DEV Community: Ercan Ermiş

Notican: I Built an AI That Writes Your Engineering Docs From GitHub Automatically

Ercan Ermiş — Sun, 15 Mar 2026 18:59:38 +0000

This is a submission for the Notion MCP Challenge

What I Built

Notican is an Autonomous Engineering Intelligence Hub that connects GitHub to Notion using Claude AI. Every PR, commit, and issue becomes living documentation automatically. no manual work required.

When you merge a PR, Claude reads the diff and writes a Changelog entry. If the change is architectural, it generates an Architecture Decision Record. When you push API file changes, it updates your API Reference. Infrastructure changes trigger Runbooks.

GitHub issues become Notion tasks. And Notion tasks tagged for sync automatically create GitHub issues back.

Five databases. Zero effort. Always up to date.

Video Demo

[Record a short walkthrough: webhook firing, Claude analyzing the diff, Notion page appearing in real time]

Show us the code

https://github.com/flightlesstux/notican

Live site: https://notican.click

How I Used Notion MCP

Notion MCP is the write layer of the entire system. Every Claude-generated document flows into Notion through the MCP client; changelogs, ADRs, API references runbooks, and tasks. All writes are idempotent: each page is keyed by a GitHub external ID (PR number, commit SHA, issue number), so re-processing an event updates the page rather than duplicating it.

The bidirectional piece is what makes it truly powerful. A Notion task watcher polls every 60 seconds for tasks tagged github_sync. When it finds one, it calls the GitHub API to create an issue with full context, then marks the task synced. Notion becomes the single source of truth for the entire engineering workflow.

Navigating CAA DNS Records with AWS: A Deep Dive

Ercan Ermiş — Tue, 26 Sep 2023 11:34:37 +0000

Security and trust are at the heart of the digital landscape. In the realm of web security, SSL/TLS certificates, a staple for HTTPS, play a crucial role. As we seek continuous improvement in the certificate issuance process, AWS users can benefit from understanding the role of the CAA (Certificate Authority Authorization) DNS record.
What is a CAA DNS Record in the AWS Context?

CAA, short for Certificate Authority Authorization, is a type of DNS record that lets domain proprietors dictate which Certificate Authorities (CAs) can issue certificates for their domain. This is particularly pertinent for AWS users leveraging AWS Certificate Manager (ACM) to manage their SSL/TLS certificates.

For example, a CAA record might appear as:

ercanermis.com. CAA 0 issue "amazon.com"

This implies that only AWS ACM (represented by “amazon.com”) is permitted to issue certificates for ercanermis.com.

The CAA dig result may contain more than one record like below and it’s normal.

dig CAA ercanermis.com +short
0 issue "amazon.com"
0 issue "comodo.com"
0 issue "comodoca.com"
0 issue "letsencrypt.org"
0 issuewild "amazon.com"
0 issuewild "comodo.com"
0 issuewild "comodoca.com"
0 issuewild "letsencrypt.org"

Why AWS Users Need to Understand CAA DNS Records:

Enhanced Security on AWS: CAA records act as a barrier, preventing the accidental issuance of unauthorized certificates on your domain. This is essential for AWS users seeking to bolster their domain security in the AWS ecosystem.

Granular Control with ACM: With CAA records, AWS users get pinpoint control over their SSL/TLS certificates on ACM. This ensures that only trusted CAs, like ACM, are issuing certificates for their domain.

ACM’s Audit Mechanism: If ACM, or any CA, receives a certificate request for a domain with a CAA record that doesn’t list them, the CA will log the request and notify the domain owner. This provides AWS users with a transparent view of any unauthorized certificate requests.

Advantages for AWS Users:

Prevention of Unauthorized Certificates: By explicitly declaring ACM as the designated CA, AWS users can ward off unauthorized entities from obtaining valid certificates for their domain within the AWS framework.
Seamless Integration with AWS Services: Using CAA records in conjunction with ACM offers smooth integration with other AWS services, ensuring a streamlined workflow.
Unwavering Compliance: All CAs, including ACM, are mandated to check CAA records before certificate issuance, ensuring consistent security standards across the board.

