- Understand and check Service Quota of ECS/Fargate and other related services
- Cluster
- CDK for ECS: blog
Viacheslav Vasilyev avoidik
avoidik
/ 1_ecs_note.md
Created
November 9, 2021 01:40
— forked from ejlp12/1_ecs_note.md
ECS Best Practices Notes
avoidik
/ eks_best_practice.md
Created
November 9, 2021 01:39
— forked from ejlp12/eks_best_practice.md
EKS Best Practice
Please check https://aws.github.io/aws-eks-best-practices/ for more comprehensive EKS best practice!
- Think about multi-tenancy, isolation for different environment or different workload
- Isolation at account level using AWS organization
- Isolation at the network layer ie. different VPC & different cluster
- Use different Nodes Group (Node pool) for different purpose/category e.g. create dedicated node groups for Operational tools such as CI/CD tool, Monitoring tool, Centralize logging system.
- Separate namespace for different workload
Reliability | Principles
avoidik
/ telegraf.conf
Created
September 29, 2021 15:52
— forked from pacohope/telegraf.conf
Telegraf config for FreeBSD on EC2 using CloudWatch on AWS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generic, basic /usr/local/etc/telegraf.conf file for FreeBSD | |
| # Gathers some basic metrics and transmits them to cloudwatch | |
| # Be sure to set the region below | |
| [agent] | |
| interval = "10s" | |
| round_interval = true | |
| metric_batch_size = 1000 | |
| metric_buffer_limit = 10000 | |
| collection_jitter = "0s" |
avoidik
/ FreeBSD-11-ec2-cloudwatch.md
Created
September 29, 2021 15:52
— forked from pacohope/FreeBSD-11-ec2-cloudwatch.md
FreeBSD 11 on AWS EC2, with CloudWatch Logs and EC2 Metrics
This is how you would create a livable FreeBSD instance on EC2 by hand. The smart thing to do is to automate most of these actions. But I do it this way so you can see and understand all the different techniques. I want to create FreeBSD instances in EC2 and I want some of the management benefits that come from native AWS technologies like CloudWatch. It can be done, but it takes a bit of extra work because FreeBSD isn't Linux, and AWS doesn't directly support FreeBSD.
Before we go far, we will want some things setup in AWS IAM and VPC. I assume you have already created a VPC, decided what network numbers you're going to use, created a subnet and so on. If you haven't done those basic things, you need to go do them. I also assume you've created an ssh key and uploaded it to your AWS account.
avoidik
/ Uninstall-Pester.ps1
Created
July 31, 2021 18:11
— forked from nohwnd/Uninstall-Pester.ps1
Remove built-in version of Pester 3 (or -All) from Windows 10 Program Files and Program Files (x86).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| function Uninstall-Pester ([switch]$All) { | |
| if ([IntPtr]::Size * 8 -ne 64) { throw "Run this script from 64bit PowerShell." } | |
| #Requires -RunAsAdministrator | |
| $pesterPaths = foreach ($programFiles in ($env:ProgramFiles, ${env:ProgramFiles(x86)})) { | |
| $path = "$programFiles\WindowsPowerShell\Modules\Pester" | |
| if ($null -ne $programFiles -and (Test-Path $path)) { | |
| if ($All) { |
avoidik
/ logstash-cloudwatch.yml
Created
June 17, 2021 13:07
— forked from callum-p/logstash-cloudwatch.yml
Deploys lambda functions to forward cloudwatch logs to logstash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: Deploys lambda functions to forward cloudwatch logs to logstash | |
| Parameters: | |
| coreNetworkingStackName: | |
| Type: String | |
| Resources: | |
| lambdaRole: | |
| Type: "AWS::IAM::Role" | |
| Properties: |
avoidik
/ log-forwarding-with-etw.ps1
Created
June 10, 2021 12:24
— forked from ajpc500/log-forwarding-with-etw.ps1
Quick-and-dirty PowerShell script to install Sysmon (SwiftOnSecurity config), SilkService and Winlogbeat, and forward logs to HELK based on IP set in environment variable "HELK_IP" (see Line 233).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
| $wc = New-Object System.Net.WebClient | |
| if (!(Test-Path "C:\Tools")) { | |
| New-Item -Path "C:\" -Name "Tools" -ItemType "directory" | |
| } | |
| # SYSMON | |
| # Download Sysmon | |
| $SysmonDirectory = "C:\Tools\Sysmon\" |
avoidik
/ aws-auth-cm.sh
Created
May 22, 2021 17:31
— forked from pmatv/aws-auth-cm.sh
Map IAM group to EKS ConfigMap
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -o errexit | |
| set -o nounset | |
| set -o pipefail | |
| IAM_GROUP=${1:-admins} | |
| EKS_ROLE_ARN=${2:-arn:aws:iam::111122223333:role/eks-node-role} | |
| RBAC_GROUP=${3:-system:masters} |
avoidik
/ kcgroups.md
Created
April 24, 2021 21:10
— forked from mcastelino/kcgroups.md
Kubernetes and cgroups Resource Management/Static cpuManagerPolicy/Memory and Resource Isolation & Scheduling
The goal of this document to cover all aspects of Kubernetes management, including how resources are expressed, constrained and accounted for. This started a way to ensure that alternate container runtime implementation like Kata containers will behave from a resource accounting and consumption point of view in the same manner as runc.
Location of the latest version of this document: https://gist.github.com/mcastelino/b8ce9a70b00ee56036dadd70ded53e9f
If you do not understand cgroups please refer to a quick primer at the bottom of this document. This will help you understand how the resource enforcement actually works.
avoidik
/ wsl2-network.ps1
Created
April 1, 2021 10:42
— forked from daehahn/wsl2-network.ps1
WSL 2 TCP NETWORK FORWARDING
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # WSL2 network port forwarding script v1 | |
| # for enable script, 'Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser' in Powershell, | |
| # for delete exist rules and ports use 'delete' as parameter, for show ports use 'list' as parameter. | |
| # written by Daehyuk Ahn, Aug-1-2020 | |
| # Display all portproxy information | |
| If ($Args[0] -eq "list") { | |
| netsh interface portproxy show v4tov4; | |
| exit; | |
| } |