Andreas Wittig

Worldwide availability of EC2 instance types The promise sounds tempting; with AWS, you can roll out your infrastructure in 28 regions worldwide. Indeed, it is an eye-ope...

📣 I've updated my blog post Worldwide availability of EC2 instance types.

1️⃣ Only 8 instance families are available in all commercial regions: c6g, i3en, i4i, m6g, m6gd, r6g, t3, t4g.
2️⃣ In some regions, not all instance types of an instance family are supported.

cloudonaut.io/worldwide-av...

Have you ever tried to create clients/SDKs for Java, TypeScript, ...? I had issues with the generated code not working or not even compiling.

❓I am faced with the challenge of creating SDKs for TypeScript, JavaScript, Java, Python, Ruby and Go to simplify access to a simple REST API. I'm currently looking at smithy, which AWS uses or plans to use for its SDKs. Has anyone used smithy or a different approach before?

🤯 "The default version of a launch template cannot be specified in AWS CloudFormation. The default version can be set in the Amazon EC2 console or ..."

Why oh why? Because it would be too convenient to use the CloudFormation resource AWS::EC2::LaunchTemplate to do so?

#awswishlist #awscommunity

🙀 Oh, this is an unexpected limitation of GitHub Actions:

When pushing more than 3 tags at once, GitHub Actions does not trigger any workflows.

#github #githubaction

🆕 AWS announced just-in-time node access for AWS Systems Manager. The announcement caught my attention, as I've been looking for a way to restrict and audit access to EC2 instances in a fine granular manner.

But, AWS charges $10/month for every EC2 instances opted-in for the feature. 🤯

Andreas wearing a headset recording a podcast.

It's been a while. After a 6 months pause, we recorded another episode of the cloudonaut podcast.

Michael shares what he learned about Amazon Linux 2023 on t3.nano and other small instance types.

Andreas give insights into how to get ISO 27001 certified.

podcast.cloudonaut.io/93-getting-i...

🚨 We are observing 404 errors when downloading the certificate to verify the signature of SNS messages. Anyone with the same problem?

Andreas smiling and holding an ISO 27001 certification into the camera.

🎉 We made it! Our Information Security Management System is ISO 27001 certified. Michael and I learned a lot along the way -a detailed blog post will follow- and are happy to show our commitment to the security of our customer's systems and data.

2️⃣ Vulnerability management for source code and production systems

We learned a lot along the way. What are your experiences from 3rd party audits?

About 2 months ago, we started preparing for an ISO 27001 audit. During the preparation we identified two major areas where we needed to improve our procedures.

1️⃣ Access management and endpoint security which is especially challenging when working with freelancers

Me hiding under my desk.

We handed over our policies, procedures, and evidence to an auditor for an ISO 27001 certification. And now I have exam nerves.

There is no good reason for my fear, because we are well prepared. 🧵

a baby is looking out of a window wearing a hat . Alt: A baby wearing a hat is looking throwing money out of a window.

VPC Endpoints could be a great service, if AWS would offer them for free and not charge $7 per service, AZ, and month plus traffic. Ridiculous!

So far, I came across the following possibilities to backup and restore a DynamoDB table:

1️⃣ DynamoDB Backup
2️⃣ AWS Backup
3️⃣ S3 Export/Import
4️⃣ DynamoDB API (Scan, PutItem)

What's your preferred method to move data between DynamoDB tables? For example, when moving DynamoDB tables to another account. Bonus points for methods, that work with IaC tools like Terraform.

#AmazonWebServices #awscommunity #dynamodb

Feedback from one of my freelance clients:

"this PR is a christmas miracle"

🤩

Low signals: These small amounts that are draining your AWS budget Chasing idle AWS assets

Just published a deep dive into the sneaky ways AWS costs creep up on you 🕵️‍♂️

Found out that companies wasted $157B on cloud services last year. Most had no idea they were leaving money on the table.

Check out full story on how these costs add up and what you can do about it: unusd.cloud/blog/post-5

❓To all small software companies: are you ISO 27001 certified? If so, which tools and providers would you recommend?

We are investigating our options to achieve an ISO 27001 certification in 2025 for attachmentAV and other products.

Compared to the CDK the cfn-modules are very simple to use. It's just a suite of CloudFormation templates that you stick together with nested stacks. npm is used to install and update the modules.

Check it out!
👉 github.com/cfn-modules/...

#awscommunity #cloudformation #AmazonWebServices

🧵(2/2)

During the past weeks, I spent some time modernizing a suite of CloudFormation templates called cfn-modules, that we used heavily for our consulting gigs.

✅ Migrated CI/CD from CodeBuild to GitHub Actions
✅ Migrated Lambda functions to Node.js 22
✅ Updated Amazon Linux AMIs
✅ ...

🧵 (1/2)

Oh, I totally understand your point of view. My intention is to find out whether it is worth to built a solution on top of the building blocks that AWS provides. I'm investigating the options to become a vendor in that space. 😁

I did not have a deeper look into this yet. But it seems like SES provides a feature for list management already. See docs.aws.amazon.com/ses/latest/d... for details.

Review: Amazon GuardDuty Malware Protection for S3 Learn how AWS GuardDuty protects your cloud infrastructure from viruses, malware, and other cyber threats. Discover best practices for implementing GuardDuty to enhance your AWS security posture and d

We also offer a product called bucketAV, which focuses on scanning files stored on S3.

There is indeed an AWS service that also scans S3 objects for malware: Amazon GuardDuty Malware Protection for S3. We've compared bucketAV with GuardDuty a few months ago: cloudonaut.io/review-amazo...

Virus and Malware Scan API Self-hosted on AWS Scan files for viruses, worms, trojans, ransomware and other kinds of malware by sending them to the attachmentAV API powered by Sophos. SaaS or self-hosted on AWS.

attachmentAV provides an API to scan files for viruses and malware. It's used by customers, who are not storing data on S3 or who want to scan the files before storing them on S3 (see attachmentav.com/solution/vir...).

We are thinking about moving away from @kit.com as well. Currently, our idea is to use SES and semplates.io instead. What are the must-have features from your point of view?

New: attachmentAV Virus and Malware Scan API Now available on AWS Marketplace

🎉 We are launching a new product today: attachmentAV Virus and Malware Scan API (Self-hosted on AWS)

🛡️ Protect your workloads from viruses and malware
🦠 Integrate virus scanning by calling a REST API
☁️ Deploy the API to your AWS account

👉 Now available on the AWS Marketplace.

Spread the news!

👎 The code completion does not work very well. It comes up with totally wrong suggestions often.
👎 For both code completion and generation the response times are quite high.

❓Are you using local LLMs for programming? Or are you fine with LLMs running in the cloud?

🧵 (3/3)

Here are my observations so far:

👍 Getting started with ollama and Continue is straight forward.
👍 Rewriting small parts of code works quite well.
👍 Letting the AI explain parts of the code is useful from time to time.

🧵 (2/3)

🧠 I'm experimenting with local LLMs for programming. My setup consists of three building blocks:

1️⃣ ollama to download and run LLMs.
2️⃣ Continue for code completion, code generation, and discussion integrated into VS Code.
3️⃣ MacBook Pro with M4 Pro

🧵 (1/3)

🎞️ It's amazing how fast AWS publishes the keynotes and breakout sessions at #reInvent 2024 on YouTube. Amazing experience, for those who are watching from home. Thanks! 🙏