Considerations:

ACM Maintenance: If AWS users decide to integrate or switch to another CA alongside ACM, they must remember to adjust their CAA records.
Propagation Delays: AWS users should be aware that DNS updates, including CAA records, might have propagation delays, potentially affecting the timeline for new certificate issuance within ACM.
Configuration Nuances: Incorrect CAA records could inadvertently block ACM from issuing legitimate certificates.

Transitioning to AWS ACM:

Before CAA records became standard, there was no uniform method allowing domain owners to express CA preferences. This meant any CA could issue a certificate for any domain, given they could validate ownership. AWS users now have a more secure, streamlined method with ACM and CAA records.
A Practical Example with AWS ACM and CloudFlare:

Imagine attempting to secure an SSL certificate via AWS ACM for ercanermis.com and *.ercanermis.com using email validation. If ercanermis.com has an existing CAA record (perhaps for another CA) and lacks a wildcard setup on CloudFlare, challenges might arise.

To navigate this:

Ensure you add a CAA record for AWS ACM (amazon.com) for your domain on CloudFlare.
For wildcard subdomains, ensure they are covered in the CAA record.

Remember, if you possess existing CAA records, introducing a new one doesn’t negate the old ones unless explicitly modified.

Ctrl+C and Ctrl+V party with GitHub Clone Helper!

Ercan Ermiş — Mon, 26 Jun 2023 10:12:08 +0000

Hello, fellow keyboard warriors and terminal whisperers! 🤓

Ever find yourself lost in the infinite sea of repositories on GitHub, and you’ve to clone a bunch of them? Now, we all know how it goes: copy the clone URL, open your terminal, type ‘git clone’, paste the URL, and hit Enter. Sounds easy, right? But what about the 50th time? The 100th? The 1000th?! Man, even the thought of it makes my fingers cramp! 😵‍💫

Now, we all love a good typing session (the rhythmic click-clack is oddly satisfying), but typing ‘git clone’ before every URL, every single time? That’s where we draw the line. It’s like having to say “Simon says” before every command. Simon, we get it, you’re in charge! 🙄

Enter the GitHub Clone Helper! This nifty little extension is the superhero we didn’t know we needed. It swoops in and puts an end to our ‘git clone’ woes. It’s like that awesome sidekick who finishes your sentences, only this time, it’s finishing your commands. Now, who wouldn’t want that? 🦸‍♀️

GitHub Clone Helper is no ordinary extension. It’s a hardworking, diligent little elf that automatically adds ‘git clone’ before the clone URLs on GitHub. And it doesn’t just show it; it means it. When you copy the clone URL, you’re actually copying the entire ‘git clone’ command. It’s the Ctrl+C and Ctrl+V party you always wanted to have! 🥳

So, the next time you’re browsing through GitHub and find a repository you’d like to clone, remember, you have a friend in the GitHub Clone Helper. It’s there to make sure that your ‘git clone’ days are behind you. Well, the typing part at least!

Oh, and let’s not forget about the big elephant in the room – Privacy. The GitHub Clone Helper is a true friend – it respects your privacy, doesn’t gossip (read: no unnecessary communication with servers), and doesn’t have a sneaky, sticky hand in your cookie jar (read: no collecting or sharing personal data). It’s all about that local life, just like your favorite artisanal bakery. 🍪🔒

If you’re a lazy smart developer like me, you’ll agree that there’s a certain beauty in not having to type ‘git clone’ before every URL. It’s not just about saving a few seconds; it’s about making our lives a little easier, a little more automated, and a lot more fun.

With the GitHub Clone Helper, we’re taking a step towards a world where ‘git clone’ is a thing of the past. A world where we can focus on the exciting stuff – code, coffee, and occasionally, sleep. 😴

So, get on board the GitHub Clone Helper train and let’s make a ‘git clone’ history! Choo-choo, fellow devs! 🚂💨

You can see these extension links below:

GitHub: https://github.com/flightlesstux/github-clone-helper
Google Chrome Webstore: https://chrome.google.com/webstore/detail/kfabhahlbkfegapejbcigihbgjnpdobm
Mozilla Firefox Add-ons: https://addons.mozilla.org/en-US/firefox/addon/github-clone-helper/

