Forem: Daniel Muthoni

Optimize AWS Costs: One Load Balancer, Multiple Apps

Daniel Muthoni — Tue, 09 Dec 2025 12:40:54 +0000

The Problem

Running separate Application Load Balancers (ALBs) for each application costs $16-18/month per ALB. With 5 apps, that's $80-90/month just for load balancers.

The Solution

Use a single ALB with path-based or host-based routing rules to serve multiple applications, reducing costs by up to 80%.

Step 1: Create One Application Load Balancer

Go to EC2 > Load Balancers in AWS Console
Click Create Load Balancer > Application Load Balancer
Configure:

Name: shared-alb
Scheme: Internet-facing
IP address type: IPv4
Select at least 2 availability zones

Configure security group (allow HTTP/HTTPS)
Create the ALB

Step 2: Create Target Groups for Each App
For each application, create a separate target group:

Go to EC2 > Target Groups
Click Create target group
Configure each:

Target type: Instances/IP/Lambda (based on your setup)
Name: app1-targets, app2-targets, etc.
Protocol: HTTP
Port: Your app's port
Health check path: /health or /

Step 3: Set Up Routing Rules
Option A: Path-Based Routing (Same domain, different paths)

Go to your ALB > Listeners tab
Select HTTP:80 or HTTPS:443 listener
Click Manage rules > Add rules
Create rules for each app:

Rule 1: /app1* → Forward to app1-targets
Rule 2: /app2* → Forward to app2-targets
Rule 3: /api/* → Forward to api-targets
Default: Forward to landing-page-targets
Option B: Host-Based Routing (Different subdomains)
Create rules based on hostname:
Rule 1: app1.example.com → Forward to app1-targets
Rule 2: app2.example.com → Forward to app2-targets
Rule 3: api.example.com → Forward to api-targets
Step 4: Configure DNS
Point all domains/subdomains to the single ALB:
Route 53 or your DNS provider:
app1.example.com → CNAME → shared-alb-xxxxx.region.elb.amazonaws.com
app2.example.com → CNAME → shared-alb-xxxxx.region.elb.amazonaws.com
api.example.com → CNAME → shared-alb-xxxxx.region.elb.amazonaws.com
Step 5: Add SSL Certificates (Optional but Recommended)

Request certificates in AWS Certificate Manager for all domains
Add certificates to ALB listener (HTTPS:443)

Step 6: Configure Health Checks
For each target group:

Go to Target Groups > Select group
Edit Health check settings:

Path: /health or your health endpoint
Interval: 30 seconds
Timeout: 5 seconds
Healthy threshold: 2
Unhealthy threshold: 3

Cost Savings Example
Before (5 separate ALBs):

5 ALBs × $16/month = $80/month
Total: $80/month

After (1 shared ALB):

1 ALB × $16/month = $16/month
Total: $16/month

Savings: $64/month ($768/year)
Best Practices

Use Priority Rules Wisely - More specific rules should have lower priority numbers
Monitor Target Health - Set up CloudWatch alarms for unhealthy targets
Enable Access Logs - Store in S3 for troubleshooting
Use HTTPS - Terminate SSL at ALB for better security
Set Appropriate Timeouts - Match your app's response times
Tag Everything - Tag target groups and ALB for cost tracking

Limitations to Consider

ALB has limits (100 rules per listener, 50 targets per target group by default)
All apps share the same ALB capacity (but auto-scales)
Request limits apply to the entire ALB, not per app
One ALB failure affects all applications (use multiple ALBs across regions for critical apps)

When NOT to Use This Approach

Regulatory requirements mandate isolation
Apps have drastically different traffic patterns
You need different network configurations per app
Critical production apps requiring dedicated resources

Conclusion
Using a single ALB with routing rules is a simple yet powerful way to reduce AWS costs without sacrificing functionality. For most small to medium workloads, this approach provides excellent cost optimization while maintaining flexibility and scalability.

AWS DevSecOps: Deep Dive into Software Development, Security, and Operations Integration

Daniel Muthoni — Sat, 22 Nov 2025 09:14:12 +0000

I had the opportunity to participate in the AWS Community Day KE 2025 at KCA University, where I shared the following insights.

