by Valts Ausmanis · October 5, 2024
Unless you are fully committed to using serverless approach to run your applications and workloads, you are most likely using AWS VPC to define your own virtual network for launching AWS resources (such as EC2 instances, load balancers, RDS databases, NAT gateways, etc.). Securing your AWS VPC and its resources is crucial for protecting your cloud infrastructure and data. I have compiled 19 best practices to help you secure your VPC environment effectively. From choosing the right VPC type to monitoring network traffic, these tips will provide a solid foundation for maintaining a robust and secure cloud environment. Let's get started!
by Valts Ausmanis · September 26, 2024
Both the AWS Internet Gateway and NAT Gateway are essential networking resources that ensure your VPC resources, like EC2 instances, can communicate with the public internet. The main difference between the two is that the Internet Gateway enables both inbound and outbound communication with the internet, whereas the NAT Gateway only plays a role in outbound communication. Let’s now take a closer look at the differences between these two and when to use each of these resources.
by Valts Ausmanis · September 16, 2024
Regardless of whether you are planning to build a traditional server-based application or a container-based one, there is a strong chance you will need a proper load balancer to distribute incoming traffic across multiple targets, such as EC2 instances or specific IP addresses. Both the AWS Application Load Balancer and Network Load Balancer can handle large amounts of incoming traffic, scale accordingly, and provide high availability for your application. However, there are several important differences between these two that I will discuss in detail in this article, which will help you choose the right one for your use case.
by Valts Ausmanis · September 4, 2024
AWS VPC endpoints enable you to connect privately to AWS managed services and VPC endpoint services. There are two types of VPC endpoints: Interface Endpoints and Gateway Endpoints. Both allow you to use private IP addresses to connect with the service's resources, ensuring that traffic between the Amazon VPC and the service doesn’t leave the AWS network. To understand when to use an interface endpoint versus a gateway endpoint, let’s take a closer look at the differences between the two.
by Valts Ausmanis · August 22, 2024
Connecting two or more VPCs to route traffic privately between them is widely used in different architectures and solutions, such as multi-tier applications, hybrid cloud configurations, cross-account connectivity, and data replication. While both VPC Peering and Transit Gateway allow you to connect multiple VPCs, there are significant differences between them in terms of simplicity, flexibility, usage limitations, and associated costs. By understanding these differences, which we will describe in this article, you will be better equipped to choose between VPC Peering and Transit Gateway.
by Valts Ausmanis · August 14, 2024
AWS network security is one of the foundations that should be taken seriously, especially when you deploy your AWS resources in Amazon Virtual Private Cloud (VPC). There are two main building blocks that allow you to control access to AWS resources within the VPC - security groups and network access control lists (NACLs). While both play a fundamental role in controlling inbound and outbound traffic to your AWS resources, there are important differences between them. In this article, we will take a closer look at the differences between security groups and network ACLs.
by Valts Ausmanis · July 18, 2024
AWS Lambda accelerates new application development by allowing product teams to focus on actual business values rather than spending a time maintaining and operating underlying infrastructure. While AWS manages all the foundation services and underlying infrastructure, you are still responsible for the code you write to operate your product’s business logic and configuration of Lambda functions. I have created a useful list of best security practices with practical examples to help you to improve the security of your AWS Lambda functions.
by Valts Ausmanis · July 12, 2024
Logging user activity and API usage on AWS is a must for any organization. This practice helps meet compliance standards, respond quickly to issues, and keep your AWS accounts secure. Every AWS account has CloudTrail enabled by default, providing management event history for the past 90 days. To maximize the benefits of CloudTrail and enhance your security, it's important to follow some best practices, which we will describe in this article.
by Valts Ausmanis · July 5, 2024
Every application that we deploy to AWS is built using multiple AWS services like API Gateway, Lambda, S3, EC2, EKS, VPC, etc. All of these deployed services consist of multiple AWS resources. To ensure that your AWS account is secure and follows to certain security checks, it’s important to track changes of these resources and continuously assess if the resource configuration complies with your ideal security rules. Luckily, we have AWS Config to record changes and assess your AWS resource configurations. In this article, we will look at how to start using AWS Config and set up 15 AWS Config rules that should be considered for any AWS account.
