AWS Automation Documents
Automate AWS AMIs
AWS Systems Manager Automation documents let you customize your Amazon Machine Images to improve security and avoid config drift.
Special Thanks: This article was made possible by support from Linux Professional Institute
Automation is the long-standing, presiding champion in any DevOps arena, and even more so in cloud environments, where the emphasis is on short-lived, ephemeral resources that can be safely discarded when they’ve run their course and completed their predetermined task.
When you’re faced with running a multitude of Amazon Elastic Compute Cloud (EC2) instances on Amazon Web Services (AWS), sometimes across multiple regions, upgrading packages and applying security patches on the operating systems (OSs) of your instances can be a daunting task. Once you’re content that your OSs are current and up to date and your installed packages are patched, you then have the task of customizing your Amazon Machine Images (AMIs) to suit in-house needs.
Tied in with how you customize your instances is config drift , a well-known phenomenon in DevOps circles. Whether you’re using a cloud or traditional data center infrastructure, servers all too easily become uniquely configured and somewhat “special.” By that, I mean they become beautiful Snowflakes , so called because snowflakes are apparently unique. Compared with other servers providing the same services, these special servers might have distinctly different scripts or applications, or they might have certain packages pinned to specific versions to keep everything else from breaking horribly. These unique characteristics cause issues on a number of levels, such as knowing what you’re allowed to update during patch runs or having to keep track of each snowflake’s idiosyncrasies in the event that an enterprise-wide issue (e.g., a new kernel) is urgently required because of a suddenly discovered nasty bug.
In this article, I walk you through the automation of much of the initial
...
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Shadow admin permissions and your AWS account
Malicious attackers are trying to conquer your AWS castle in the cloud. To mount a strong defense, you'll need a deeper understanding of privilege escalation and shadow admin permissions. -
Keeping it simple – the Ansible automator
The powerful Ansible automator comes without airs and graces, does without complex syntax, self-documents, and has no need to hide its light compared with Puppet and other configuration management tools. -
Take your pick from a variety of AWS databases
We look at the variety of databases available in Amazon Web Services – from relational, to NoSQL, to data warehouses for petabyte data volumes. -
Is System Administration Bound for Extinction?
Writers and tech journalists have predicted for years that the system administrator role is an endangered species, with extinction just around the corner. Are they right?
-
Exploiting, detecting, and correcting IAM security misconfigurations
Three IAM security misconfiguration scenarios are rather common: allowing the creation of a new policy version, the modification of a role trust policy, and the creation of EC2 instances with role passing. We look at ways to avoid and detect IAM security holes.