The convergence of software development, security, and operations in AWS environments requires sophisticated orchestration of practices, tools, and cultural transformations. This comprehensive analysis explores the intricate relationships between these domains and their practical implementation at scale.

Software Development in DevSecOps Context
Development Lifecycle Security Integration
Pre-Development Security Planning Security requirements gathering begins during the product planning phase, where threat modeling sessions identify potential attack vectors specific to the planned functionality. Development teams collaborate with security architects to establish security acceptance criteria alongside functional requirements. For example, a payment processing feature automatically inherits requirements for PCI DSS compliance, input validation, encryption standards, and audit logging. These requirements are captured in the same tracking systems used for feature development, ensuring visibility and accountability.

Secure Coding Practices at Scale: Modern development practices embed security considerations into daily workflows. IDE integrations provide real-time feedback on security issues as developers write code, identifying problems like hardcoded secrets, SQL injection vulnerabilities, and insecure cryptographic implementations. Code review processes include security-focused checklists that reviewers use to validate security aspects of proposed changes. Pull request templates include security impact assessments that force developers to consider the security implications of their changes.

Branch Protection and Security Gates: Repository management implements security-enforced branch protection rules that prevent code from advancing without passing security checks. Master branches require passing security scans, peer reviews with security focus, and automated security testing. Feature branches undergo continuous security scanning that provides immediate feedback to developers. Emergency hotfix procedures include expedited security review processes that maintain security standards while enabling rapid deployment of critical fixes.

Advanced Testing Strategies
Shift-Left Security Testing: Security testing begins at the earliest stages of development. Unit tests include security-focused test cases that validate input sanitization, authentication mechanisms, and authorization logic. Integration tests verify security boundaries between services, ensuring that service A cannot access service B’s data without proper credentials. Contract testing validates that API security requirements are maintained across service interactions, preventing regression in security controls during system evolution.

Comprehensive Security Test Automation: Automated security testing encompasses multiple dimensions of application security. Static analysis tools examine source code for common vulnerability patterns, with custom rules that enforce organization-specific security requirements. Dynamic testing tools interact with running applications to identify runtime security issues, including authentication bypasses and injection vulnerabilities. Interactive application security testing combines static and dynamic approaches to provide comprehensive vulnerability coverage.

Security Performance Testing: Security controls undergo performance testing to ensure they don’t degrade system performance beyond acceptable thresholds. Authentication mechanisms are load tested to verify they can handle peak user loads. Encryption and decryption operations are benchmarked to ensure they meet performance requirements. Rate limiting and DDoS protection mechanisms are validated under simulated attack conditions to verify their effectiveness without impacting legitimate users.

Security Architecture and Implementation
Defense in Depth Strategy
Application Layer Security: Applications implement multiple layers of security controls that provide overlapping protection. Input validation occurs at multiple points: client-side validation for user experience, server-side validation for security, and database-level constraints for data integrity. Authentication mechanisms include primary authentication, secondary factor verification, and session management with appropriate timeout and rotation policies. Authorization implements both role-based and attribute-based access controls with fine-grained permission matrices.

Infrastructure Security Hardening: Infrastructure security extends beyond basic configuration to include comprehensive hardening practices. Operating systems undergo security hardening that removes unnecessary services, applies security patches, and configures security settings according to industry benchmarks. Network security implements microsegmentation that limits lateral movement, with application-level firewalls that provide deep packet inspection. Database security includes transparent data encryption, network encryption, and access logging with automated anomaly detection.

Data Protection Throughout Lifecycle: Data protection mechanisms address data security from creation through disposal. Data classification systems automatically tag sensitive data with appropriate protection levels. Encryption key management implements hierarchical key structures with regular rotation and audit trails. Data loss prevention systems monitor data movement and prevent unauthorized data exfiltration. Data retention policies automatically archive or delete data according to business and regulatory requirements.

Security Automation and Orchestration
Automated Threat Response: Security automation responds to threats with minimal human intervention while maintaining appropriate oversight. Intrusion detection systems automatically isolate suspected compromised systems while preserving forensic evidence. Malware detection triggers automated remediation that removes threats and rebuilds affected systems from known-good configurations. Account compromise detection automatically disables affected accounts, rotates credentials, and initiates investigation workflows.