by Valts Ausmanis · June 26, 2024
Nowadays, with many AI productivity tools available like GitHub Copilot, AWS CodeWhisperer, and ChatGPT, you can get things done much faster compared to the old days when you had to spend a lot of time googling and searching the web for the right answers and solutions. This definitely helps speed up the development and deployment of new products and features. However, this also introduces new challenges. We tend to not think too much about the underlying details and security-related configurations of our AWS accounts and services. We somehow trust that the default security settings will work for our use case. You would be surprised how many times, when I have done security checks requested by our customers, I have found out that their AWS accounts and services don’t have proper foundational AWS security controls applied. That’s why I suggest anyone who works with AWS cloud to spend a couple of minutes reading this list of ways to improve the security of your AWS accounts.
by Valts Ausmanis · March 5, 2024
I have worked for more than a decade now as cloud consultant and one thing I know for sure - efficiency in our work is the key. To be more specific - we as cloud consultants have to be top of our game in order to show to our customers that their money on hiring us is valuable investment for their business. Customers want to see real outcome like money (saved) and success when they consume our services. That’s why using tools that facilitate this are super important in our daily work. As our entire job is tightly coupled with customer cloud infrastructures, being able to quickly visualize existing cloud infrastructure is a must-have. Luckily, we have tools that can do this time-consuming work automatically for us!
by Valts Ausmanis · January 30, 2024
Documenting your cloud infrastructure is as important as actually building it. Because after you have built your cloud infrastructure and services the real work begins. To maintain that everything works properly you have to understand your cloud architecture. To quickly respond to a security event, you have to have latest architecture diagrams and documentation in place. When things go south you don’t have a time to browse through the AWS console to put all the “pieces together” to see the full picture. That’s why properly documenting your AWS infrastructure should be mandatory task for every product team out there.
by Valts Ausmanis · January 23, 2024
AWS released AWS serverless application model (AWS SAM) in 2016 to improve the way we build and run serverless applications in AWS cloud. Back then it wasn’t the first choice when compared with Serverless Framework. But what about nowadays? AWS SAM has solid CLI with local development functionality, and community support has grown. In this article we will build a serverless application by using AWS SAM and let’s see how this tool now compares with Serverless Framework – most popular tool for building serverless applications for AWS cloud.
by Valts Ausmanis · January 16, 2024
Nowadays when we talk about building and deploying cloud applications - Infrastructure as code (IaC) term is no stranger to us. Most of the cloud applications are being managed and deployed through the “code” instead of manual changes. In this article we will take a look on two widely used IaC tools: Serverless Framework and Cloud Development Kit (CDK). Both tools are open-source and built with focus to deploy applications on AWS cloud. Based on the Datadog “State of serverless” report – Serverless Framework is the most popular IaC tool used for managing AWS Lambda functions among Datadog customers. But let’s take a step back because most popular doesn’t always mean the best fit for everything and take a look on what it takes to build and deploy serverless application using both of these tools.
by Valts Ausmanis · October 24, 2023
In today's fast-paced DevOps environment, automating crucial tasks is the key to efficiency. When it comes to AWS infrastructure documentation, keeping diagrams up-to-date can be a challenging manual process. Enter Cloudviz.io API – that simplifies AWS diagram generation. This article will walk you through three CI/CD use-cases, enabling you to effortlessly update Confluence diagrams, visually compare diagrams before and after deployment by sending to Slack channels, and track AWS configuration alterations with ease.
by Valts Ausmanis · September 25, 2023
Whether you're a managed cloud services provider, a consulting agency, or an in-house development team, having clear visibility and updated documentation of cloud environments is essential. Many professionals are already using Cloudviz for easy new client or employee onboarding to quickly get the full picture of existing cloud environments. They've integrated Cloudviz API into their CI/CD pipelines, created custom dashboards, and maintained updated documentation in Confluence or Wikis. In this article, we'll explore the integration of Cloudviz API into Confluence and how it helps to keep up-to-date documentation in Confluence, contributing to enhanced cloud visibility and transparency.
