On AWS, cloud security often starts with preventive and detective guardrails. We will be discussing cloud security using AWS Config here, otherwise known as detective guardrails. What is AWS Config? AWS Config is a service that records configuration changes to your AWS resources. This includes recording how resources are connected to one another, such as an EBS volume attached to an EC2 instance. Because changes are recorded, you can see… Read More »Cloud Governance and Cloud Security using AWS Config
Michael is veteran software engineer and cloud computing aficionado. After starting his career as a Java software engineer, he evolved into a consultant, focusing first on enterprise content management and later on AWS. He is currently an AWS Cloud Practitioner and AWS Solutions Architect Associate, although he has held many more certifications in the past.
One tool for securing AWS is preventative guardrails. Preventive guardrails in AWS are accomplished using AWS Service Control Policies (SCPs). There are limitations of preventive guardrails that limit you from implementing certain rules. We will explore some of those here and describe why they cannot be accomplished. Types of Rules that are not Possible to Enforce This list is not inclusive, but here are some examples of different types of… Read More »Limitations of Preventive Guardrails in AWS
Cloud Enablement is the process of building a highly effective cloud environment. That still sounds non-specific, so what it really consists of is cloud migration strategy and readiness, cloud migration, cloud governance, and DevOps. You may think this comes out of the box for a cloud environment. It does, sort of, if you know how to put all the pieces together. Cloud Readiness The AWS Cloud Adoption Framework (CAF) is… Read More »What is Cloud Enablement?
Recently I was working with a higher education client who needed to reduce their Zoom Cloud storage. There are many ways to deal with this, including Zoom integrations with Kaltura or Panopto. The client wanted to take a different approach and simply transfer the meetings to Google Drive, so we developed a Zoom cloud recording download script. Earlier this year, we developed a Python script to keep Zoom users in… Read More »Zoom Cloud Recording Download Script
As a cloud consulting company, we have worked with small and large organizations on a variety of projects. Some organizations have a do-it-yourself philosophy. They believe that they have technical resources and can learn skill sets they do not already have. If your organization falls into this category, I am here to tell you why you should work with an AWS partner on your project. Total Cost of Ownership It… Read More »Why You Should Work with an AWS Partner
Box Eliminates Unlimited Storage for Education In late 2019, Box announced changes to their pricing model for all educational institutions. Box eliminated the unlimited file storage agreement at the current annual spend. (See: https://it.wisc.edu/news/new-storage-quotas-for-box-after-unexpected-contract-changes/, https://bconnected.berkeley.edu/projects/box-service-changes) We will look at one solution to this problem using Box to AWS S3. Many universities stored petabytes of data in Box based on their previous contracts for unlimited storage. The contract changes are leaving… Read More »Box to AWS S3
Machine image management is an old topic, but I think one worth revisiting. When automating server provisioning, how much do you put into the machine image and how much do you do at instance start time? Background Information First a bit of background. When provisioning servers in the cloud, you start from a machine image. In AWS terminology, this is called an Amazon Machine Image or AMI. Community AMIs are… Read More »Machine Image Management: A Brief Analysis
This is meant to be a simple introduction to the CRISP-DM framework, which is just one of many artificial intelligence and machine learning lifecycles. There are numerous sources for deeper understanding. The CRISP-DM framework, the CRoss-Industry Standard Process for Data Mining, was created in 1996. The process consists of six major phases: Business Understanding Data Understanding Data Preparation Modeling Evaluation Deployment The sequence between the phases is not strict. The… Read More »CRISP-DM, one AI/ML Lifecycle: An Introduction
It may be obvious to some, but automation is a key concept when moving to the cloud from a data center or on-premises model. Imagine if you will that it is 1999. Data centers were the only real option for hosting large scale business applications. Often, system administrators would build and configure each server individually and manually. This was a time consuming and error prone process. The result was often… Read More »DevOps Automation, Why is it Important?
For two and a half years I was the technical lead responsible for the operational management of a global platform running a vendor provided software product for a Fortune 100 insurance company. That’s a mouthful. In simpler terms, we did DevOps for a vendor provided enterprise content management system. The team consisted of between 8-10 people, including 3-5 in Northern Ireland. This included a scrum master and product owner, so… Read More »DevOps Lessons Learned from Leading a Global Application Platform Team