Compliance Automation: Automated compliance systems continuously validate adherence to regulatory requirements and organizational policies. Configuration drift detection identifies when systems deviate from approved baselines and automatically remediate common issues. Compliance reporting generates evidence packages for auditors that include configuration snapshots, access logs, and security test results. Policy violations trigger automated workflows that notify responsible parties and track remediation progress.

Security Orchestration Workflows: Security orchestration platforms coordinate complex security processes across multiple tools and teams. Incident response workflows automatically gather relevant information, notify appropriate personnel, and coordinate response activities. Vulnerability management processes automatically prioritize threats based on business impact, coordinate patching activities, and verify remediation effectiveness. Security assessment workflows schedule and coordinate penetration testing, vulnerability scanning, and compliance audits.

Operations Excellence in DevSecOps
Infrastructure as Code Security
Security-First Infrastructure Design: Infrastructure as Code templates embed security principles from initial design. Network architectures implement security zones with appropriate access controls and monitoring. Compute resources include security agents and monitoring tools by default. Storage systems automatically configure encryption, access logging, and backup procedures. Load balancers and API gateways include DDoS protection, rate limiting, and security monitoring.

Automated Infrastructure Validation: Infrastructure deployment includes comprehensive security validation before resources become operational. Configuration scanning validates security settings against organizational baselines and industry standards. Network connectivity testing ensures that security groups and network ACLs provide appropriate isolation. Compliance checking validates that deployed infrastructure meets regulatory requirements. Performance testing ensures that security controls don’t negatively impact system performance.

Continuous Infrastructure Security: Operational infrastructure undergoes continuous security monitoring and adjustment. Configuration drift detection identifies unauthorized changes and automatically restores approved configurations. Vulnerability scanning regularly assesses infrastructure components and coordinates patching activities. Capacity monitoring ensures that security controls scale appropriately with system load. Cost optimization balances security requirements with operational efficiency.

Monitoring and Observability
Comprehensive Security Monitoring Security monitoring provides visibility into all aspects of system security. Application monitoring tracks authentication attempts, authorization decisions, and data access patterns. Infrastructure monitoring observes network traffic, system resource usage, and configuration changes. User behavior analytics identify unusual patterns that may indicate compromised accounts or insider threats. Threat intelligence integration provides context about emerging threats and attack patterns.

Real-Time Alerting and Response: Alerting systems provide timely notification of security events while minimizing false positives. Machine learning algorithms establish baseline behavior patterns and identify anomalies that warrant investigation. Alert correlation combines related events into coherent incident narratives. Escalation procedures ensure that critical security events receive appropriate attention and resources. Response time tracking measures the effectiveness of security operations.

Security Analytics and Intelligence: Security analytics platforms process large volumes of security data to identify trends and patterns. Behavioral analytics establish normal patterns for users, systems, and applications. Threat hunting processes proactively search for indicators of compromise. Security metrics provide visibility into security posture trends and the effectiveness of security controls. Predictive analytics identify potential security issues before they become active threats.

Operational Resilience
Business Continuity and Disaster Recovery: Security considerations are integrated into business continuity planning to ensure that recovery processes don’t compromise security. Backup systems include security monitoring and access controls equivalent to production systems. Disaster recovery testing validates that security controls function correctly in recovery scenarios. Incident response plans address scenarios where security incidents trigger business continuity procedures. Recovery time objectives include requirements for security control restoration.

Change Management Integration: Change management processes include security impact assessment and approval procedures. Emergency changes include expedited security review processes that maintain security standards while enabling rapid deployment. Change rollback procedures include security validation to ensure that rollbacks don’t introduce security vulnerabilities. Change communication includes security teams in planning and notification processes.

Capacity and Performance Management: Capacity planning includes security control resource requirements to ensure that security systems scale appropriately with business growth. Performance management includes security control impact assessment to ensure that security doesn’t compromise user experience. Resource optimization balances security requirements with cost considerations. Scalability testing includes security controls to validate that they perform effectively under increased load.

