Recover EC2 Windows Password

Posted on November 5, 2015 by Vysakh Venugopal | Comments(1)

There are scenarios where we lose/forget our windows password and then trying out a way to login to the windows server. This turns out to be critical if it’s an admin credential that is lost. But still there’s a way to reset the password. Here’s how to do this: Before going through the steps, we assume that you have a running AWS EC2 Windows instance. For resetting the password we require a Linux machine, which we prefer is an Ubuntu Server in the same AZ as your windows instance. This method requires your EC2 windows instance to be taken offline for some time.

AWS Lambda – the future of event driven automation

Posted on November 5, 2015 by Srihari Patil | Comments(0)

Lambda is a compute service in Amazon Web Services, which triggers actions based on the events. Lambda is efficient and event driven which responses to events from either objects added or removed from S3, updating to DynamoDB tables, SNS, data in Kinesis Stream, Cloudwatch logs, In-App activity etc. Once our code is uploaded to Lambda, this service handles all the capacity, scaling, patching and administration of the infrastructure needed to run our code and also provides us with greater visibility of performance by publishing us with logs and metrics to Amazon CloudWatch.Lambda is cost- effective as it helps in running our code without any provisioning and managing servers with high availability.  AWS has been adding a lot of new features. AWS Lambda supports only 4 AWS regions, which include US-East (North Virginia), US-West (Oregon), EU-West (Ireland) and Asia Pacific (Tokyo). AWS provided support for writing Lambda functions in Node.js language and added Java Programming Language recently this year. New features are added in Lambda to help developers and other community people to make life much simpler and easy. Recently, AWS Lambda function has brought in new features; Functions can now be written in Python Programming Language. Lambda functions now support

Continue reading…

Deep dive into the AWS API Gateway

Posted on October 21, 2015 by Bhavik Joshi | Comments(2)

  From my previous blog, you can get a hands on with the AWS API Gateway. Now we will deep dive into it. Following points will be covered. How to pass Query String to the method? How to pass Headers to the method? How to Transform the Response of the Method? How to receive Custom Response Code (400,500,…) for the method? How partially secure your API using API Keys Prerequisites: Create a lambda function with code given here Create and Deploy the Product API with the GET Method, which integrates with the above function You can refer my previous blog to have the prerequisites.   1.How to pass Query String to the method? You have an API with you already, where you are calling an API with GET method, you get all the records in response, but what if we want a specific record in response? How can we get it? In this scenario, we can use the Query String. We will get the query string parameter from the HTTP request and then integrate the request using Mapping Templates. Step by Step process to pass the Query String Parameters to the Method   2.How to pass Headers to the method?   3.How to Transform the Response of the

Continue reading…

Integration of Azure Audit Logs with Power BI

Posted on October 20, 2015 by Sasikala Subramanian | Comments(0)

Azure audit logs allows you to view operational logs such as actions performed via Azure Resource Manager, actions that are related to managing resources in your Azure subscription. In order to visualize and analyse these logs in much better way and also to share these information among co-workers Power BI is used.  Azure Audit Log Service is supported only in Azure Preview Portal. The Azure Audit Logs contains the following information for each operation, The name of the operation Level [Critical, Error, Warning] Status [Succeeded, Failed] Resource Time These information can be visualized in Power BI. It is an online Service offered by Microsoft, which is used to collect and visualize data from different sources. This online service can be accessed with your Microsoft work or school account. In Power BI, the data can be either directly imported or through Content Pack Library. You can even create your own content pack for your organization i.e. you can create the report in Power BI and distribute among your co-workers as a content pack. Some of the Power BI services are Azure Audit logs, Azure Mobile Management, Google Analytics, GitHub, etc. The Power BI Azure Audit Logs Content pack is used to

Continue reading…

IaaS v2: New enhancement with Azure Architecture

Posted on October 14, 2015 by Arzan A | Comments(0)

I will not take up a long time to unfold the facts for which you are eager searching and surfing on the wide internet. If you want to first get a short answer of what exactly is IaaS v2, let me satisfy the hunger of information by the definition I created. Definition: IaaS v2 states few architectural changes within Azure, which originated with the introduction of new management framework called Azure Resource Manager (ARM). Definition Decoded: So the whole story of ‘IaaS v2’ begins by understanding difference between Azure Service Management (ASM) and Azure Resource Manager (ARM). There is a management framework for almost all IT systems. The management framework was initially designed and used for Azure was Azure Service Management (ASM), which is also now termed as Classic. But now Microsoft has introduced a new framework for Azure, which is known as Azure Resource Manager (ARM). This is the reason we have two management portals for Azure; one, which is the default management portal, which works on ASM framework, and then the next one, which is known as Azure Ibiza preview portal which works on ARM framework. Even the Azure PowerShell CMDLETS works in two different modes; ASM and

Continue reading…


AWS IoT: A Service for Internet of Things

Posted on October 12, 2015 by Sanket Deshpande | Comments(0)