All feedback and stars are welcome! 🌟

Happy coding and may the force of the semicolon be with you! 💻🚀

Secure Your Media Files by Removing Metadata with AWS Lambda

Ercan Ermiş — Thu, 20 Apr 2023 15:51:14 +0000

In today’s digital world, images and videos often contain metadata that reveals a surprising amount of information about the media file. This metadata, such as EXIF data in images, can include sensitive details like location, device information, and more. To protect user privacy and enhance security, businesses in various industries can benefit from removing this metadata from media files. In this blog post, we’ll walk you through a simple AWS Lambda script that automatically removes metadata from uploaded images and videos in S3 buckets.

Industries That Can Benefit:

Social Media Platforms: Social media platforms handle a massive number of media uploads every day. By removing metadata from images and videos, these platforms can better protect user privacy and minimize the risk of unintentional information leaks.
E-Commerce: E-commerce websites often display user-generated content, such as product images and reviews. Stripping metadata from these media files ensures that customers’ private information is not inadvertently exposed.
Healthcare: The healthcare industry deals with sensitive patient information, including images and videos from medical procedures. Removing metadata from these files is essential to comply with privacy regulations and protect patient confidentiality.
News and Media: Journalists and media organizations publish images and videos that may contain sensitive information about sources or locations. Stripping metadata can help protect this information and maintain the integrity of their reporting.
Education: Educational institutions often host and share various media files, such as lecture videos, research images, and student presentations. Removing metadata from these files ensures that private information about students, faculty, and research subjects is protected.

Benefits of Removing Metadata:

Enhanced Privacy: Stripping metadata from media files helps protect sensitive information about users, locations, and devices, safeguarding user privacy.
Security: By removing metadata, you reduce the risk of accidentally leaking sensitive information, which could be exploited by malicious actors.
Compliance: Removing metadata can help organizations comply with data protection regulations, such as GDPR or HIPAA, that require safeguarding user data.
Simplified Management: Automating metadata removal with AWS Lambda reduces the manual work needed to process media files, streamlining media management across your organization.

import os
import json
import boto3
from PIL import Image
from io import BytesIO
import av

def remove_exif_from_image(file_content):
    img = Image.open(BytesIO(file_content))
    img = img.convert('RGB')

    # Save the image without EXIF data
    output = BytesIO()
    img.save(output, format='JPEG', quality=95)
    output.seek(0)

    return output

def remove_metadata_from_video(file_content):
    input_container = av.open(BytesIO(file_content), mode='r')
    output = BytesIO()
    output_container = av.open(output, mode='w')

    for stream in input_container.streams:
        output_stream = output_container.add_stream(stream.codec.name, stream.rate)
        for packet in input_container.demux(stream):
            for frame in packet.decode():
                packet = output_stream.encode(frame)
                if packet:
                    output_container.mux(packet)
        output_stream.encode(None)
    output_container.close()
    output.seek(0)

    return output

def lambda_handler(event, context):
    s3 = boto3.client('s3')

    bucket = event['Records'][0]['s3']['bucket']['name']
    key = event['Records'][0]['s3']['object']['key']

    # Download the file
    s3_object = s3.get_object(Bucket=bucket, Key=key)
    file_content = s3_object['Body'].read()

    # Process the image or video and remove EXIF data
    if key.lower().endswith(('.png', '.jpg', '.jpeg', '.gif', '.bmp', '.tiff', '.webp')):
        output = remove_exif_from_image(file_content)
    elif key.lower().endswith(('.mp4', '.mkv', '.avi', '.mov', '.webm', '.flv')):
        output = remove_metadata_from_video(file_content)
    else:
        return {
            'statusCode': 400,
            'body': json.dumps('Unsupported file format.')
        }

    # Upload the processed file
    new_bucket = os.environ['NEW_BUCKET'] if os.environ.get('NEW_BUCKET') else bucket
    s3.put_object(Bucket=new_bucket, Key=key, Body=output)

    return {
        'statusCode': 200,
        'body': json.dumps('File processed and uploaded.')
    }

Please note that the pyav library requires FFmpeg shared libraries, which may not be available in the default Lambda environment. You’ll need to create a custom Lambda layer that includes both the pyav library and FFmpeg shared libraries. You can follow the official guide to create a custom Lambda layer for FFmpeg.