Cross-Domain Integration Strategies
Cultural and Organizational Transformation
Shared Responsibility Models: Organizations implement shared responsibility frameworks that clearly define security responsibilities across development, security, and operations teams. Development teams own application security, including secure coding practices, security testing, and vulnerability remediation. Security teams provide security architecture guidance, threat intelligence, and specialized security services. Operations teams maintain infrastructure security, including patching, monitoring, and incident response. Clear interfaces between teams prevent security gaps while avoiding duplicate responsibilities.

Security Skills Development: Comprehensive training programs ensure that all teams have appropriate security knowledge for their responsibilities. Developers receive secure coding training, threat modeling education, and security testing instruction. Operations personnel learn infrastructure security, incident response, and compliance management. Security professionals develop understanding of development and operations processes to provide effective guidance and support. Cross-training programs ensure that teams can collaborate effectively and provide backup coverage.

Communication and Collaboration Frameworks: Structured communication processes ensure effective information sharing between teams. Regular security briefings keep all teams informed of emerging threats and organizational security priorities. Incident post-mortems include representatives from all affected teams to ensure comprehensive learning. Security architecture reviews include development and operations input to ensure that security designs are practical and implementable. Feedback loops ensure that operational experience informs security design decisions.

Metrics and Continuous Improvement
Integrated Performance Measurement: Metrics frameworks measure DevSecOps effectiveness across all three domains. Development metrics include security defect rates, security test coverage, and security requirement completion. Security metrics encompass threat detection effectiveness, incident response times, and compliance adherence. Operations metrics track system uptime, security control performance, and infrastructure vulnerability rates. Combined metrics provide holistic views of DevSecOps maturity and effectiveness.

Continuous Process Optimization: Regular assessment and improvement processes ensure that DevSecOps practices evolve with organizational needs and threat landscapes. Process retrospectives identify inefficiencies and improvement opportunities. Benchmarking against industry standards provides context for organizational performance. Pilot programs test new tools and processes before organization-wide implementation. Feedback collection ensures that process changes address real operational challenges.

This integrated approach to DevSecOps ensures that software development, security, and operations work together seamlessly to deliver secure, reliable, and efficient systems while maintaining the agility and speed that modern businesses require.

Resources and Cost Optimization Strategy in AWS

Daniel Muthoni — Sat, 11 Jan 2025 04:45:53 +0000

Amazon Web Services (AWS) offers a comprehensive suite of cloud computing services. While these services provide businesses with flexibility, scalability, and innovation opportunities, optimizing resource usage and costs is vital to avoid overspending and maximize value. Below is a detailed exploration of strategies to optimize AWS resources and reduce costs.

1. Understand AWS Billing and Costs

AWS operates on a pay-as-you-go pricing model. To start optimizing, it's critical to understand how billing works:

AWS Pricing Models:

On-Demand: Pay for compute or database capacity by the hour or second without long-term commitments.
Reserved Instances (RI): Commit to usage for 1 or 3 years for discounts of up to 75%.
Spot Instances: Use spare AWS capacity for discounts of up to 90%.
Savings Plans: Commit to consistent usage for significant discounts on EC2, Lambda, and Fargate.
AWS Cost Explorer and Budgets: Use AWS Cost Explorer to visualize and analyze spending patterns. Set up AWS Budgets for alerts when costs exceed predefined thresholds.

Rightsize Resources

Rightsizing involves matching resources to actual demand to avoid over-provisioning or under-utilization:

Analyze Instance Usage: Use the AWS Trusted Advisor to identify underutilized or idle EC2 instances. Resize instances using Amazon EC2 Auto Scaling or switch to smaller instance types.
Review EBS Volumes: Delete unused Elastic Block Store (EBS) volumes. Switch to lower-cost volume types like general-purpose SSD (gp3) or Cold HDD (sc1) for infrequent access.
Optimize RDS Instances: Leverage RDS Storage Auto Scaling. Use Aurora Serverless for variable workloads.

Utilize Elasticity

AWS enables businesses to scale resources dynamically based on demand:

Auto Scaling Groups: Automatically increase or decrease EC2 instances based on predefined policies. Use predictive scaling to anticipate future demand.
Serverless Architectures: Adopt AWS Lambda to pay only for execution time. Use Amazon API Gateway and AWS Step Functions to reduce infrastructure management costs.
Spot Instances:Incorporate spot instances into workloads that can handle interruptions, such as batch processing or data analysis.

