Streamline your backups into one easy console with the new AWS Backup

Managing a complex series of data backups can create unnecessary backlogging of tasks and difficulty replicating work across various parts of your team. AWS introduces a new service that helps you streamline and manage your backups from one console. With AWS Backup, you can:

·      centralize backup management across individual services

·      monitor, search and restore backups from the same place

·      continue to tailor individual backups

·      quickly create plans on an as-needed basis

·      take advantage of unlimited storage

·      ensure compliance with business and regulatory standards

Since the system puts control in one place, you can avoid lapses in management when individual members of your team aren’t there to monitor it. The service also saves your team time writing custom scripts for separate backups.

This reflects an improvement to the way organizations using AWS create and manage backups, but we’re still waiting for them to address a particular need. At present, if you want to use AWS to snapshot an EBS volume, you have to quiesce the volume as a separate step. There’s no way to automate that step within AWS Backup, at least not yet.

Visit the link above for step-by-step instructions to create your own backup plan.

Secure Your AWS Account with CIS Benchmark

In the Cloud, security should be your top concern.  If your company is using AWS, you’re probably aware of the endless possibilities for implementing security controls.  With these possibilities, there is a lot of room for gaps and mistakes.

One of the most important areas to secure is the AWS account itself.  Is is also important to ensure that changes made in the account meet security controls with a compliance dashboard.  Many customers choose to implement security monitoring and mitigation manually, which is time consuming and error-prone.

There is a better way.  AWS provides an automated implementation of the CIS Benchmark (  This combination of monitoring and dashboards can be deployed using a CloudFormation template, and can be launched directly from the AWS documentation found here:  Click on “How to Deploy” and select your region (either GovCloud or other regions), and follow the directions.

What resources are created by deploying this template?

  • AWS Config Rules

  • CloudWatch Alarms

  • CloudWatch Events

  • Customizable Lambda functions

In addition, AWS provides a security controls matrix (as a Microsoft Excel spreadsheet) that maps the deployed resources to specific CIS controls.

By deploying this benchmark using automated methods, you can test this in your own account, and remove all of the above resources with a few mouse clicks if required.  We recommend that every AWS account have security controls implemented and monitored, and enabling termination protection on the deployed CloudFormation template will help protect these resources.

Happy deploying!

Upcoming Class: AWS Monitoring Strategies on October 29!

Monitoring in AWS can lead to a complicated web of resources and workflows. Maximizing coverage of availability metrics, performance indicators, and security requires knowledge of several services and integration techniques. Log monitoring presents cost, storage, and retention challenges. This course is designed to shed light on monitoring strategies in AWS to eliminate gaps in monitoring, as well as explain differences between traditional monitoring choices and those available as part of the AWS ecosystem.

Sign up here!

Upcoming class: Introduction to GCP Oct 15-16, 2018

Sign up here!

Google Cloud Platform is a rich suite of cloud computing services that works with a set of management tools to provide modular cloud services for computing, data storage, data analytics, machine learning, and more. It is important to understand how to properly evaluate and adopt cloud infrastructure because if done poorly, it can wreak havoc on the operations and security of sensitive resources. Migrating to the cloud should be measured and deliberate, based on a solid understanding of the effort involved, and a clear vision for the outcome.This training will provide a solid understanding of Google Cloud Platform. We will start with the basics before moving on to security and monitoring. We will then explore how to create a network, launch compute resources, and create storage resources before ending with operations and automation. You will get to see firsthand the various services that make up the GCP ecosystem along with their relationships to each other. The training will cover benefits of a cloud-based infrastructure and starting points for how these benefits can be achieved in GCP.

Upcoming Class: AWS Monitoring Strategies on August 31, 2018

Monitoring in AWS can lead to a complicated web of resources and workflows. Maximizing coverage of availability metrics, performance indicators, and security requires knowledge of several services and integration techniques. Log monitoring presents cost, storage, and retention challenges. This course is designed to shed light on monitoring strategies in AWS to eliminate gaps in monitoring, as well as explain differences between traditional monitoring choices and those available as part of the AWS ecosystem.

