Do you want a secure and convenient way to access internal AWS resources - like RDS databases or EC2 instances - from your local machine? Me too! Thanks to AWS Systems Manager (SSM), you can get shell access to EC2 instances without opening any inbound ports. Even better, since 2022, AWS also supports port forwarding over SSM, allowing access to nearly any internal AWS resource from your laptop - without requiring a bastion host with internet access. ...
A well-designed network architecture is the backbone of any cloud infrastructure. It ensures better performance, security, resilience, and easier troubleshooting. Additionally, choosing the right networking solutions can optimize costs by leveraging AWS services that align with your application’s needs. This article focuses on complex, large-scale setups where multiple teams operate across multiple AWS accounts and regions. Let’s dive into AWS’s networking offerings and explore the best options for connecting Virtual Private Clouds (VPCs) and external networks. This guide compares VPC Sharing, VPC Peering, AWS Transit Gateway (TGW), and AWS Cloud WAN, highlighting their use cases, advantages, and limitations. ...
I’ve just earned all three AI/ML AWS certifications and want to share my subjective thoughts about each certificate in particular. Inspiration I decided to pursue these three AWS AI/ML certifications after attending re:Invent 2024 in Las Vegas. Nearly every talk revolved around AI - how to integrate AI into workloads or how AI is already transforming solutions both within and beyond AWS. ...
Introduction Topology Aware Routing (TAR) is a Kubernetes feature designed to keep traffic within the same availability zone (AZ). This can reduce cross-AZ traffic costs on cloud providers like AWS and GCP, where inter-AZ traffic incurs charges. Additionally, it can lower latency by keeping network requests local. However, TAR is not a silver bullet. While it helps optimize costs and performance, it strictly prohibits cross-zone traffic, regardless of the system’s health or workload distribution. This limitation can lead to unintended service disruptions. ...
When running a website behind a load balancer and Cloudflare, handling client IPs in Nginx can be tricky. Different setups use different headers to pass the real IP: Custom Domains via Cloudflare: Cloudflare sends the real client IP in the CF-Connecting-IP header. Direct CNAME to Load Balancer: The load balancer sets the real client IP in the X-Forwarded-For header. What is the challenge? Nginx’s real_ip_header directive doesn’t support variables. This limitation means you can’t conditionally choose between headers like X-Forwarded-For and CF-Connecting-IP. ...