Delegating Admin Credentials using IAM Roles and Cloudwatch Alerts

Posted on Sat 12 December 2015 in aws • Tagged with aws, cloudwatch, alerts, monitoringLeave a comment

It's hard to strike the right balance with admin rights--either the rights are too strict and people can't get work done or they're too lenient and you have security issues.

As a compromise, AWS provides the AssumeRole feature which lets admins temporarily escalate their role to perform a task.

It's important when setting this up that you alert the team when it's used. Here we'll talk about how to set up the roles, give teams access to the roles and create an alert system when the roles are assumed.

Create The Temporary Admin Role

Use the IAM console to create …

Continue reading

On Software Scaffolding

Posted on Thu 09 July 2015 in aws • Tagged with monitoring, softwareLeave a comment

waterloo_bridge_1815 A new lightrail line is being built in my city with bridges passing over the major boulevards.  Seeing the elaborate scaffolding evoked comparisons to software engineering.  What does scaffolding look like in software? Does software need to be erected like a bridge via scaffolding?  Without a doubt: yes.

Here are some elements of software “scaffolding”:

  • Error log instrumentation with a formal error log schema (i.e. errors are uniquely identifiable in a MECE schema)
  • Operational instrumentation with reports , dashboards and alerts
  • Performance profiling on methods, database calls, rest calls, system calls and any blocking IO.
  • Client-side performance instrumentation and sampling …
Continue reading