Accend Networks San Francisco Bay Area Full Service IT Consulting Company

Categories
Blogs

Expand Your EC2 Storage

Effortlessly Expand Your EC2 Storage: Increasing EBS Volume Size

Amazon Elastic Block Store (EBS) volumes, give you a way to store data for your Amazon EC2 instances that lasts even if the cases themselves are turned off. As your applications grow and you need more space, you don’t need to worry. Amazon Web Services has made it easy to increase the size of your EBS volume without any downtime or losing your data. In this guide, we will take you through the steps to seamlessly expand your EC2 storage.

There are a few reasons why you might want to increase the size of your EBS Volume

Growing Data Requirements: As your application starts to store more and more data, the initial storage capacity might not be enough anymore.

 

Performance Boost: Increasing the volume size can improve the performance of certain workloads, especially when it comes to input/output operations.

 

Cost Efficiency: Sometimes, it’s more cost-effective to expand an existing volume rather than adding more volumes and dealing with the hassle of managing them separately.

 

Increasing disk size may seem complex. Do we need downtime? Should we stop the server? Do we need to detach the volume? These questions may cross your mind.

 

However, the reality is that we can increase disk size without detaching the volume or restarting the server. Moreover, this process doesn’t require any downtime.

 

We will follow the following outlined steps to achieve our objective. Ensure you have an active running EC2 instance in your AWS account or you can spin up one to follow along with this demo.

Step 1: Check the current disk status

Log into the EC2 console, select your running instance then move to the storage tab, you will be able to see your volume characterized by volume ID, device name, volume size, and the attachment status.

Here I have my application server instance running with 8GB of EBS volume attached.

Check the disk status by using the below command.

df -hT

The current disk size is 8GB and 20% is used. Now, let’s proceed with the next step.

Step 2: Create Snapshot

Creating a snapshot is essential to keep a backup of our existing volume in case anything unusual happens during this activity.

Click on the EBS volume ID attached to your EC2 instance, then select your EBS volume and click on actions > Create snapshot.

In the Create Snapshot UI, give a relevant description and tag to your snapshot then click Create Snapshot.

Go to snapshots and wait till your snapshot status shows Completed.

Step 3: Increase the EBS volume

Make sure your snapshot is created successfully before proceeding with this step.

Go to the volumes section, select the volume attached to the EC2, and click on modify volume.

In the create volume UI, select volume type, and choose size as your desired business need, then click modify Increase the volume size as per your requirement and click on modify. Here I have changed the volume size from 8 to 15 GB.

You can now see that the disk volume attached to the server is updated to 15GB.

 

Step 4: Resize the File System

Now we need to extend our OS file system to see our increased volume.

SSH into the EC2 instance

Run the below command to check the volume size.

df -hT

We can see that the disk size is still 8GB.

Run the below command to see information about the block devices attached to our EC2 instance.

lsblk

Here xvda1 is our current volume that is attached and xvda is the increased volume.

Extend the partition xvda by 1

sudo growpart /dev/xvda 1

Extend the volume

sudo xfs_growfs -d /dev/xvda1

Check the volume size

df -hT

We can see that our volume size has now increased to 15GB

Conclusion

AWS provides a straightforward method to increase the volume size of EBS. We need to extend the OS file system to see the changes. increasing the size of your EBS volume is pretty simple and can be a game-changer for your growing apps.

 

This brings us to the end of this blog. Clean up.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!

Categories
Blogs

AWS X-Ray

Unlocking Application Insights and Debugging with AWS X-Ray

AWS X-Ray stands as a pivotal service within the AWS ecosystem offering developers deep insights into their application’s performance and operational issues. Moreover, it enables a comprehensive analysis of both distributed applications and microservices facilitating a seamless debugging process across various AWS services.

What is AWS X-Ray?

AWS X-Ray is a tool designed to aid developers in understanding how their applications operate within the AWS environment. It provides a detailed view of requests as they travel through your application, allowing for the identification of performance bottlenecks and pinpointing the root cause of issues.

With the aid of a service map, AWS X-Ray visually depicts the interactions between services within an application, providing invaluable insights into the application’s architecture and behaviour.

How Does AWS X-Ray Work?

The functionality of AWS X-Ray can be broken down into a simple workflow that ensures detailed trace data collection and analysis. It starts with collecting traces from each component of your application, it then collects this data into what AWS refers to as traces. These traces then form a service map, offering a visual representation of the application’s architecture. This service map is crucial for analyzing application issues, as it provides detailed latency data, HTTP status, and other metadata for each service.

The Features and Benefits of AWS X-Ray

Simplified Setup

Getting started with AWS X-Ray is remarkably straightforward. Whether your application is running on EC2, ECS, Lambda, or Elastic Beanstalk. Integrating with X-Ray involves minimal configuration. This ease of setup ensures that developers can quickly start gaining insights into their applications without a steep learning curve.

End-to-End Tracing

One of the standout features of AWS X-Ray is its ability to offer an end-to-end view of requests made to your application. This application-driven view is instrumental in aggregating data from various services into a cohesive trace, thereby simplifying the debugging process.

Service Map Generation

At the heart of AWS X-Ray’s functionality is its service map feature. This automatically generated map provides a visual overview of your application’s architecture, highlighting the connections and interactions between different services and resources. It serves as a critical tool for identifying errors and performance issues within your application.

Practical Application and Analysis

Analysing Application Performance

AWS X-Ray shines when it comes to analyzing and improving your application’s performance. The service map and traces allow developers to drill down into specific services and paths, identifying where delays occur and optimizing them for better performance.

AWS X-Ray Core Concepts

Traces and Segments

At the core of AWS X-Ray’s functionality are traces and segments. A trace represents a single request made to your application, capturing all the actions and services that process the request. Segments, on the other hand, are pieces of the trace, representing individual operations or tasks performed by services within your application. For example, if a user uploads an image, the processing of that image by your application could be one segment of the trace of the user’s request.

Service Maps

Service maps visually represent the components of your application and how they interact with each other. By analyzing a service map, you can quickly identify which parts of your application are experiencing high latencies or errors. Think of it as a map of a city, where each service is a building, and the paths between them are the roads. The map shows you traffic flow and blockages, helping you navigate your application’s architecture more effectively.

AWS X-Ray Workflow

Data Collection

The first step in the AWS X-Ray workflow is data collection. As requests travel through your application, X-Ray collects data on these requests, creating traces. This data collection is automatic once you’ve integrated the X-Ray SDK with your application.

Data Processing

Once data is collected, AWS X-Ray processes it, organizing the information into a coherent structure that you can analyze. This processing stage is where traces are assembled, and service maps are generated, providing a comprehensive view of your application’s performance and interactions.

Data Analysis

The final stage is data analysis, where you, the developer, step in. Using the AWS X-Ray console, you can examine the traces and service maps, identify issues, and gain insights into how to improve your application. Whether it’s a slow database query or a faulty external API call, X-Ray helps you find and fix problems fast.

Integrating AWS X-Ray with Other AWS Services

AWS X-Ray seamlessly integrates with various AWS services, enhancing its tracing capabilities. When you use AWS Lambda, EC2, or Amazon ECS, integrating X-Ray allows you to trace requests as they move through these services, providing a unified view of your application’s performance across the AWS ecosystem.

AWS X-Ray is a valuable tool for developers and operations teams looking to improve the performance, reliability, and troubleshooting of their applications running on AWS. It’s particularly useful in microservices architectures where understanding dependencies and performance across services is crucial.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!

Categories
Blogs

Amazon S3

Enhancing Data Integrity in Amazon S3 with Additional Checksums

In the security world, cryptography uses something called “hashing” to confirm that a file is unchanged. Usually, when a file is hashed, the hash result is published. Next, when a user downloads the file and applies the same hash method, the hash results, or checksums (a string of output that is a set size) are compared. This means if indeed the checksum of the downloaded file and the original file are the same, the two files are identical, confirming that there have been no unexpected changes — for example, file corruption, man-in-the-middle (MITM) attacks, etc. Since hashing is a one-way process, the hashed result cannot be reversed to expose the original data. 

Verify the integrity of an object uploaded to Amazon S3

We can use Amazon S3 features to upload an object with the checksum flag “On” with the checksum algorithm that is used to validate the data during upload (or download) — in this example, as SHA-256. Optionally, you may also specify the checksum value of the object. When Amazon S3 receives an object, it calculates the checksum by leveraging the algorithm that you specified. Now, if the two checksum values do not match, Amazon S3 will generate an error.

Types of Additional Checksums

Various checksum algorithms can be used for verifying data integrity. Some common ones include:

MD5: A widely used algorithm, but less secure against collision attacks.

SHA-256: Provides a higher level of security and is more resistant to collisions.

CRC32: A cyclic redundancy check that is fast but not suitable for cryptographic purposes.

Implementing Additional Checksums

Sign in to the Amazon S3 console. From the AWS console services search bar, enter S3. Under the services search results section, select S3.

Choose Buckets from the Amazon S3 menu on the left and then choose the Create Bucket button.

Enter a descriptive globally unique name for your bucket. The default Block Public Access setting is appropriate, so leave this section as is.

You can leave the remaining options as defaults, navigate to the bottom of the page, and choose Create Bucket.

Our bucket has been successfully created.

Upload a file and specify the checksum algorithm

Navigate to the S3 console and select the Buckets menu option. From the list of available buckets, select the bucket name of the bucket you just created.

Next, select the Objects tab. Then, from within the Objects section, choose the Upload button.

Choose the Add Files button and then select the file you would like to upload from your file browser.

Navigate down the page to find the Properties section. Then, select Properties and expand the section.

Under Additional checksums select the on option and choose SHA-256.

If your object is less than 16 MB and you have already calculated the SHA-256 checksum (base64 encoded), you can provide it in the Precalculated value input box. To use this functionality for objects larger than 16 MB, you can use the CLI or SDK. When Amazon S3 receives the object, it calculates the checksum by using the algorithm specified. If the checksum values do not match, Amazon S3 generates an error and rejects the upload, but this is optional.

Navigate down the page and choose the Upload button.

After your upload completes, choose the Close button.

Checksum Verification

Select the uploaded file by selecting the filename. This will take you to the Properties page.

Locate the checksum value: Navigate down the properties page and you will find the Additional checksums section.

This section displays the base64 encoded checksum that Amazon S3 calculated and verified at the time of upload.

Compare

To compare the object in your local computer, open a terminal window and navigate to where your file is.

Use a utility like Shasum to calculate the file. The following command performs a sha256 calculation on the same file and converts the hex output to base64: shasum -a 256 image.jpg | cut -f1 -d\ | xxd -r -p | base64

When comparing this value, it should match the value in the Amazon S3 console.

Run this code by replacing it with your image.

Congratulations! You have learned how to upload a file to Amazon S3, calculate additional checksums, and compare the checksum on Amazon S3 and your local file to verify data integrity.

This brings us to the end of this blog, thanks for reading, and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!

Categories
Blogs

AWS Security Hub

Enhancing Cloud Security with AWS Security Hub

Introduction

In the error of cloud computing, security remains supreme for organizations around the world. With the increasing of sophisticated cyber threats, organizations must adopt robust security measures to safeguard their data and infrastructure. AWS security hub emerges as a comprehensive solution to address these challenges by providing a centralized platform for managing security across the AWS cloud.

What is AWS Security Hub?