Sign up here!

How to setup and do the basics of CodeCommit with Bash - SSH

Amazon Web Services CodeCommit is a great, very cheap/free program that can be used to store and share code with others. Using the AWS free-tier you can have up to 5 IAM users, and 3 projects on the same account that share code to the same place. This is a simple how-to that should get everything up and running for you and hopefully answer any questions you might have.

1. Assuming that you already have an updated and working version of pip and Python installed you can install the AWS CLI by using this command

pip install awscli --upgrade –user

2. Create an IAM user that has codecommit access. Make sure that you check the box that allows Programatic Access and the other one that allows for AWS Management Console Access if those are things you want your account to have. You must select both of these for initial setup.

For best security principles you should give the account the least access possible to do the job. For set up you can give the account the premade policy that allows only AWS codecommit access. Also be sure to save the access key ID and the secret access key. You will need these.

While in the setup phase of the account, navigate to the “Security Credentials” tab. Once there generate SSH credentials for your account.

You can also generate HTTPS Git credentials for codecommit if you think you’ll use HTTPS to connect to the codecommit repository at all.

Once the account has been made, if you are using the command line interface, use the aws configure command to set up your CLI with your IAM account.  This should be your output:

aws configure

access key ID: (enter access key ID)

secret access key: (enter secret access key)

default region name (us-east-1): (type the availability zone you want, one listed is the current region selected)

default output (text): (this can be changed to JSON if you prefer)

note: make sure the default region is the same one that plan to put your repository is in

3. Next you need to make sure that Git is installed on your computer, you can download it here

4. When you made your new IAM user there should have been a URL that you can use to log into AWS management console. Log in now, and naviagate to CodeCommit.

Click the blue “create” button and make your first repository. Give it a name and a description and you can also set up SNS notifications amongst other things at this stage if you so choose.

I called my repository “testrepo”

5. Now make sure that you have an SSH key pair. If you already have one you can skip this step. You can use an existing one, or make a new one with the keygen command. Before running the command, I’d recommend that you change into your /.ssh directory. Mine was under /Users/”username-here”/.ssh/

cd /Users/username-here/.ssh/

Then you can run the keygen command to make your ssh key pair. Once you run the command it will ask you what you want to name your key pair. For the sake of this we’ll call ours “testkeypair”


Enter file in which to save the key (/Users/username/.ssh/id_rsa): testkeypair

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in testkeypair.

Your public key has been saved in

The key fingerprint is:

SHA256:q6WB1IrmHEe+eUOCKAxR+3Q/QzbL4XD3QrYd418sBro username@usernames-MBP

The key's randomart image is:

+---[RSA 2048]----+

| ..              |

|.  .             |

| .. . o * + +    |

|.  o o O B * + . |

|o. .+ . S + + o o|

|o..=.o.  + o o o |

|. + =o. o E   .  |

| + o oo=         |

|  o o.o.         |


After running the command the key pair is available for use. There will be 2 files saved into the directory you were in at the time of creation, one named “testkeypair” and one named “”.

6. Once your key pair has been completely made you can run the “cat” command to view the contents of the file that you made. “cat” into the public file so that you can see the contents for copy and paste purposes
cat ~/.ssh/

Sign in to the AWS Management Console and open the IAM console at

In the IAM console, in the navigation pane, choose Users, and from the list of users, choose your IAM user.

On the user details page, choose the Security Credentials tab, and then choose Upload SSH public key.

Paste the contents of your SSH public key into the field, and then choose Upload SSH public key.

Copy or save the information in SSH Key ID (for example, APKAEIBAERJR2EXAMPLE).

7. On your computer, use a text editor to create a config file in the ~/.ssh directory, and then add the following lines to the file, where the value for User is the SSH key ID you copied earlier:

Host git-codecommit.*


  IdentityFile ~/.ssh/testkeypair

If you gave your private key file a name other than testkeypair, be sure to change that

Save and name this file config.

