This is a continuation of my previous blog post, which I covered the high level architecture design and walked through the process of building the AWS infrastructure supporting my static blog site.
In this post, I will cover the development process of building my blog site and take a closer look at some customisations of my blog site architecture.
Time flies - summer is almost over in New Zealand. Even though it has only been three weeks, my six-week summer break is already beginning to feel like a distant memory.
About nine months ago, I started this blog and decided to host my blog site on Amazon S3 and utilise Amazon CloudFront for the content delivery. My initial capital investment was simply 1 US dollar for the domain name wkhoo.com registration.
For nine months, my monthly AWS bills were either $0 or $0.01 (for S3 storage cost although my usage is well under the free tier limit; probably due to decimals round up but weird), all because I am reaping the benefits of AWS 12 months Free Tier program and have been staying within the limits so far.
Amazon Managed Grafana is a powerful tool for monitoring and visualisation, and integrating it with an identity provider (IdP) such as Microsoft Entra ID using SAML provides a secure and streamlined access management. Deploying Amazon Managed Grafana and configuring SAML integration are pretty straightforward.
Recently, I needed to configure group-based access control using the SAML group attribute and Grafana team sync, but I faced some challenges getting it to work. Both the AWS and Microsoft documentations do not clearly elaborate the steps to successfully enable the group attribute sync to Grafana team.
A landing zone, typically set up using AWS Control Tower, is a well-architected, multi-account AWS environment that is scalable and secure. AWS Control Tower automates the configuration of the landing zone following AWS best practices, which include networking settings, identity and access management (IAM) policies, logging and monitoring settings, and security guardrails. Decommissioning an AWS Control Tower landing zone is a complex task that involves shutting down a multi-account AWS environment while ensuring no critical resources or data are lost.
In this post, I will walk through the necessary steps to decommission a landing zone focusing on key considerations for ensuring compliance, security, and cost management.
This is a spin-off from my previous blog post Centralised SSM VPC Endpoints Cost-Benefit Analysis where we explored how the centralised SSM VPC endpoints architecture could help organisations to minimise costs by creating the endpoints in one VPC and sharing the endpoints with the other VPCs, therefore reducing the number of endpoints required and the associated endpoint-hour charges.
In this blog post, I will illustrate how you can scale the centralised SSM VPC endpoints solution across AWS accounts.