AWS Security Hub provides you with a comprehensive view of your security state. It provides a centralized, aggregated, and prioritized overview of security findings and compliance status in a standard format for a single AWS account and multiple AWS accounts. It helps you analyze your security trends and identify the highest-priority security issues.

Key Features of AWS Security Hub

  • Centralized security monitoring
  • Continuous security assessment
  • Prioritized alerting
  • Custom insights and compliance checks: 
  • Integration with third-party security tools
  • Automation
  • Security scores and summary dashboards

Benefits of AWS Security Hub

  • Simplified security operations: It provides a centralized view, simplifying security operations, and enabling faster response to threats.
  • Enhanced threat visibility: By integrating with various AWS security services and third-party tools, it provides a wide range of security insights, ensuring comprehensive visibility into potential threats and vulnerabilities.
  • Proactive risk mitigation: The continuous and automated compliance checks of AWS Security Hub allow organizations to proactively identify and remediate security gaps, reducing the risk of breaches, data leaks, and compliance violations.
  • Simplified compliance management: AWS Security Hub simplifies compliance management by aligning with industry-standard frameworks and providing pre-built compliance checks. It simplifies reporting, and audits, and ensures compliance with regulatory requirements.
  • Efficient collaboration: AWS Security Hub enables seamless collaboration between security teams by providing a centralized and shared view of security findings, allowing them to work together on analysis, remediation, and incident response.

Demo on how to enable AWS Security Hub?

Sign in to the management console and navigate to the security hub console. Then click on Go to security hub.

Before you can enable the security hub, you must first enable recording for the relevant resources in AWS Config.

Then Select the relevant Recording strategy and Recording frequency as per your requirements.

Configure Override settings to override the recording frequency for specific resource types or exclude specific resource types from recording and create a new IAM Role or select the existing IAM Role for AWS Config in Data governance.

Remember AWS Config needs an S3 bucket to store configuration history and configuration snapshots. Configure S3 bucket details, then click on Next.

AWS Config Managed Rules provide a set of predefined rules that you can use to evaluate the compliance of your AWS resources according to best practices and security standards. Select the AWS-managed rules as per your requirements and click on Next.

Review AWS Config details and click on Confirm to finish the AWS Config setup.

Select the Security standards as per your requirement from built-in security standards and click on Enable Security Hub to finish the setup.

Once setup is complete, you’ll be directed to the Security Hub dashboard. Here, you can access a unified view of security findings, compliance status, and actionable insights across your AWS accounts. Explore the dashboard in detail and familiarize yourself with the available features and navigation options.

Once you enable an AWS Security Hub, it will take some time to complete the initial analysis and to appear the results on the dashboard. This is because AWS Security Hub needs to scan your entire AWS environment to identify all the relevant resources to the standard.

After the initial analysis is done, AWS Security Hub will continue to scan your AWS environment regularly to identify any new resources or modifications to existing resources. The results will be posted on the dashboard in real time. You can then check the findings and prioritize the remediation of the threats/vulnerabilities detected.

Below are some sample reports from the AWS Security Hub dashboard.

Security score from AWS Security Hub summary.

Findings from all linked Regions are visible from the aggregation Region

Track New findings over time by severity and the provider, and see the top resources at risk across multiple resource types.

Security score for specific security standards

Conclusion

AWS Security Hub is an essential component in securing AWS cloud infrastructure by providing a comprehensive and centralized view of security posture. As the cloud landscape evolves, AWS Security Hub remains a pivotal tool for enhancing cloud security posture, enabling organizations to proactively identify and mitigate security risks.

This brings us to the end of this blog. Clean up.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!

Categories
Blogs

SSM Session Manager

Go Bastion-less: Unleashing the power of SSM Session Manager

SSM Session Manager

In the sphere of cloud infrastructure management, the move towards a Bastion-less environment has emerged as a transformative strategy. Central to this paradigm shift is the Systems Manager Session Manager, a tool that revolutionizes remote access, security, and operational efficiency.