Here is the Github Repository: https://github.com/flightlesstux/EXIF-Metadata-Remover

Conclusion

The AWS Lambda script we’ve provided makes it easy to remove metadata from images and videos uploaded to S3 buckets, enhancing privacy and security across a wide range of industries. By implementing this solution, you can protect user information, reduce potential risks, and ensure compliance with data protection regulations.

List your S3 bucket objects easily with S3 Directory Listing

Ercan Ermiş — Tue, 18 Apr 2023 15:45:27 +0000

Are you tired of the boring, plain S3 bucket directory listing? Do you wish there was a way to make it more user-friendly and appealing? Well, look no further! Introducing S3-Directory-Listing, a simple and easy-to-use JS script and HTML combo that will turn your S3 bucket directory listing into a fancy, modern-looking file and folder listing with a nice UI and search functionality.

First things first, let’s talk about usage. To use S3-Directory-Listing, all you need to do is clone the repository or copy the contents of dark-mode.css, s3.js and index.html to your S3 bucket. Then, update the bucketName variable in app.js with your bucket’s name, and configure your S3 bucket settings. Access the index.html file in your browser, and voilà! You now have a fancy S3 directory listing. It’s that simple!

But what about S3 bucket settings? To make this magic work, you need to configure your S3 bucket settings properly. First, make sure your S3 bucket is publicly accessible or at least accessible to the users you want to share the directory listing with. Next, set the bucket policy to allow public read access to your objects. Use the policy, replacing with your actual bucket name.

Finally, enable static website hosting for your bucket, and note down the bucket’s static website endpoint (e.g., http://.s3-website-.amazonaws.com/index.html or https://.s3.amazonaws.com/index.html for secure connection).

Now that your S3 bucket settings are configured, you can enjoy your brand new, fancy-pants S3 directory listing! But wait, there’s more. You can customize the number of items shown per page by modifying the itemsPerPage variable in s3.js.

S3-Directory-Listing is not only easy to use, but it’s also highly customizable. You can tweak the script and HTML to fit your specific needs and preferences. And if you run into any issues or have any questions, you can head over to the GitHub repo and let the creators know. They’d love to hear from you!

In conclusion, S3-Directory-Listing is a game-changer for anyone who wants to fancy up their S3 bucket directory listing. It’s easy to use, highly customizable, and best of all, it’s free! So why settle for a boring, plain S3 directory listing when you can have a modern, user-friendly one? Give S3-Directory-Listing a try today and see for yourself how much of a difference it can make.

You can check Github Repository https://github.com/flightlesstux/S3-Directory-Listing for README and S3 Bucket Policy examples.

You can also use in Dark Mode! Here is the demo: https://s3-directory-listing.s3.amazonaws.com/index.html

Happy listing!

Keeping Composer Packages Up-to-Date with Composer Guardian: Why It’s Essential

Ercan Ermiş — Sat, 15 Apr 2023 20:57:39 +0000

As a PHP developer, chances are you’re already familiar with Composer, the dependency manager for PHP. It’s an essential tool for managing packages, streamlining updates, and ensuring that your projects run smoothly. One crucial aspect of using Composer is keeping your packages up-to-date. In this blog post, we will discuss the importance of keeping your Composer packages current and how Composer Guardian, an open-source script, can help you achieve that.

Why Keep Composer Packages Up-to-Date?

Security: Outdated packages can expose your application to security risks, as they may contain vulnerabilities that have been addressed in newer versions. By keeping your packages up-to-date, you minimize the risk of being targeted by hackers.
Performance: Newer versions of packages often contain performance improvements and optimizations that can lead to a faster, more efficient application. Staying up-to-date ensures that you’re using the most efficient version of a package.
Compatibility: As PHP and other packages evolve, compatibility issues can arise. By regularly updating your packages, you minimize the risk of encountering conflicts or issues related to deprecated functionality.
Bug Fixes: Package updates often contain bug fixes that can resolve issues you may be experiencing in your application. By staying current, you can avoid potential problems and ensure a smoother development process.
New Features: Updated packages often introduce new features that can benefit your application. By keeping your packages current, you can take advantage of these features and continue to innovate within your projects.