Leverage Cost-Effective Storage Solutions

AWS provides a variety of storage solutions for different needs:

S3 Storage Classes: Use S3 Standard for frequently accessed data. Switch to S3 Intelligent Tiering for automatic cost optimization. Use S3 Glacier or S3 Glacier Deep Archive for archival data.
EFS and FSx: Use Amazon Elastic File System (EFS) Infrequent Access storage class for cost savings. Migrate legacy file systems to Amazon FSx for managed file storage.
Lifecycle Policies: Implement lifecycle policies to transition data between storage classes automatically.

Optimize Data Transfer Costs

Data transfer costs can quickly escalate if not managed properly:

Use Content Delivery Networks (CDN): Use Amazon CloudFront to cache content and reduce outbound data transfer costs.
Leverage AWS Direct Connect: For consistent, high-volume data transfer, use AWS Direct Connect to reduce bandwidth costs.
Minimize Cross-Region Data Transfer: Architect systems to avoid unnecessary cross-region traffic by deploying resources closer to end-users.

Monitor and Optimize Networking

Networking optimizations can significantly cut costs:

Optimize Load Balancers: Use Application Load Balancer (ALB) for HTTP/HTTPS traffic. Turn off unused Elastic Load Balancers (ELBs).
Use Private IPs: Reduce costs by routing traffic through private IPs instead of public IPs when possible.

Leverage Discounts and Savings

AWS offers several options to save money with upfront commitments:

Savings Plans: Choose Compute Savings Plans for flexibility across EC2, Fargate, and Lambda. Use EC2 Instance Savings Plans for specific EC2 instance families.
Reserved Instances: Commit to 1- or 3-year terms for predictable workloads.
Enterprise Discount Program (EDP): Negotiate volume-based discounts for large-scale AWS usage.

Implement Resource Tagging and Governance

Tagging resources can improve cost visibility and management:

Tagging Strategy: Use tags like Environment, Department, and Project to attribute costs accurately. Enforce tagging compliance using AWS Config Rules.
Resource Policies: Use Service Quotas to limit the use of specific resources. Regularly review and clean up unused or orphaned resources.

Automate Cost Optimization

Automation reduces manual efforts in identifying and resolving inefficiencies:

AWS Trusted Advisor: Regularly review cost optimization recommendations.
AWS Compute Optimizer: Use Compute Optimizer to get insights on EC2, Lambda, and Auto Scaling performance and cost.
Third-Party Tools: Consider tools like CloudHealth or Spot.io for advanced cost management.

Foster a Culture of Cost Awareness

Cost optimization isn't a one-time activity; it requires ongoing vigilance and awareness:

Train Teams: Educate teams about AWS pricing models and optimization techniques.
Cost Allocation Reports: Share cost reports with stakeholders to drive accountability.
Regular Reviews: Schedule regular audits to identify and act on inefficiencies.

Conclusion
AWS offers unparalleled flexibility and scalability, but without a deliberate strategy, costs can spiral. By right-sizing resources, leveraging automation, adopting cost-effective storage and computing models, and fostering a culture of cost awareness, businesses can optimize their AWS usage and achieve significant savings. The key to successful cost optimization lies in continuous monitoring, periodic reviews, and adapting strategies as needs evolve.

Using PostgreSQL With Laravel

Daniel Muthoni — Thu, 05 Oct 2023 11:42:41 +0000

In this article, I'll illustrate how to establish a connection between Laravel applications and a PostgreSQL database.

What advantages does PostgreSQL offer over the MySQL Database Engine?

MySQL is a relational database management system that lets you store data as tables with rows and columns. It’s a popular system that powers many web applications, dynamic websites, and embedded systems. PostgreSQL is an object-relational database management system that offers more features than MySQL. It gives you more flexibility in data types, scalability, concurrency, and data integrity.

1. Installation
Download PostgreSQL to your pc from

https://www.postgresql.org/download/

Then Install.

