Browsed by
Author: adminkw

Highly Available WordPress on AWS

Highly Available WordPress on AWS

Highly Available WordPress instance I have a few wordpress sites and I currently have them deployed in docker containers on a single host. I’m going to move these to AWS, migrate my data, test, and then switch DNS. This is a followup to this initial post and this page outlines the migration and Highly Available configuration in AWS. Tools used I want to keep everything simple so I’m going with terraform and userdata files to setup the environment and AMI…

Read More Read More

Highly Available WordPress on AWS – Intro

Highly Available WordPress on AWS – Intro

I’ve had a few friends ask me to look into their WordPress instances for some redundancy and performance improvements. Specifically they want a highly available wordpress which can auto-scale. Lots of people install the whole stack on a single instance and then ignore it for a while. Some use WordPress on AWS but only utilize EC2. Once performance starts to degrade they typically migrate to a larger server. This process will repeat until the costs skyrocket. Not only that, but…

Read More Read More

Ansible – Running from Message Queue

Ansible – Running from Message Queue

Programmatically running Ansible It’s really easy to run Ansible programmatically. I use Python to access the Ansible APIs and run playbooks. It’s also possible to use a templating engine like Jinja2 to build playbooks but that’s for another blog post later. Check out servers for hackers on how to hook into Ansible’s API. Very simple and straight forward, I built a reusable component for myself based on this. Message Queue So far I’ve used ActiveMQ and Amazon SQS. SQS has…

Read More Read More

AWS CentOS 7 FIPS mode

AWS CentOS 7 FIPS mode

This probably took me entirely too long to figure out so I figured I’d make a post on it to help anyone else trying to enable FIPS in AWS on CentOS boxes. FIPS mode If you’re trying to get FedRAMP certification this is something you’re going to need. FIPS 140-2 validated/compliant encryption is necessary for FedRAMP. If you don’t have FIPS 140-2 you will end up with high-findings on your SAR and a no-go for FedRAMP certification. How-to I followed…

Read More Read More

AWS NAT – Create EC2 NAT

AWS NAT – Create EC2 NAT

Wow, I had to post something about this after getting my AWS bill. I had an AWS setup NAT and recently changed to an EC2 NAT. I’ve been working with Lambda recently and I had a Lambda function I needed to utilize SQS as well as an RDS instance. Sounds easy, and it wasn’t exactly difficult, but there are definitely some caveats to consider. The big thing I learned was that Lambda functions will need NAT to access resources if…

Read More Read More

Logging – Graylog vs ELK

Logging – Graylog vs ELK

I’ve been dealing with logging a lot recently. Mainly audit logging for security/governance reasons but also logging for performance and support. I probably put 2-3 months total into setting up logging to meet all our FedRAMP requirements. Even though we settled on Graylog I wouldn’t count ELK out for the count. Logging with Graylog I’m going to go over Graylog first since it’s the logging solution we ended up with. We’re using filebeats to forward files to Graylog over TLS….

Read More Read More