Introducing the Composer Guardian

The provided script, called Composer Guardian, is designed to help you stay on top of package updates. It reads your composer.json file, checks for updates, and generates a report detailing which packages need to be updated.

Key Features:

Fetches the latest stable version of each package listed in your composer.json file
Skips packages with certain prefixes (e.g., ‘ext-‘) or excluded packages (e.g., ‘php’)
Displays a table with the package name, current version, and latest version
Optionally sends the report to a Slack channel using a webhook URL

Usage:

To use Composer Guardian, simply clone the GitHub repository and run the script with the appropriate command-line options or environment variables. For example:

python/python3 composer_guardian.py --composer-file-path /path/to/composer.json --slack-webhook-url https://hooks.slack.com/services/...

Or, using environment variables:

export COMPOSER_FILE_PATH=/path/to/composer.json
export SLACK_WEBHOOK_URL=https://hooks.slack.com/services/...
python/python3 composer_guardian.py

Conclusion

Keeping your Composer packages up-to-date is crucial for maintaining the security, performance, and overall health of your PHP applications. Composer Guardian provides an easy-to-use solution for staying current with package updates and can help you streamline your development process. Give it a try and see how it can benefit your projects. Don’t forget to star the repository if you find it helpful, and feel free to contribute or open issues if you encounter any problems.

The Repository: Composer Guardian GitHub

What's Carrier Gateway is AWS?

Ercan Ermiş — Fri, 24 Feb 2023 20:21:39 +0000

Amazon Web Services (AWS) offers many services to provide a seamless and secure cloud computing experience to its users. One of these services is Carrier Gateway, which is designed to provide a simplified and centralized solution for connecting customer networks to AWS.

In this article, we will discuss the concept of Carrier Gateway on AWS and its benefits in detail.

What is Carrier Gateway on AWS?

Carrier Gateway is a service that enables AWS customers to establish a direct and private connection between their on-premises data center or network and their Virtual Private Cloud (VPC) on AWS. It allows users to extend their network topology to AWS, thus providing a secure and high-bandwidth connection between their on-premises infrastructure and AWS.

Carrier Gateway provides a single gateway to connect to multiple AWS Regions, thus eliminating the need to create multiple VPN connections for each region. This makes it easier for customers to manage their network infrastructure and reduce operational complexity.
Benefits of Carrier Gateway on AWS:
Enhanced Security

Carrier Gateway provides a secure and private connection between customer networks and AWS. It uses industry-standard encryption and authentication protocols to ensure data privacy and security. This eliminates the need to use public internet connections and reduces the risk of cyberattacks and data breaches.

High-Performance

Carrier Gateway provides high-bandwidth connectivity between customer networks and AWS. This ensures faster data transfer and reduced latency, thus enhancing application performance and user experience.

Simplified Network Management

Carrier Gateway provides a centralized solution for connecting customer networks to AWS. This eliminates the need to create multiple VPN connections for each region, thus reducing operational complexity and network management overheads.

Cost-Effective

Carrier Gateway provides a cost-effective solution for connecting customer networks to AWS. It eliminates the need to use expensive leased lines or MPLS circuits, thus reducing connectivity costs significantly.

How Carrier Gateway Works

Carrier Gateway works by establishing a direct and private connection between customer networks and AWS. It provides a Layer 2 Ethernet interface that connects to the customer’s on-premises router or switch. The Carrier Gateway interface is connected to an AWS Direct Connect Gateway, which in turn connects to the VPC on AWS.

The Carrier Gateway interface can be configured with VLAN tagging to support multiple VPCs. This allows customers to extend their network topology to multiple VPCs on AWS using a single Carrier Gateway.

Carrier Gateway supports Border Gateway Protocol (BGP) routing to enable dynamic routing between the customer network and the VPC on AWS. This ensures that traffic is always routed over the most optimal path, thus providing high performance and reliability.

Conclusion

Carrier Gateway on AWS is a powerful service that provides a secure, high-bandwidth, and cost-effective solution for connecting customer networks to AWS. It eliminates the need to use public internet connections, simplifies network management, and enhances application performance.