2. php.ini
MySQL is the default therefore there’s need to activate PostgreSQL for use with PHP on your pc by editing the php.ini

Search for these two lines within your php.ini and remove the “;” in front of each:

;extension=pdo_pgsql
;extension=pgsql

to (notice that “;” was removed)

extension=pdo_pgsql
extension=pgsql

3. .env
Change the following as appropriate within the Laravel’s .env file (all the defaults are ok except DB_DATABASE and DB_PASSWORD that you may have to change):

DB_CONNECTION=pgsql
DB_HOST=127.0.0.1
DB_PORT=5432
DB_DATABASE=database_name
DB_USERNAME=postgres
DB_PASSWORD=your_choosen_password

4. config/database.php

Go to Config/database.php and change the following lines.

'default' => env('DB_CONNECTION', 'pgsql'),

4. Migration

Create your migration files as usual and run the migration.

Monitoring Amazon EC2 with CloudWatch and SNS Notifications.

Daniel Muthoni — Sun, 27 Aug 2023 03:39:27 +0000

Monitoring Amazon Elastic Compute Cloud (Amazon EC2) instances is crucial for maintaining the health, performance, and availability of your applications and infrastructure. Amazon CloudWatch, a monitoring and management service, provides a comprehensive suite of tools for monitoring various AWS resources, including EC2 instances. Additionally, you can use Amazon Simple Notification Service (SNS) to receive notifications based on CloudWatch alarms, enabling you to promptly respond to any issues or anomalies. This integration helps you ensure that your EC2 instances are operating efficiently and that any potential problems are addressed in a timely manner.

Pre-Requisites:

AWS Account: You must have an active AWS account. If you don't have one, you can sign up for an AWS account on the AWS website by providing the necessary information.

Launch an EC2 Instance and install necessary packages

We will initiate the launch of an EC2 instance employing the Amazon Linux 2023 AMI. This instance will utilize the t3a.small instance type, and the default settings will remain unchanged. However, feel free to modify these settings according to your needs. To demonstrate the process, I've configured SSH Access to be permitted from MyIP. Nevertheless, I strongly advise you to adopt a more precise access approach, such as using MyIP, to enhance security in practical scenarios.

In the userdata section, you can include the following commands to install the AWS CloudWatch Agent and set up the configuration file:

#!/bin/bash -xe

echo --- install packages ---
dnf update && dnf install -y amazon-cloudwatch-agent-1.247358.0-1.amzn2023.x86_64 \
    gcc \
    ec2-instance-connect \
    aws-cfn-bootstrap.noarch \
    openssh-8.7p1-8.amzn2023.0.4.x86_64 \
    rsyslog-8.2204.0-3.amzn2023.0.2.x86_64

echo --- create cw agent config file ---
cat << EOF > /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
{
  "agent": {
    "run_as_user": "root"
  },
  "logs": {
    "logs_collected": {
      "files": {
        "collect_list": [
          {
            "file_path": "/var/log/secure",
            "log_group_name": "SSHunsuccessfulattempt",
            "log_stream_name": "{instance_id}",
            "retention_in_days": 3,
            "timestamp_format": "%b %d %H:%M:%S"
          }
        ]
      }
    }
  }
}
EOF

echo --- starting the cloudwatch agent ---
systemctl start amazon-cloudwatch-agent.service

echo --- modify sshd to log to file ---
systemctl stop sshd
sed -i 's|RestartSec=42s|RestartSec=42s\nStandardOutput=syslog\nStandardError=syslog\n|g' /lib/systemd/system/sshd.service
systemctl daemon-reload
systemctl start sshd

echo --- start syslog ---
systemctl start rsyslog

/opt/aws/bin/cfn-signal -e 0 --stack "ec2monitoring" --region "us-west-2" --resource MonitorCloudWatchLabInstance

Instructions

To confirm that the Amazon CloudWatch agent is running, you can use the following command:

sudo systemctl status amazon-cloudwatch-agent.service

Running this command in your terminal will provide information about the current status of the CloudWatch agent service, including whether it's active and running, any recent logs, and more. This will help you verify that the CloudWatch agent has been successfully started and is operational on your EC2 instance.

