AWS on Steyn Huizinga

How Cloudar Drives Industry 4.0 Innovation

Tue, 11 Feb 2025 14:15:00 +0200

Introduction

The Fourth Industrial Revolution, or Industry 4.0, is transforming the way industries operate by integrating advanced technologies such as IoT, AI, and big data analytics. Companies need expert guidance to navigate this shift efficiently. Cloudar, an AWS Premier Consulting Partner, plays a crucial role in helping businesses leverage cloud technologies to build scalable, secure, and efficient Industry 4.0 applications.

Why Cloudar for Industry 4.0?

Cloudar specializes in AWS solutions tailored for Industry 4.0 needs, ensuring seamless cloud adoption and integration. With deep expertise and a customer-centric approach, with Cloudars 100% focus on AWS, Cloudar helps businesses harness the power of AWS to drive innovation and operational excellence.

Improving IAM policies

Thu, 28 Sep 2023 09:00:00 +0200

Security is a shared responsibility

As you might have read in my previous posts, public cloud itself should be considered as very secure. For major cloud providers such as AWS security is key. Security incidents would destroy AWS’ business so they are fully committed to prevent this from happening. Their almost unlimited access to security talent, extensive knowledge, years of experience, enormous budget, benefit of building things from scratch etc etc are indicators that security is serious business. And looking at the reported incidents compared to the size and scope of their services is impressive. If you are wondering which incidents have been reported, see here. No doubt about security of the cloud.

High-performance computing on AWS

Thu, 29 Jun 2023 09:00:00 +0200

How does High-Performance Computing differs from regular computing?

Today’s server hardware is powerfull enough to execute most compute tasks. With common compute resources most (serial) computing challenges can be solved. However, some tasks are very complex and require a different approach. Think of cases that require improved speed and efficiency, ability to handle large datasets and flexibility etc. For this HPC will bring massive parallel computing, cluster and workload managers and high-performance components to the table.

Amazon Linux 2023

Fri, 07 Apr 2023 14:15:00 +0200

Earlier this month AWS has released Amazon Linux 2023, in short AL2023. Amazon Linux is a Linux distribution maintained by AWS. It is no suprise that the main purpose of this distribution is an optimized experience for running on AWS as it comes with features and intergration with AWS-specific tools. Besides an Amazon Linux Image the distribution is also offered as an container image.

AL2023 is the last generation of Amazon Linux, the successor of the initial version Amazon Linux and Amazon Linux 2. With the release of AL2023 AWS will release a new major version every two years. According to the cadence we can expect AL2025, AL2027 and so on. With every upcoming release the current release will go from Standard to Maintanance support (security patches only) to be retired after 3 years. This means that a major version has a supported lifespan of 5 years, which is fairly long in cloud. The new versioning and cadence is new for those that are familiar with the versions Amazon Linux and Amazon Linux 2. The previous versions were a rolling release, while from AL2023 (or in hindsight AL2) onwards a new major version will be released every 2 years.

Getting started with sustainability

Mon, 20 Mar 2023 09:00:00 +0200

Sustainability is an important topic. This is not without a reason, since sustainability is key in preserving our planet. The combined world of sustainability and cloud is getting more and more traction. The investements pay off: we get more capabilities to work with and now it’s time to start harvesting. The urgency is also there. ICT, including cloud, is responsible for 3% of the global greenhouse gasses emissions. We, as consumers of cloud resource, easily have impact since making changes to your cloud environment can be done easily (e.g. no hardware to write off).

The five common mistakes on S3

Tue, 26 Jul 2022 10:30:00 +0200

In general the cloud object store Amazon S3 is pretty straightforward to use, but mistakes are easily made. The service itself is proven to be secure (“security of the cloud”), reliable and performant. However, misconfiguration by the owner of the S3 buckets can give a totally different experience (“security in the cloud”). In this blog the five most common mistakes will be addressed as a learning experience.

