No good title
• Mark Eschbach
I built a system on AWS. Eventually you’ve got a lot of components and stuff. I know there are companies out there who will gladly accept your hard earned cash for visualizing all sorts of things however I was hoping there would be an open source solution. I found anaynayak/aws-security-viz which looks promising. Time to try it out. Security groups probably aren’t the best way to visiualize but maybe I can learn some lessons. So the tool didn’t work so well, just showed two groups: CIDR 0.0.0.0/0; and the default group. All well, onto more important things.
I’m becoming convinced it’s probably a best practice to specify the VPC for each security group so they don’t get attached to the incorrect one. It tooks a bit to figure out the security group for a the autoscale configuration was different than the security group attached to the launch configuration.
Next up is to configure the subnets to allow for failover. We need one new subnet for each availability zone we are running in. Originally I created a manual list for each availability zone but I would love to learn more about how to process lists. GruntWorks’ article is a fairly awesome resource on teh subject! Now to give it a whirl and see where I land with it. Works like a charm for processing the list of resources. Their expression language even allows addition. CIDR with a netmask of 21! Score.
Well, I broke everything. ECS hosts couldn’t register with the ECS cluster at all. After attempting to trouble shoot for a while I’ve backed off the changes.