Understanding Bastion-less Architecture

Traditionally, a Bastion Host stands as an intermediary gateway for accessing and managing resources within a private subnet in a VPC. While Bastion Host (jump server) provided a layer of security, it also introduced complexity, management overhead, and additional costs.

On the contrary, a Baston-less, architecture eliminates the need for a dedicated Bastion Host. Instead, access to instances in the private subnets is managed by secure tools like SSM Session Manager streamlining remote access workflows and bolstering security workflow.

In this blog article, we’ll showcase a streamlined approach to accessing your EC2 instance in a private subnet without the need for a key pair or Bastion Host, all thanks to AWS Systems Manager’s Session Manager. You’ll discover how to leverage a new browser-based interactive shell alongside the command-line interface (CLI) for efficient management of both Windows and Linux instances. With the Session Manager options offered by AWS System Manager, this can be achieved through a simplified configuration, making remote access and management a simple task.

Configuration with Bastion Host

Drawbacks of Bastion Host and Key-pair

Security: It requires SSH access firstly to reach itself and then to reach other instances. This is not secure as if someone has opened unauthorized access, it can lead to destruction depending on the level of access a user gains.

Access: To access the Bastion Host and other instances using the key-pair method, you require a sensitive file that should have limited access. However, securely storing and sharing this file, especially within a team, poses a security challenge.

Cost: It’s an additional machine that incurs extra costs.

Manageability: Securing key pairs and maintaining regular bastion patching requires additional management overhead.

Now all the above issues are mostly eliminated with the session manager approach and hence you get the following for a good reason:

Security: Session Manager communicates securely with instances through the SSM Agent using an encrypted tunnel that originates from the instance. eliminating the need for a bastion host. This means you don’t have to manually configure SSH keys or open inbound ports.

Controlled Access: You use IAM policies and users to control access to your instances and don’t need to distribute SSH keys.

Auditability: Command and response logs can be directed to Amazon CloudWatch and an S3 bucket. Additionally, you can configure SNS notifications to alert you when a new session begins.

Session Manager in Action

To allow Session Manager access to our instance will need to attach the following IAM role: AmazonSSMManagedInstanceCore. This policy grants instances the permissions needed for core Systems Manager functionality.

Session Manager in Action

For demo purpose, we will launch an EC2 instance without a key pair. For the security group, we will not open port 22 for SSH. Let’s proceed as follows.

Log in to the management console navigate to the EC2 console then click Launch Instance and under name give your Instance a name.

For application and OS images, select the QuickStart tab then select Amazon Linux2 AMI since it comes with the SSM agent already installed. Scroll down.

For instance, move within the free tier by selecting t2. Micro. For key-pair, select the drop-down button and select move without key pair. Remember we don’t need a key pair since we will be using a session manager.

Under Networking, select edit. Move with the default VPC then for Auto-assign-Public IP, select the drop-down button then select disable. We will not assign a public IP address to this Instance. Scroll down.

Under the firewall and security group, we will not open port 22. So, click create security group then uncheck port 22. Scroll down to Advanced settings then expand.

Under advanced settings, under the I AM instance profile, click Create New IAM profile.

You will be brought to the I AM console then click Create Role.

Select AWS service then EC2. Click next.

Select amazonssmManageginstancecore then click next.

Give your role a name, then review and click Create.

This role has been created, go back to the EC2 console and select it.

These are the only settings we need, scroll down and click Launch instance.

Once the instance has been launched, go to the Systems Manager console by typing SSM in the search box then select Systems Manager.

In the Systems Manager console on the left side of the panel select Session Manager then click Start Session.

Give your session a name, then under Target instances, your instance will appear. Select it then select next.

Leave all default settings and click start session.

There we go, we have logged into our instance.

Remember we didn’t open port 22 and did not allocate any key pair to our Instance.

This brings us to the end of this blog, thanks for reading, and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].

Thank you!