To view the configuration file of the Amazon CloudWatch agent, you can use the more command or any text viewer of your choice. The configuration file is typically located at /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json. Here's the command to view the configuration file using more:

more /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json

Running this command in your terminal will display the contents of the CloudWatch agent's configuration file, allowing you to inspect the settings and configurations that you've defined for the agent's behavior.

To view log files, in the terminal session, enter the following.

cd /var/log
ls

Open up a real-time display of the secure log file:

sudo tail -f secure

In the AWS Management Console search bar, enter cloudwatch, and click the CloudWatch result under Services:

Create SNS TOPIC

Create Subscription

Email Confirmation

Certainly, here's a concise recap of the progress you've made:

EC2 Instance:

Configured and launched an EC2 instance with CloudWatch log agent running as a service.

CloudWatch Logging:

Created a CloudWatch Log Group and Log Stream to capture logs from the EC2 instance's "secure" log file.

SNS Notifications:

Established an SNS topic and subscription, ready to receive push notifications triggered by CloudWatch alarms.

Cont'

Navigate back to CloudWatch, and click Alarms > All alarms:

Create Alarm.

In the search bar in the Metrics section, enter Incoming log events and press enter:
Select Account Metrics -> IncomingLogEvents

Now click on Graphed metrics, and select the following:

1 Minute as Period
Sum as Statistic.

In the Conditions section, enter and select:

Whenever IncomingLogEvents is...: Select Greater/Equal
Than: Enter 2

In the Notification section, click in the Send a notification to... box and select your ssh-fails topic:
The alarm is created and is now listed on the Alarms page. The valid States for an alarm are:

In alarm - The alarm was triggered
OK - The Alarm was not triggered, status is normal
Insufficient data - Not enough data exists to either set 
    an Alarm or set the status to OK.

_From the Log groups page of CloudWatch, notice the Metric Filters column has no value. _

Although the Alarm is created, you have not set up a Metric Filter yet. You need to do that next so you can match against a specific pattern within the logs sent from your EC2 instance to CloudWatch.

Select the checkbox for the SSHfail Log Group, then click Actions > Create Metric Filter:

[Mon, day, timestamp, ip, id, status = Invalid, ...]

Enter the following:

Create filter name:
Filter Name: InvalidSSHUsers
Metric details:
Metric name: Enter ssh-fails
Metric namespace: Enter ssh-fails
Metric value: Enter 2

At the bottom of the page, click Next, and then click Create metric filter:

Attempt to SSH into your running EC2 instance again as the invalid user "Daniel", and then attempt several failures in a row.

Tip: Once you see the failed notification on the EC2 Instance Connect page, you can refresh the browser page several times to rack up several failed logins.

Aim for five or six attempts. Anything over two will raise an alarm.

After a minute or two, your alarm should be raised. Once raised, if not violated again, it will settle and reset on its own. That is, the alarm should transition to an OK state within a few minutes of no violations:

In conclusion, you've successfully orchestrated a monitoring and notification framework for your Amazon EC2 instance using AWS CloudWatch and Simple Notification Service (SNS). By configuring and launching an EC2 instance with the CloudWatch log agent, you've ensured the seamless collection and transmission of logs and metrics. The setup of a CloudWatch Log Group and Log Stream guarantees the efficient management and analysis of collected logs. Furthermore, the creation of an SNS topic, along with a subscription, positions you to receive prompt notifications via push notifications whenever CloudWatch alarms are triggered.

This integrated solution empowers you to proactively monitor the health and performance of your EC2 instance, centralize log management, and stay informed about critical events. Through these steps, you've taken significant strides in fortifying your AWS environment's reliability, security, and operational efficiency. As you continue to refine and adapt this framework, you'll be better equipped to ensure the uninterrupted operation of your applications and services.

How to associate AWS Elastic IP Address with AWS EC2 Linux Server.

Daniel Muthoni — Tue, 24 Jan 2023 17:19:57 +0000

This video provides a solution to this problem.

The auto-assigned public IP address associated with my Amazon Elastic Compute Cloud (Amazon EC2) instance changes every time I stop and start the instance. How can I assign a static public IP address to my Windows or Linux EC2 instance that doesn't change when I stop/start the instance?