How to Stop/Terminate an Immortal AWS Elastic Beanstalk Instance?

After done with an AWS Elastic Beanstalk instance, tried to stop and then terminate it to regain some spaces back. To my surprise, no matter how I tried, AWS always automatically relaunched new instance.

It baffles me for a few days, and did some research. Some articles pointed to auto-scale configuration, and I then tried the suggested approach, and failed.

Armed with the hint of auto-scale configuration, I browsed around, and find these two sections, Auto-Scaling Group and Launch Configuration. Deleted related settings in these two sections, and my AWS Elastic Beanstalk instance terminated.

References:

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/stop.html

https://serverfault.com/questions/806174/how-to-stop-elastic-beanstalk-without-terminating

https://forums.aws.amazon.com/thread.jspa?threadID=59027

 

 

 

Advertisements

AWS – User, Group, Role, and Policy

It’s very important to understand these concepts.

User: the person who interacts with AWS. The user has password and access keys, etc.

Group: a collection of users. For example, groups such as HR, IT, etc

Role: an entity that defines a set of permissions for making AWS service requests [2]. It’s more like a functional category of permission sets, and these permissions are for accessing AWS resources. Role doesn’t have password and access keys.

Policy: a document about permissions. It can attach to user, group, and role.

 

References

1. https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html

2. https://aws.amazon.com/iam/faqs/

3. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

 

 

AWS – IAM Policies and Speculation on Implementations

Tags

AWS IAM policy document is written in JSON format. So it’s very easy to read and understand. I list a few samples below. From these policy documents, what do you think? I have a few speculations in terms of implementations.

  1. There is a parsing going on
  2. There is a permission tree after parsing
  3. There is a complex strategy for checking and granting these permissions.

Here is the question. How do we implement this complex strategy for checking and granting permissions? We should not use brute-force. We know there is a tree with some attributes attached to it. So we should try to look into best practices and design patterns. What do you think?

 

Sample AWS IAM Policy Documents

AdministratorAccess

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

 

AmazonS3FullAccess

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

 

AmazonS3ReadOnlyAccess

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Resource": "*"
    }
  ]
}

 

Twelve-Factor App

Twelve-factor app is a design guideline for Software as a Service (SaaS). For more details about what it’s and for, please refer to ‘References’ section.

I came up with these to help me to remember quickly.

CDC  (Codebase, Dependencies, Config) – Central Disease Control

BBPP (Backing Services, Build/Release/Run, Processes, Port Binding) – British Petroleum x 2

CDP (Concurrency, Disposability, Dev/Prod Parity) – Career Development Path

LAp (Logs, Admin Processes)

 

1 A (Admin Processes)

2 B (Backing Services, Build/Release/Run)

3 C (Codebase, Config, Concurrency)

2 D (Dependencies, Disposability)

1 L (Logs)

3 P (Processes, Port Binding, Parity)

 

 

References:

https://12factor.net/

https://en.wikipedia.org/wiki/Twelve-Factor_App_methodology

Professional Scrum Master I (PSM I)

Scrumorg-PSMI_certification-112Went through 2-day on-site scrum training, the training came with a free attempt to Professional Scrum Master I certification exam. I thought why not take this opportunity to prove my knowledge of scrum after many years of using scrum at my daily job.

In fact, I did, and passed one week ago, and become a PSM I.

References:

https://www.scrum.org/professional-scrum-master-i-certification

 

Chaos Monkey and Beyond

Chaos Monkey is a tool invented in 2011 by Netflix to test the resilience of its IT infrastructure. It works by intentionally disabling computers in Netflix’s production network to test how remaining systems respond to the outage [1].

Its purpose is to ensure a server failure did not noticeably impact end-users and that built-in resilience in high available systems was an obligation rather than an option.

After read the sentence, I vaguely remembered something important and similar, and it took me awhile to recall. It’s TCP/IP, which is the backbone of everything now. This protocol is so mature that it will guarantee your packages will be delivered to the destinations without noticeably impacting end users even if we throw a few Chaos monkey down the path and some servers are down.

It’s interesting to see that this concept of Chaos Monkey exists long time ago, and was given a formal name Chaos Monkey by Netflix around 2011. It’s also interesting to see the power of communication of meaning through a term, Chaos Monkey. Chaos Monkey is not only nouns but also give us a visual imagination. Nice chosen term!

References:

  1. Chaos Monkey

How Do We Get The Best From Cloud?

In my previous post, I talked about IaaS, PaaS, and SaaS.

However, I did not answer this question, how do we get the best from cloud?

As an individual, I think we get the best already. We use those free cloud services such as Gmail, Sky Drive, etc.

As a corporate, I think IaaS is not an optimized situation.

The real benefit comes from if a corporate can use PaaS or SaaS.

In the case of PaaS, we deploy our customize core business applications. The dynamic horizontal or vertical scaling is done through configurations. We only pay for what we use, and that is the real savings.

In the case of SaaS, we can use, for example, HR or accounting offering through SaaS. This will dramatically reduce the cost.

DevOps Tip – Limiting WIP

There is a concept in DevOps – Limiting the number of Work-in-Progress tasks. This concept is extremely simple. A scientific study shows that we can only work on three to seven tasks at the same period of time.

This concept applies to application development as well. For example, we can take on three to seven tasks per sprint.

For another example, we can see how long an average task might really take if we can size the scope of a task correctly.

Another interesting use case is that if a complex task takes too much time to finish, we can limit the number of WIP task to one, and have nothing else to do except to focus on the only task on hand and find out what the real reasons are that prevent us to finish this only task.

Execute Powershell on Remote Machine

Tags

Sometimes, we need to execute Powershell on remote machine.

First, we need to test whether the remote machine is ready.

Test-WsMan COMPUTER

Then we issue the command.

Invoke-Command -ComputerName COMPUTER -ScriptBlock { COMMAND } -credential USERNAME

For how to set up WinRM / remote Powershell Service and other details, please refer to references.

 

References:

https://docs.microsoft.com/en-us/vsts/pipelines/apps/cd/deploy-webdeploy-iis-winrm?view=vsts

https://stackoverflow.com/questions/37427715/unable-to-run-powershell-script-remotely-leading-to-test-agent-deployment-failur

https://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/

http://blogs.recneps.net/post/TFS-Release-Manager-Remote-PowerShell-errorcode-0x80090322