If you are considering connecting your on-premises infrastructure to AWS, Carrier Gateway is an excellent option to consider. It provides a seamless and secure connection that can help you reduce costs, enhance security, and simplify network management.

What is an Egress only internet gateways in AWS?

Ercan Ermiş — Sun, 12 Feb 2023 18:07:49 +0000

Amazon Web Services (AWS) is one of the leading cloud computing platforms, providing a variety of infrastructure services to businesses of all sizes. One of the essential components of AWS is Virtual Private Cloud (VPC), which allows users to isolate their resources in a logically isolated virtual network. Within a VPC, an Egress-Only Internet Gateway is an essential component that enables outbound traffic from the VPC to the Internet.

An Egress-Only Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that provides a secure way for outbound-only Internet traffic from instances in a VPC to flow to the Internet. It operates as a stateful gateway, which means that it keeps track of the network connections initiated from instances in the VPC, and it automatically allows the corresponding return traffic to flow back into the VPC.

The main advantage of using an Egress-Only Internet Gateway is that it provides a secure and reliable way for instances in a VPC to access the Internet. For example, it can be used to allow instances in a VPC to access public AWS services such as Amazon S3 or Amazon EC2, or to access public websites, such as www.google.com. An Egress-Only Internet Gateway also enhances the security of instances in a VPC, as it blocks all incoming traffic from the Internet to instances in the VPC, and only allows outgoing traffic.

To use an Egress-Only Internet Gateway, you must create a VPC, configure a route table for your VPC, and associate the route table with the VPC. Then, you need to create an Egress-Only Internet Gateway and associate it with the VPC. You can also associate multiple subnets in a VPC with an Egress-Only Internet Gateway, which provides more flexibility and security.

One of the benefits of using an Egress-Only Internet Gateway is that it enables you to have full control over the outbound Internet traffic from instances in your VPC. For example, you can control access to specific websites or services, and monitor the traffic for compliance and security purposes. Additionally, you can use AWS Network Firewall or Amazon VPC Security Groups to control the outbound traffic from instances in your VPC.

Another benefit of using an Egress-Only Internet Gateway is that it helps reduce the operational overhead and complexity of managing Internet access for instances in your VPC. For example, you do not need to configure a NAT gateway or a VPN connection to the Internet, which can be challenging and time-consuming. Instead, you can simply create an Egress-Only Internet Gateway, associate it with your VPC, and configure the route table, which can be done quickly and easily.
Conclusion

In conclusion, an Egress-Only Internet Gateway is an essential component of AWS Virtual Private Cloud (VPC) that provides a secure and reliable way for instances in a VPC to access the Internet. It provides full control over the outbound Internet traffic from instances in your VPC, enhances security, and reduces operational overhead. By using an Egress-Only Internet Gateway, businesses can securely access public AWS services and the Internet, without having to worry about managing the underlying infrastructure.

What is an Internet Gateway in AWS?

Ercan Ermiş — Tue, 07 Feb 2023 08:30:56 +0000

Amazon Web Services (AWS) Internet Gateway is a horizontally scalable, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It, therefore, acts as a bridge between your VPC and the Internet.

An Internet Gateway is not automatically created when you create a VPC. Instead, you must create and attach an Internet Gateway to your VPC before your instances in the VPC can communicate with the Internet. Once an Internet Gateway is attached to a VPC, you can then route Internet traffic to your instances.

Internet Gateways are horizontally scaleable, meaning that they automatically adjust their capacity to handle the number of requests that pass through them. They are also redundant, which means that if one Internet Gateway fails, another one takes over and ensures that there is no interruption in service. This redundancy ensures that your instances are always able to communicate with the Internet.

To create an Internet Gateway, you must first log in to the AWS Management Console and navigate to the VPC dashboard. Once there, you can click on the “Internet Gateways” menu and select “Create Internet Gateway.” You will then be prompted to give your Internet Gateway a name and select the VPC that it should be attached. Once the Internet Gateway is created, it will be in a “detached” state. To attach the Internet Gateway to a VPC, you must click on the Internet Gateway and select “Actions,” then “Attach to VPC.”