by Valts Ausmanis · July 5, 2023
The ability to visualize and understand the architecture of your AWS cloud environment is crucial for effective management and decision-making. With Cloudviz.io as an advanced AWS diagram generator, this process has been streamlined and simplified. In this article, we will explore how Cloudviz.io enables AWS developers and architects to effortlessly generate insightful diagrams, providing a comprehensive overview of their cloud infrastructure. By syncing essential metadata, customizing diagram generation, and offering intuitive editing capabilities, Cloudviz.io empowers users to visualize and comprehend their AWS environment with ease
by Valts Ausmanis · June 29, 2023
Having a thorough understanding and effective communication of a cloud architecture is crucial for designing, deploying, and managing cloud infrastructure. AWS architecture diagrams serve as indispensable visual blueprints that capture the essence of an AWS architecture. In this article, we will look into the fundamental concepts of AWS architecture diagrams, including the use of AWS icon sets, adherence to AWS team guidelines, the key elements to be visualized, and the principles that define a good AWS architecture diagram. Building upon our previous article on AWS architecture diagram tools, we will explore the principles that underpin the creation of effective AWS architecture diagrams
by Valts Ausmanis · June 14, 2023
Drawing accurate and visually appealing AWS architecture diagrams is an essential task for cloud architects and developers. These diagrams serve as blueprints, aiding in planning, communication, and troubleshooting within AWS infrastructures. To simplify and enhance this crucial process, a powerful AWS diagram tool is vital. Enter Cloudviz.io, the ultimate solution for effortlessly creating detailed and professional AWS architecture diagrams. In this article, we will delve into the reasons why Cloudviz.io stands out as the go-to tool for cloud architects, developers, enabling them to generate and create comprehensive AWS diagrams with ease and precision. Improve your AWS diagramming experience and unlock the full potential of your cloud architecture
by Valts Ausmanis · June 27, 2023
In the complex world of AWS infrastructure, an effective network diagram is a crucial tool for understanding and optimizing your network architecture. A well-crafted AWS network diagram provides a comprehensive visual representation of the relationships, components, and connectivity within your AWS network environment. In this article, we will explore the key elements that define a good AWS network diagram and delve into the significance of visualizing your network infrastructure
by Valts Ausmanis · June 26, 2023
Serverless architecture has revolutionized the way we build and deploy applications in the cloud. It enables developers to focus solely on writing code without the need to manage servers or infrastructure. AWS provides a robust serverless platform with services like AWS Lambda, Amazon API Gateway, Amazon SQS and Amazon DynamoDB. One essential aspect of serverless architecture is creation of architecture diagrams, which help visualize and understand the components and interactions of a system
by Valts Ausmanis · April 11, 2022
Amazon Simple Storage Service (S3) is an object-based storage solution that allows you to store and retrieve any amount of data from anywhere. Combined together with Amazon S3 Event Notifications enables users to act on different S3 events (like object creation, removal, replication) by publishing event to Lamda function, SNS topic, SQS queue or Amazon EventBridge
by Valts Ausmanis · December 26, 2019
Cloud Native and Hybrid Cloud adoption in enterprises is strategic step in order to stay competitive by focusing more on developing new functionality and improving existing one instead of spending resources on maintenance and operational tasks. As enterprises more and more migrate and build new services in public clouds it's important to have always up-to-date visibility of your cloud environment and services that are running there. That's why we have developed automated documentation generation. This will generate documentation which will help you to get overall visibility of your AWS cloud environment containing not only architecture diagrams but detailed information of your services and their relations
by Valts Ausmanis · August 25, 2019
Now you can schedule autogeneration of your diagrams for your AWS environments by creating automation profiles. Our app will do all the hard work so you don't have to spend time on refreshing and maintaining actual diagram of your AWS infrastructure
by Valts Ausmanis · July 25, 2019
Our App can auto generate useful AWS architecture diagrams. That's a fact. We have taken few steps further to let our users not only to generate and edit diagrams but to use our tool to kick-start creation of new AWS diagrams using our AWS diagram templates library
by Valts Ausmanis · June 29, 2019
Here at Cloudviz.io we know that there can be different visualization requirements for different cloud architectures. Regardless of how clever are designed and developed diagram generation algorithms there will always be the need to update your diagram based on your or your companies visual requirements. That's why we have developed our app in the way that you can set your own diagram generation settings or choose one of our default diagram generation profiles and fine-tune these to cover your requirements
by Valts Ausmanis · June 29, 2019
If you use public cloud infrastructure it's really important to be able to get quick glimpse of your currently used cloud services in order to ensure that everything at least from infrastructure point of view is setup and running as expected. Here our app can be pretty handy - not only to generate live AWS architecture diagrams but to help you quickly search and filter out different elements in your diagrams
by Valts Ausmanis · June 29, 2019
We are team of experienced certified AWS cloud architects, developers and enthusiasts. With one main goal in mind - to give our users an easy way to generate beautiful cloud architecture diagrams. We are so happy to finally introduce you with our cloud architecture visualization too