AWS Certified Solution Architect Professional
Finally, I completed one of the most difficult exam in AWS – Solution Architect Professional, I should be consider myself lucky as I passed the exam on my first attend. One of the biggest bonus that I get from this exam is that my AWS Solution Architect Associate level qualification being extend 3 more years.…
Provisioning ACM Certificates on AWS with Terraform
AWS Certificate Manager (ACM) is a service from AWS which provide the free on-demand TLS certificate. It’s similar to the Let’s Encrypt which provide the free cert for you, but the difference is that Amazon controls the Certificate Authority (Amazon Trust Services, LLC) behind the certificates, as well as the accompanying API to manage them.…
Accessing S3 using VPC endpoints
VPC endpoint enables creation of private connection between VPC to the supported AWS services. As an example use case, we want to accessing S3 bucket from the EC2, we may need to access it over the public Internet. By travel out from our VPC to the public internet and than come back to AWS S3…
Accessing private EC2 using the bastion host/jump host
This post is continuous post from the previous post – Deploying EC2 with Private and Public Subnet Using Terraform in AWS. Bastion hosts are instances that sit within your public subnet and are typically accessed using the SSH or RDP. The primary role for the bastion host is that it’s act as the “jump” server…
Deploying EC2 with Private and Public Subnet Using Terraform in AWS
Terraform always the simple and easy way for us to deploying our infrastructure over the cloud, in this post, I will deploying 2 EC2 in the public and private subnet and try to access into the private EC2 using the public bastion host. A bastion host is a special-purpose computer on a network specifically designed and configured…
AWS Cross-Account Assume Role
Recently I need to manage more than 1 AWS account which it’s not under the Organization unit. In order to browse around the 2 account I may need to have 2 set of credential and keep login and logout (unless i open 2 difference browser or using incognito mode.) Found the the cross account assume…
Passing client User-Agent from CloudFront to origin
These few days I try to setup the CloudFront for my website and everything working fine as per expected except the real user agent is not passing from the CloudFront to my origin server, instead it’s replace the user-agent to “Amazon CloudFront” when I check from my Nginx Log. After some Googling, and find out…
Updating AWS CloudFront IP to Nginx
CloudFront become a very common CDN/Reverse proxy nowadays because of their high availability and easy to use. So if you place a CloudFront as a proxy server in front of your Nginx web server, than the Nginx web server not able to get the real customer IP address. Same thing will happen if you using…
Hosting private static content in S3 using AWS Cloudfront
AWS S3 is always a best place to keep your static content for your website due to the nature of high durability and also high availability. And it’s always highly recommend to set your S3 bucket as private, but how to host a web static file without a public access? This is where the AWS…
Auto update CloudFront IP into security group using Lambda
AWS CloudFront (CDN) provide a better performance and low latency to the website visitor by caching the content at the EDGE location which closer to the visitor location. CloudFront not only provide the performance improvement to the end visitor, it’s also provide the lower cost of content delivery from your origin to the end visitor…