, AWS released an option to do VSS-aware snapshots via SSM. You'll find AWS' post about that here. From the AWS post... To create VSS-enabled EBS snapshots by using AWS Tools for Windows PowerShell: Send-SSMCommand -DocumentName AWSEC2-CreateVssSnapshots … Continue reading An update on Windows EC2 Instance Snapshotting with Powershell
This hasn't happened to me, but knowing that it could encourages me to take note of how to address the scenario if it occurs. I came across a great example here (great step-by-step instructions). To sum up: Shutdown your instance Create an AMI Launch an instance from an AMI where you can create/choose a private … Continue reading What To Do If You Lose Your EC2 Private Key
I came across and interesting approach recently for resetting a misplaced/undocumented Windows administrator passwords in a reddit post. This technique is only valid for instances with SSM installed. "SSM Agent is installed by default on Windows Server 2016 instances and instances created from Windows Server 2003-2012 R2 AMIs published in November 2016 or later." As … Continue reading Resetting the password on your Windows EC2 instance via SSM
In Part 1, we successfully initiated a snapshot with Powershell. Here we'll continue building out the script. Cleaning Up Old Snapshots Anyone who's ever worked with regularly scheduled snapshots knows you need regularly scheduled cleanup or your AWS invoices will slowly creep up over time. I'll be filtering by Description to determine which snapshots do … Continue reading Snapshotting Windows EC2 Instances with Powershell – Part 2
As you likely already know, there's isn't an option to schedule EC2 instance snapshots within the AWS console. A popular way to address this would be to use Boto3, AWS' SDK for Python. However, it is also possible to initiate EC2 snapshots with Powershell. Why would you want to do this with Powershell? Let's say … Continue reading Snapshotting Windows EC2 Instances with Powershell – Part 1
Part of a backup strategy in AWS could involve file-level backups. As S3 storage is cheaper than EBS volumes, it could make sense to store your files in S3. A possible way to go about this would be to use a utility like Duplicati to backup files to an S3 bucket. Another method is with … Continue reading Backing up files from a Windows Instance to S3.