Once an Internet Gateway is attached to a VPC, it can be used to route Internet traffic to instances in that VPC. To do this, you must create a route in the VPC’s routing table that points Internet traffic (0.0.0.0/0) to the Internet Gateway. This is often referred to as the “default route” for Internet traffic.

When you create a new VPC, it automatically comes with a default route table, which you can use to route Internet traffic to the Internet Gateway. You can also create additional route tables and associate them with specific subnets in your VPC. This allows you to control the Internet access for instances in those subnets.

AWS Internet Gateway allows access to Internet resources over IPv4 and IPv6 protocols. Additionally, if you want to connect to your on-premises resources, you can create a VPN connection or a Direct Connect link between your on-premises data center and your VPC over Internet Gateway. It also provides network address translation (NAT) service, which allows instances in a private subnet to connect to the Internet, but prevents the Internet from initiating connections with those instances.

AWS Internet Gateway also provides security features such as Security Group and Network Access Control List (NACL) to control inbound and outbound traffic to your instances via Internet Gateway. It allows you to create rules that permit or deny traffic based on protocol, port, and source or destination IP address. You can also use AWS Web Application Firewall (WAF) to protect your applications and APIs from various web-based attacks.

Conclusion

In summary, Amazon Web Services (AWS) Internet Gateway is a horizontally scalable, redundant, and highly available VPC component that enables the communication between instances in a VPC and the Internet. It acts as a bridge between a VPC and the Internet and allows you to route Internet traffic to your instances. Internet Gateways also provide security features such as security groups and network access control lists to control inbound and outbound traffic, as well as a way to connect to on-premises resources via VPN or Direct Connect.

What are Route Tables on AWS VPC?

Ercan Ermiş — Mon, 06 Feb 2023 11:34:20 +0000

Route tables in Amazon Web Services (AWS) are used to determine how traffic is directed within a Virtual Private Cloud (VPC). They contain a set of rules, known as routes, that specify which network traffic is directed to which network interface.

Each subnet in a VPC must be associated with a route table, which controls the traffic for that subnet. A subnet can only be associated with one route table at a time, but a route table can be associated with multiple subnets. This allows you to have different routing rules for different subnets within a VPC.

A route table consists of a set of rules, called routes, that specify which traffic is directed to which network interface. A route consists of a destination and a target. The destination is the IP range that the traffic is being sent to, and the target is the network interface to which the traffic is being sent to.

There are two types of routes in a route table:

Local routes: These routes apply to traffic within the VPC. Every VPC has a default local route that allows traffic to flow between subnets within the VPC.
Internet Gateway routes: These routes apply to traffic going to and from the internet. Every VPC has a default Internet Gateway route that allows traffic to flow between the VPC and the internet.

In addition to the default route table, you can create additional custom route tables. This allows you to specify custom routing rules for specific subnets within your VPC. For example, you might want to create a custom route table for a subnet that is hosting a database, to ensure that traffic to and from the database is routed properly.

When you create a new VPC, AWS automatically creates a default route table. This default route table contains a local route and an Internet Gateway route, as described above. You can modify the routes in the default route table, but you cannot delete them.

It is important to properly configure your route tables in order to ensure that traffic is directed correctly within your VPC. Incorrectly configured route tables can lead to network connectivity issues and negatively impact your applications’ performance.

There are a few key things to consider when configuring your route tables:

Make sure that you have an Internet Gateway route for any subnet that needs to access the internet.
Make sure that you have local routes for any subnets that need to communicate with each other within the VPC.
Make sure that you have a default route table, and that it is properly configured.
Consider creating custom route tables for specific subnets that have unique routing requirements.

Conclusion

In summary, route tables in AWS are used to control the routing of traffic within a VPC. They consist of a set of routes that specify which traffic is directed to which network interface, and they are associated with individual subnets within a VPC. Properly configuring your route tables is important for ensuring that traffic is directed correctly within your VPC and for maintaining the performance of your applications.

What is Subnet on AWS VPC?

