If you are not familiar with networking concepts on AWS, I recommend you take a look at my introduction to aws networking.

A Bastion host (also called Jumpbox) is used to protect hosts that are part of a private network, while still allowing access to them over the Internet. If a system administrator needs to access other hosts, It needs to first SSH to the Bastion and from there, SSH to any other host.

Being exposed to the Internet, the Bastion becomes the target of attackers and should be a central part of our security plan.

A few months ago, I wrote an introduction to networking for Google Cloud. Today I find myself working with AWS, so I’m going to explore networking on the AWS platform.

I’m going to be using AWS CLI for my examples, so I recommend you install it and configure it before proceeding.

Virtual Private Clouds (VPC), Subnets and Security Groups (SG)

To get started we need to get familiar with these 3 fundamental concepts:

• Virtual Private Cloud (VPC) - Refers to a network that is logically isolated from the rest of the world. A VPC is a regional resource (It can span a full region, but not accross regions)
• Subnet - A section of a VPC. Subnets exist in a single Availability Zone (AZ)
• Security Group (SG) - A virtual Firewall. Any EC2 instance must be attached to at least one Security Group. By default a Security Group allows all outbound traffic and disallow all inbound traffic

In a previous post I wrote about AWS CodeBuild, which allows us to run our builds using AWS infrastructure. In this post we are going one step further and explore CodePipeline; AWS’ solution for continuos delivery.

Some of Pipelines’ features:

• Detect code changes and start Pipeline automatically
• Split releases into stages (One per environment, for example)
• Pause the releases if a step fails
• Allow steps to only proceed after manual approval

CodeBuild is AWS’ offering for running builds in the cloud. We can think of it as an alternative to TravisCI or CircleCI.

Concepts

There are 4 things we need to configure as part of a CodeBuild project:

• Source - Get the code we want to build. At the time of this writing, we can retrieve code from S3, GitHub, Bitbucket or CodeCommit (AWS’ code hosting offering)
• Environment - Type of machine to use for the builds
• Buildspec - Commands to run as part of the build
• Artifacts - Artifacts to publish to S3 (Optional)

In a previous post I wrote about AWS CLI. In that post I explained how to create an admin user and how to use that user with the CLI. In this post I’m going to go in more depth into AWS IAM and show some examples.

The root user

When someone signs up to AWS they will need to provide an e-mail address and password they want to use to access their account. At this point, they are the only person who knows that combination of e-mail and password, so it can be safely assumed that whoever holds those two pieces of information is the owner of the account.

The owner of the account has the power to create or delete resources as they desire, so it’s very important that the password doesn’t fall in the wrong hands.

Null terminated strings

Null terminated strings (also called C strings) store a string as a sequence of characters terminated by a null character (\0).

For example, if we have a variable with the string taco, in a character array, it would look like this:

1
2
index: 0 | 1 | 2 | 3 | 4
value: t | a | c | o | \0

Notice that even though, taco is only 4 characters, it is necesary to allocate an extra byte for the null characer (\0).

As computer users, we are accustomed to storing data to retrieve it sometime in the future. Today there are many ways to do this. If you take a photo on your cell phone, it’s going to be saved into the phones internal flash memory (or an external flash card). If you have a modern computer it’s likely that you have a Solid State Drive (SSD). It’s also possible to save your data in the “cloud”. So, why focus on Hard drives?

Hard Disk Drives (HDD) have been a reliable way to store data since the 1950’s. Cloud providers (AWS, Azure, Google Cloud) have HDD offerings that are cheaper than the SSD alternatives. At the time I wrote this article, if I want to buy a 5TB HDD, I would have to pay around $100 USD; if I want to buy 5TB SSD I would have to pay around $500 USD. For this reason HDDs are still widely used.

I just started working with Java and I have realized I don’t know much about how the build system works. In this article I’m going to explore Java’s build system. Ant is analogous to Make, Gradle or Gulp. It’s main goal is to automate the process of running tasks. More specifically, it is often used to compile code, run tests, etc.

Installation

Ant is a Java application, so a Java Runtime Environment is necessary. The installation will vary depending on your environment, so you might want to check the official documentation. If you use ubuntu, you can use apt-get:

1
sudo apt-get install ant

To verify the installation was successful:

1
ant -version

I’m going to start working a lot with AWS, so I will need to get familiar with they’re tools. One of the most important tools to get familiar with, is their CLI.

Although it is possible to do most things from AWS management console, learning how to use the CLI allows for scripting and automation, which can help increase productivity.

Installation

To install AWS CLI we need Python 3.4 or later. Use --version to verify it’s installed:

I have a few private Github repositories where I use Travis for running checks on each of my commits. A couple of days ago I received a message from Travis telling me that I only had 10 builds left as part of my trial. Luckily, someone told me CircleCI allows unlimited private builds for free, so I’m going to try it out.

Creating an account

The first step is to create an account. They allow to sign up with Github, so I just chose that option: