RHEL

Recently I’ve been working with Squid as a proxying solution to protect AWS VPCs, I wrote a short quick reference to get started with that provides simple site whitelist functionality. The instance hosting Squid can be put into a public subnet with an internet gateway such that instances in other subnets with access to the public subnet can reference it1 for controlled internet egress to allowed sites. This is great for AMI baking, querying external APIs (such as Amazon services that don’t have a VPC endpoint) and generally any stateful outbound access. [Read More]

I spent some time on this in the week and there was some wrestle involved in setting up an Elastic Network Interface to be used with an autohealing EC2 instance, I thought it would be worth sharing the pattern if someone has to design a service in a similar fashion. If designed correctly, a new instance will reassociate to the address in the event of an instance termination and the consuming entities can keep querying the newly instantiated service on the instance. [Read More]