Configure OpenID Connect for GitLab and AWS

Tue, 15 Mar 2022 21:15:00 +0200

We do encounter a mix of DevOps tools being used in cloud project. For reasons we do prefer to work with AWS native tools and services. One of the reasons (but certainly not limited to that) for that opinion is that native tools provide seamless integration with the fundamentals of AWS itself. Think of tight integration with AWS Identity and Access Management (IAM) or AWS CloudTrail. In AWS it’s common to assign roles to resources. For exampl,e steps in CodeBuild (‘build runners’ in CodePipeline) have an IAM role with least-privileged policies assigned to grant access to the platform. Roles are using short-lived credentials and are provided natively by the platform. The time to live varies per service, but mostly anything between 15 minutes and 6 hours. Way shorter than static credentials, which are most likely to be rotated every 90 days in theory. The reality is that rotating static credentials manually is a big hassle and (almost) nobody does it.

Limiting access using geographic restrictions

Thu, 03 Mar 2022 15:15:00 +0200

The world is on fire. We’re heading towards - or exactly it already is - a humanitarian disaster in Ukraine. We’ve all seen the heartbreaking footage from the war. Thousands of homeless people fighting and fearing for their lives. I’ve written this blog to help. I do know that a large number of government websites are hosted on AWS.

The conflict between Ukraine and Russia is expanding with cyber warfare. There is fighting on the ground, but also online. Government websites are taken down, broadcasting companies are being hacked, etc. Everything is done to manipulate and disrupt communication technologies. Although most attacks will be sophisticated, there are some simple measurements in AWS you can take to make it more difficult for attackers. It will not be 100% waterproof. Hackers often use Tor-networks and Command and Control-machines. But every bit helps.

Amazon Inspector 2 - What's new?

Mon, 03 Jan 2022 11:30:00 +0200

Six years after the initial launch AWS announced the new Amazon Inspector. The launch took place during re:Invent 2021. With this launch the previous version has been renamed to Amazon Inspector Classic. The new Amazon Inspector is rearchitected to support a wider range of workloads and simplified workflow management.

Scale with simplified management

The management of Inspector 2 has been simplified. Enabling and configuring the service can be done with a few API calls or, if you persist on manual labor, a few clicks in ClickOps. To give an idea of the steps needed to enable Inspector for both existing and new member accounts, the steps are listed below.

Exploring FinOps KPI's to measure the true value of the cloud

Fri, 05 Nov 2021 14:45:00 +0200

Michel Zitman (Cloud Financial Management Practice Lead at Oblivion) shares his best practices on how to build efficient FinOps KPIs and demonstrates the importance they have on your FinOps Governance. Cloud cost management appears to be a challenging subject in the majority of organizations. From our experience we have concluded that 35% of cloud spend is actually wasted as a result of over-provisioned resources alone. And given the fact that, on a global scale, we are only at the beginning of cloud adoption, it’s time for action.

Keeping up with your cloud knowledge

Fri, 05 Nov 2021 10:45:00 +0200

Livestream session to talk with Maheshwar, Developer Evangelist at AWS, about how to keep up to date with your knowledge on AWS.

Guests: Sohan Maheshwar (AWS)

Best practices for optimizing cost and performance of your Microsoft workloads on AWS

Fri, 05 Nov 2021 09:00:00 +0200

Why is it important to optimize costs? TCO has two main components: infrastructure cost and software licenses cost. The usual optimization scenario is when a customer wants to find compute, storage and licensing configuration that reaches the desired performance level at minimum cost. When you run SQL Server workloads, licensing makes up the majority of the TCO, so this is where you want to optimize. In this session we are going to cover basics of Microsoft licensing on AWS and best practices for compute and licensing optimization of SQL Server workloads on AWS. And finally we will discuss how AWS Optimization and Licensing Assessment (AWS OLA) can help you to see potential cost savings when migrating your Windows Workloads to AWS.