Ercan Ermiş — Sat, 10 Dec 2022 09:08:19 +0000

Amazon Web Services (AWS) Virtual Private Cloud (VPC) is a cloud computing service that allows users to create and manage their own virtual network in the cloud. This allows users to have complete control over their network and resources, including the ability to customize subnetting for their VPC.

Subnets in AWS VPC are used to divide a VPC into multiple logical networks. This allows users to isolate resources and control access to those resources. Subnets can be either public or private, with public subnets having access to the internet and private subnets not having access to the internet.

Creating subnets in AWS VPC is easy and can be done through the AWS Management Console. First, the user must select their VPC and then click on the “Subnets” tab. From there, the user can select “Create Subnet” and enter the name, VPC, and availability zone for the subnet. They can also specify whether the subnet is public or private.

Once the subnet is created, the user can then add resources to the subnet, such as EC2 instances or RDS databases. The user can also control access to the subnet through the use of security groups and network ACLs.

One important consideration when creating subnets in AWS VPC is the CIDR block. CIDR (Classless Inter-Domain Routing) blocks are used to specify the range of IP addresses that can be used in a subnet. The user must specify a CIDR block when creating a subnet, and the CIDR block must be within the VPC’s CIDR block range.

Another important consideration is the availability zone for the subnet. AWS VPC allows users to create subnets in multiple availability zones within a region. This provides high availability and redundancy for the subnet and its resources.

Subnetting can also be useful for segmenting a VPC into different environments, such as development, staging, and production. This allows users to isolate resources and control access between environments.

There are also additional benefits to using subnets in AWS VPC. For example, users can create a NAT gateway in a public subnet and use it to enable internet access for private subnets. This allows resources in the private subnet to access the internet without having a public IP address.

Users can also use VPC peering to connect two VPCs together and share resources between them. This can be useful for creating a more complex network architecture, such as connecting a VPC in one region to a VPC in another region.

Conclusion

Subnets in AWS VPC provide users with the ability to customize and control their virtual network in the cloud. Subnetting allows users to segment their VPC into multiple logical networks, isolate resources, and control access to those resources. It also provides benefits such as high availability and redundancy, and the ability to connect VPCs together. Overall, using subnets in AWS VPC can greatly enhance the flexibility and functionality of a cloud-based network.

What is AWS VPC?

Ercan Ermiş — Wed, 07 Dec 2022 06:02:29 +0000

Amazon Web Services (AWS) Virtual Private Cloud (VPC) is a service that allows users to create and manage their own virtual private network (VPN) in the AWS cloud. This allows users to have complete control over their own network environment, including the ability to select their own IP address range, create subnets, and configure route tables and network gateways.

One of the main benefits of using VPC is the ability to securely connect to the internet and to other AWS services. With VPC, users can create a public-facing subnet for their web servers, and a private-facing subnet for their databases. This allows for better security and isolation of sensitive data.

VPC also allows for greater control over network access. Users can use security groups and network ACLs to control inbound and outbound traffic at the subnet and network interface levels. This allows users to create granular rules to restrict access to specific IP addresses or ranges, ports, and protocols.

Another benefit of VPC is the ability to use AWS PrivateLink. This allows users to securely access services over the AWS network, without the need for an internet gateway or a VPN connection. This can improve security and reduce data transfer costs.

VPC also allows for seamless integration with other AWS services. For example, users can use VPC to connect to Amazon Elastic Compute Cloud (EC2) instances, Amazon Relational Database Service (RDS) databases, and other AWS services. This allows for easy deployment and management of complex, multi-tier applications in the AWS cloud.

In addition to these benefits, VPC also offers several other features and capabilities. For example, users can use VPC Flow Logs to capture information about the IP traffic going to and from their network interfaces. This can be useful for monitoring and troubleshooting network issues.

VPC also allows for the creation of VPN connections to on-premises networks. This can be useful for organizations that have a hybrid cloud environment, or for those that want to connect their AWS resources to their existing IT infrastructure.

Conclusion

Overall, AWS VPC provides users with a highly customizable and secure network environment in the AWS cloud. With VPC, users can easily connect to the internet and other AWS services, control network access, and integrate with other AWS services. This allows for greater flexibility and control over their cloud environment, enabling them to build and deploy complex, multi-tier applications in the AWS cloud.