Awesome Devops || CloudOpz
Alt Text
Alt Text

AWS Shield and Web Application Firewall (WAF) are both products which provide perimeter defence for AWS networks.

Shield provides DDOS protection and WAF is a Layer 7 Application Firewall.


We can use CDK to create AWS WAF with the expected rules and associate it to the ALB

What’s In This Document

🚀 Init WAF CDK Project

⚡ $ mkdir waf_alb
⚡ $ cd waf_alb
⚡ $ cdk init -l python

🚀 Write code stack

  • At RuleProperty, we set OverrideActionProperty to count so that if a rule matches a web request, it only counts the match.
  • To defines and enables Amazon CloudWatch…
Alt Text
Alt Text

- Dead-letter queue is used to send undeliverable messages to a dead-letter queue. Sometimes, for example, if there’s a bug in the worker code, you can configure SQS to send such problematic messages to a dead-letter queue (DLQ), where you can inspect them in isolation and work out what went wrong.

- Once we’ve found the problem in the worker, fixed the bug and deployed a new version, we want to send all the messages from the DLQ back to the original input queue, so they can be processed by the updated worker. There’s no way to do this in SQS directly, so we’ve written a script to do it for us.

- The automation script moves SQS messages between queues with proper way to avoid impact to other services which using the same queue. This post also provides CDK code to create SQS queues to test and the python script to generate a bunch of messages.

Alt Text
Alt Text

- There are many web apps provide the service of shortening your long url (free or charged). This ariticle introduces the way of using serverless with Cloud development toolkit (CDK)

- CDK helps to create this project by coding (python language), What’s its benefits?

+ Infra structure as code

+ Update lambda function code and just need to execute cdk deploy, all the code and modules will be up-to-date

+ Create and destroy the structure quickly, and we can manage the structure by separate stacks such dynamodb stack, IAM stack, lambda stack and API Gateway stack.

Alt Text
Alt Text

Use expect programming language to add you IAM access key by one enter

What’s In This Document

🚀 Write the code


set access_key [lindex $argv 0]
set screte_key [lindex $argv 1]

spawn aws configure

# Add access key
expect "]:"
send "$access_key\r"

# Add secrete key
expect "]:"
send "$screte_key\r"

# Default region
expect "]:"
send "\r"

# Default output format
expect "]:"
send "\r"


🚀 Run example

⚡ $ ./ a1234a b4567b
spawn aws configure
AWS Access Key ID [****************XXXX]: a1234a
AWS Secret Access Key [****************YYYY]: b4567b
Default region name [ap-northeast-2]:
Default output format [None]:

⚡ $ aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************234a shared-credentials-file
secret_key ****************567b shared-credentials-file
region ap-northeast-2 config-file ~/.aws/config

🌠 Blog · Web · Linkedin · Group · Page · Twitter 🌠

Alt Text
Alt Text

Any commits should be tagged align with build version especially master branch. How to configure Gitlab runner to do this?

What’s In This Document

🚀 What is the usecase

  • Developer tells gitlab runner to tag the commit and publish the tag .gitlab-ci.yml
stage: build
- echo "Build and tag the commit"
- tag=1.0-${CI_COMMIT_SHORT_SHA}
- git tag $tag
- git push origin $tag
- gitlab-runner
  • But…

Alt Text
Alt Text

- With RDS you don’t edit config files directly. Instead edit the parameters through the RDS console, or via the API.

- As of now, RDS does allow changing configurations. So you can

  • See the list of configurations that your RDS is using.
  • You can change these parameters. You can change those that are listed in the RDS reference page.

- This post give an example of change wal_level from replica to logical

What’s In This Document

🚀 General RDS configruation

Alt Text
Alt Text

Quick start aws-chalice

A very simple example of creating lambda function with cloudwatch event using aws-chalice. It provides an optional of how to create lambda function beyond aws-cdk (eg. python lamdbda cron)

What’s In This Document

🚀 Create new chalice project

⚡ $ chalice new-project lambda-cron
⚡ $ cd lambda-cron/

🚀 Create the functions in


from datetime import datetime
from chalice import Chalice

app = Chalice(app_name='lambda-cron')
app.debug = True

#@app.schedule('cron(0 18 …

Alt Text
Alt Text

To install SSM Agent on Ubuntu Server 20.10 STR & 20.04, 18.04, and 16.04 LTS 64-bit instances (with Snap package)

~ $:/home/ubuntu# sudo snap install amazon-ssm-agent --classic

🚀 Check SSM Agent log

~ $:/home/ubuntu# systemctl restart
~ $:/home/ubuntu# tail -f /var/log/amazon/ssm/amazon-ssm-agent.log
status code: 400, request id: ea74ed4f-70d4-4610-8221-ce7868c3c9fb
2021-01-08 08:40:20…

Vu Dao

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store