DSM's cloud native journey

Tue, 02 Nov 2021 14:00:00 +0200

Together with Mark Boon (Senior Digital Engineer @ DSM), Andrès Koetsier (cloud consultant at Oblivion) goes in-dept into how DSM adopted a cloud-native way of working to rapidly develop new applications to solve sustainable challenges.

Guests: Mark Boon (DSM) and Andrès Koetsier (Oblivion)

Data & Security in the cloud

Tue, 02 Nov 2021 12:30:00 +0200

Martijn Doedens (Cloud Security Consultant at Oblivion) and Niels Zeilemaker (CTO at GoDataDriven) summarise the current state of secure data processing in the (AWS) cloud. We cover the specific services related to data and the services that are used to standardise secure landing zone, actual risks and threats that our customers face when processing big data on AWS and which configurations (aka best practices) you should always implement.

Securing your secrets in the cloud

Tue, 02 Nov 2021 12:00:00 +0200

Have you spotted access keys in code? Putting it directly in your code might not be a good idea. Maybe you saw that Kubernetes offers secrets for this. Have you found your Kubernetes secrets to be readable by everyone? So where do you put your secrets in a secure way? In this session we will look at various solutions, such as Hashicorp Vault, Kubernetes, and solutions offered by AWS.

Threat detection and response in the cloud

Tue, 02 Nov 2021 11:30:00 +0200

In this session we talk about how to do detection and response in the AWS public cloud and what native AWS services can be used to do this. What options are available and what (if any) 3rd party solutions play a role here? If it was up to us, what are the top use cases a security operations.

Compelling reasons to adopt the public cloud

Mon, 01 Nov 2021 16:30:00 +0200

Jeroen van der Leer discusses five main reasons modern organizations choose to adopt the public cloud - and why you should too.

Guests: Jeroen van der Leer (Oblivion)

First glance at AWS CloudFormation Guard 2.0

Tue, 18 May 2021 22:15:00 +0200

Yesterday AWS CloudFormation Guard version 2.0 was introduced. Guard is an open source tool that can be used to validate CloudFormation templates against certain rules. You can use it for linting your templates both on syntax and semantics. Linting tools are essential in CI/CD pipelines and an powerful addition when it comes to validating structured and human-readable files such as JSON and YAML. In your delivery pipelines you would preferably run linting tests as early as possible, before proceeding to steps such as compile and deploy steps et cetera(fail-fast).

Defense in depth matters

Wed, 12 May 2021 22:10:56 +0200

Recently a nasty vulnerability in AWS CloudShell was reported by Google’s Project Zero. Due to a bug in the library handling interaction with the shell and the browser an attacker could trigger remote code execution. AWS CloudShell is a browser based shell which gives a pre-authenticated web-based shell. The service most-often used by a user with administrator privileges on the AWS console.

Via remote shell the credentials of the user starting AWS CloudShell can be obtained and can be used to call AWS services. Needless to say what the potential impact could have been. It would be easy to blame the developers for this vulnerability, but that would be too short sighted. In general we all know that software is written by humans and that humans are prone to error. We need a more comprehensive approach to protect our digital assets and reputation.

Optimizing your security footprint in AWS — part 2

Wed, 31 Mar 2021 09:34:32 +0100

In the last few years the costs for running security went skyrocketing. We’ve seen an explosion of security solutions, all fighting for their own place in cybersecurity. I’m pretty sure each solution has its purpose, but from a CISO perspective the landscape is getting more complex and more expensive each year, or friendly phrased: less cost-effective.

Public cloud is the main driver for innovation. With the arrival of new thinking, new capabilities and reinventing how we run IT things have changed tremendously.

Optimizing your security footprint in AWS — part 1

Tue, 23 Mar 2021 14:17:49 +0100

Public cloud is the main driver for innovation. With the arrival of new thinking, new capabilities and reinventing how we run IT things have changed tremendously.