From the terminal, run the following command to change the permissions for the config file:

chmod 600 config

Run the following command to test your SSH configuration:


You will be asked to confirm the connection, as is not yet included in your known hosts file. The AWS CodeCommit server fingerprint is displayed as part of the verification (a9:6d:03:ed:08:42:21:be:06:e1:e0:2a:d1:75:31:5e for MD5 or 3lBlW2g5xn/NA2Ck6dyeJIrQOWvn7n8UEs56fG6ZIzQ for SHA256).

If you are having problems connecting you can try troubleshooting with the –v parameter so that you can see where things went wrong.

ssh -v

8. Assuming that everything went smoothly you can now clone your git repository and make your first commit.

git clone ssh://

Assuming that this is a brand new repository that you are connecting to, it will give you a warning telling you that you may have cloned an empty repository.

This command clones an identical repository that will be stored on your local drive. This keeps a copy of everything you have made and will stay there until you push it to the cloud. You will also need to run pulls to make sure that your local repository is kept updated if others share the repository.

9.  Now you are ready to make your first commit. You can create a new file, I’m calling mine “CommitTest”. Just add some words or a phrase to the file to test if things work.

vi CommitTest

10. To verify that everything works, use the command git status, and you should get the following output:

git status

On branch master

No commits yet

Untracked files:

  (use "git add <file>..." to include in what will be committed)


nothing added to commit but untracked files present (use "git add" to track)

11. To add the text file to your next upload run the add command

git add CommitTest.txt

Now the test file is in the “to be uploaded” category

12. Now we can send it to the local repository on your computer with the commit command, and this should be the output assuming it sent correctly

git commit

[master (root-commit) 8e3ac5d] Adding CommitTest.txt to repo

 Committer: name <>

Your name and email address were configured automatically based

on your username and hostname. Please check that they are accurate.

You can suppress this message by setting them explicitly:

    git config --global "Your Name"

    git config --global

After doing this, you may fix the identity used for this commit with:

      git commit --amend --reset-author

 1 file changed, 1 insertion(+)

 create mode 100644 CommitTest.txt

13. We can run the git status command again and this should be the output

git status

On branch master

Your branch is based on 'origin/master', but the upstream is gone.

  (use "git branch --unset-upstream" to fixup)

nothing to commit, working tree clean

14. Now you will push the contents of your local repository to your AWS repository using the push command.

git push -u origin master

Counting objects: 3, done.

Delta compression using up to 4 threads.

Compressing objects: 100% (2/2), done.

Writing objects: 100% (3/3), 320 bytes | 320.00 KiB/s, done.

Total 3 (delta 0), reused 0 (delta 0)

To ssh://

 * [new branch]      master -> master

15. If you plan to share this repository with others, they will need to go through the same steps as you did as far as making sure they are SSH compatible, and really everything but making the actual repository.

This could mean that others are uploading code to the repository that you might want. For this you simply run a git pull command whenever your want to sync your repository with that of the cloud one.

git pull

Already up to date

My output says I’m already up to date, but if there were things to pull it would say it there.

16. This step shows you how to share with others.

Switch to your /tmp directory now.

Run git clone to pull down a copy of the repository into the shared repo:

git clone ssh:// shared-test-repo

This helps with making sure that there is no significant data loss as well as not overwriting your main repository

Now switch to your /tmp/ repository

cd /tmp/shared-test-repo

Run git config to add another user name and email address represented by placeholders other-user-name and other-email-address (for example, John Doe and This makes it easier to identify the commits the other user made

git config --local "other-user-name" git config --local other-email-address

Use a text editor to create an example text file in the shared-test-repo directory. I called mine sharedtest.txt

vi sharedtest

Run git add to stage the change to the shared repo:

git add sharedtest.txt

Run git commit to commit the change to the shared repo:

git commit -m "Added sharedtest.txt"

Run git push to push your initial commit through the default remote name Git uses for your AWS CodeCommit repository (origin), from the default branch in your local repo (master):

git push -u origin master