The AWS re:Invent keynote session by Dr. Werner Vogels (CTO, Amazon.com) on day 2 unleashed a new set of possibilities to the world of Information Technology. Imagine Virtualization clubbed with Internet of Things (IoT) and then brought in front of you as a service. And this is now a reality since AWS has launched a new service called AWS IoT, which is currently available in beta version. When it comes to possibilities, AWS customers like BMW and John Deere showed how this service is being used by them to derive meaningful insights from their data in real time. In this blog, I’ll be describing AWS IoT in detail. What is AWS IoT? AWS IoT (Internet of Things) is a service by Amazon Web Services, which helps various devices to connect to AWS and upload their real-time data to AWS Storage, Analytics, Database Services like S3, Kinesis, DynamoDB etc. The data is then processed and mapped to a running application. This feature is also available even when the device is offline. AWS IoT provides a secure way to connect and manage the devices at any scale. It can be leveraged through: Devices: AWS provides SDKs for devices which can be used

Continue reading…

Amazon Inspector- Application Security Service in AWS Cloud

Posted on October 8, 2015 by CloudThat | Comments(0)

The AWS re:Invent keynote session by Andy Jassy (Senior VP, AWS) on Day 1 comprised of announcements about the new services and enhancements in some of the existing ones. In this blog, I am going to talk about one of the new services- Amazon Inspector.   What is Amazon Inspector? Amazon Inspector is an automated security assessment service which identifies the potential security and compliance vulnerabilities in the applications running on AWS. This may be beneficial as a lot of organizations may not have dedicated personnel or staff to identify security vulnerabilities or they might have been overlooked some while testing.   Why is it required? Security is one of the main concerns for organizations whether they are moving to cloud or are already using it. Inspector helps to improve the overall application security by examining it when an application is in production or is being developed. It also helps in adhering to an organization’s security standards and uses AWS’s Security Expertise where the security best practices and rules are constantly being updated by AWS, so one gets the best of both the worlds.   How it works? Amazon Inspector performs an assessment and generates a report containing steps for

Continue reading…

IAM @ CloudThat

Posted on October 5, 2015 by Sankeerth Reddy | Comments(0)

Identity and Access Management (IAM) on AWS is an authentication and authorization service to provide access for multiple users to AWS resources. To know about how the permissions work and their hierarchy, check out this link. How to use IAM to achieve hasslefree and maximum control over the users and resources is completely dependent on the organizational usage and is also a continuous learning. Here, I would like to give an insight into how we at CloudThat use IAM on our account, used by all the employees to restrict access and enable cost tracking and management. Before diving into the details, below are few of the limits that one needs to be aware of before working with IAM. Criteria Limit Groups in one AWS Account 100 Users in one AWS Account 5000 Groups a user can be member of 10 Customer Managed Policies for an AWS Account 1000 Versions of managed policies per policy 5 Managed Policies that can be attached to a user, group 10 Size of each managed policy 5120 Characters Inline policies that can be attached to a user, group Unlimited Aggregate inline policy size for a user 2048 Characters Aggregate inline policy size for a group

Continue reading…

AWS Identity & Access Management – Best Practices

Posted on September 9, 2015 by CloudThat | Comments(0)

  Security is a critical aspect for any organization. This blog focuses on the account security measure provided by AWS – IAM. IAM stands for Identity and Access Management and is used for controlling access to AWS services and resources. There are no additional charges for using IAM. For people new to IAM, the basic concepts are: User: A user is similar to a login user in various operating systems like Microsoft Windows. A user can log in to the AWS console using their username and password. In AWS world, this user can be an individual, system or an application requiring access to AWS resources and services. Groups: A group is a collection of users. Instead of assigning similar permissions to multiple users individually, a group can be created with a set of permissions and users can be added to it. The benefit of creating groups is that it simplifies the tasks of managing a large number of users and their permissions. Role: A role is a set of permissions required to make AWS service requests. But this role cannot be directly assigned to a user or group, instead roles can be assumed by a user, an application or an AWS service like EC2 to make service

Continue reading…

Migration of infrastructure from EC2 Classic to EC2 VPC

Posted on September 7, 2015 by CloudThat | Comments(0)

EC2-Classic to EC2-VPC Migration Your AWS account might support both EC2-Classic and EC2-VPC, depending on when the AWS account was created and regions used. AWS accounts created after 2009 do not support EC2-Classic platform environment and have the EC2-VPC environment. EC2-VPC environment has additional advantages over EC2-Classic environment. In terms of security, VPC has Network ACL which can allow or deny access to a particular IP. Also, we can setup openVPN and customer gateway between VPC and on-premises. This blog will tell you how to migrate instances (both EC2 and RDS) from EC2-classic environment to EC2-VPC environment with zero downtime. Let’s assume that I have my application server running in the cloud infrastructure. The following   architecture diagram can represent the infrastructure running in EC2-Classic environment.   As you can see in the diagram, there is a Route53 Entry for www.mysite.com with ‘A’ name record.  There are two app servers running which are under a load balancer which are pointing to the MySQL RDS instance. In order to migrate the above EC2-Classic environment to the EC2-VPC environment without downtime following steps can be used- Creating a Load Balancer inside the VPC. Creating AMI of app server Launching application server into public

Continue reading…