DEV Community: Ahmed Srebrenica

How I passed the AWS Security Specialty exam

Ahmed Srebrenica — Sat, 23 Aug 2025 14:26:01 +0000

https://www.credly.com/badges/eb14e4a8-92e7-4e33-841c-7aac8e2e7681/public_url

AWS Security Specialty is one of the hardest AWS exams. The focus is entirely on security in AWS, and there is a wide range of services you need to know. I prepared for 4 months, but a lot happened during that time. For example, we had a baby girl, and it’s hard to stay focused on learning when you have a baby at home, and also it’s difficult to find time to learn when you have a full-time job. But I succeed, and you can too, no matter your circumstances. Now, I will outline the main steps I took to successfully pass the AWS Security Specialty exam.

1. Loving to learn

You are in IT, right? We are committed to learning throughout our entire lives, unless you want to quit IT. I love learning, and I am looking forward to exploring new things. It can be stressful, but you have to find motivation and strength to deal with it. On this journey, I had to study a few new services that I didn’t use, and I found joy in that.

2. Pass AWS Solutions Architect first

In October 2023, I passed the AWS Solutions Architect Associate exam. I had some experience at that time, but not too much, and I passed it. The AWS Solutions Architect helped me a lot, because it covers many services that you need to know, and how those services depend on other services. I learned about many services back then that I had never even used. I must say, an AWS Solutions Architect should be the first or second step before taking the AWS Security Specialty.

3. Materials you choose to learn

It depends on what you like. Earlier, for AWS Solutions Architect, I prepared with Stephane Maarek's course, and I liked the way he teaches. For the AWS Security Specialty, I tried with Adrian Cantrill's course, because he is also great. But it took me a lot of time to reach 50%, so I switched to Stephane’s course, and I didn’t regret it. Tutorials Dojo is something that you CAN’T skip — it is a platform with practice questions for the exam. Of course, questions from Tutorials Dojo won’t appear on the exam, but the concepts are the same, which is what matters most. I thought it was not enough, so I bought Neil Davis' practice exams and AWS Skill Builder. Kudos to Neal Davis - the questions are similar to Tutorials Dojo. The AWS Skill Builder practice exam is very close to what you can expect on the real exam, maybe even harder.

4. Notes

You can’t succeed without using personal notes. Write down everything you are weak at, and review it daily. Don’t just study, go to the Console and try it out. The day before the exam, go through your entire notes document and review everything. This approach helped me not only with this exam, but it also helped me with every exam so far (AWS x2, Google x2, and Microsoft)

My first impression of Amazon Nova

Ahmed Srebrenica — Tue, 29 Apr 2025 08:21:55 +0000

Big thanks to the AWS Community Builders team for supporting me with AWS credit to introduce Amazon Nova.

Introduction

We are living in the AI age, and the biggest companies in the world are battling each other to give us better AI services. AWS has a lot of AI services, and they are maybe the cloud provider with the most and best AI tools. Today, in this article, we are going to introduce Amazon Nova (Nova Lite, Nova Canvas, and Nova Reel).

What is Amazon Nova?

Per AWS Documentation: “Amazon Nova is a new generation of foundation models that deliver frontier intelligence and industry leading price performance, available on Amazon Bedrock. Amazon Nova models include three understanding models, two creative content generation models, and one speech-to-speech model. Through seamless integration with Amazon Bedrock, developers can build and scale generative AI applications with Amazon Nova foundation models. To start building with Amazon Nova, you must access the models through an API using Amazon Bedrock.”.

We will work with:

Amazon Nova Lite: it is a very low-cost multimodal model that is lightning fast for processing image, video, and text inputs.
Amazon Nova Canvas is an image generation model that creates professional grade images from text and image inputs. Amazon Nova Canvas is ideal for a wide range of applications such as advertising, marketing, and entertainment.
Amazon Nova Reel is a video generation model that supports the generation of short videos from input text and images. Amazon Nova Reel provides camera motion controls using natural language inputs.

How can we access Amazon Nova?

First of all, we need to have an AWS Account to access it, so make sure you have it. In the AWS Console, search for the Amazon Bedrock service.

The second step would be to go to Model Access under the Bedrock Configuration from the left navigation pane.

In the Model Access, we have the option to find the model. We are going to find Nova. Under the access status, you should see “Available to request”. Click on that and choose Nova Reel, Nova Lite, and Nova Canvas. I won’t do that, because I already enabled it.

How can we use Amazon Nova Lite?

Go to the main Bedrock page and from the left navigation pane under the Playgrounds, choose Chat / Text.

Click the “Select model” button and choose Amazon/Nova Lite/On-demand, and click “Apply”.

Now, we are where we wanted to be. We can interact with the Amazon Nova Lite, but let’s first explain what we see:

On the left side are System Prompts, where we can add some instructions, for example: I want Amazon Nova Lite to respond to me in my native language, Bosnian.
Randomness and diversity — we can add Temperature and Top P here.
If the temperature is higher, the model is more creative; if it is lower, the model is more predictable.
Top P It does “probabilistic sampling” — it determines how many rare options the model can consider when generating an answer.
Response length — maximum length in tokens. Stop sequences — we can type something like “000” and the model will not generate when it sees “000”.
With Guardrails, you can specify some rules, for example: you don’t want to see any harmful speech.
Prompt whatever you want.

How can we use Amazon Nova Canvas?

Go to the main Bedrock page and from the left navigation pane under the Playgrounds, choose Image / Video.

Click the “Select model” button and choose Amazon/Nova Canvas/On-demand, and click “Apply”.

We can interact with the Amazon Nova Canvas now, but let’s first explain what we see:

We have a lot of options here, choose what you want. I will choose “Generate image” because I want Canvas to generate an image.

Negative prompt — you can type here what you don’t want in the picture. For example, “No blurry images”, or “No black hair”…
Response image — choose the size of an image and the number of images.
You can add any color to the generated photo. For example, you only want orange.
You can upload the photo, and that photo can be edited by Amazon Nova Canvas.
Advanced configurations — Prompt Strength controls how tightly the model follows your text (higher values like 6.5 enforce tighter adherence, lower values allow more creativity). The Seed number controls randomness — using the same Seed gives similar results, leaving it blank ensures different outputs each time.

How can we use Amazon Nova Reel?

Go to the main Bedrock page and from the left navigation pane under the Playgrounds, choose Image / Video.

Click the “Select model” button and choose Amazon/Nova Reel v1.1/On-demand, and click “Apply”.

We can interact with the Amazon Nova Reel now, but let’s first explain what we see. First of all, the pop-up windows will alert us about costs, and if we want to avoid them, we should delete the created S3 bucket. Click “Confirm”, and the bucket will be created.

In Action, we can only select “Generate Video”.
Response Video — we can enter the duration of the video from 6 seconds (min) to 120 seconds (max). Aspect ratio has a lot of different options, but the standard option is 16:9 (like on YouTube). We can also choose video resolution and frames per second.
You can go to the bucket where the video will be saved.
The Seed is a number that controls the randomness of video generation. Using the same Seed with identical settings and prompts will produce a similar or identical video.

Conclusion

I have to say that I am very surprised by the Amazon Nova models. This was my first interaction with Amazon Nova, and the results are amazing. I have been using ChatGPT Plus so far, and I am very happy with it, but the price of ChatGPT Plus is high (in my opinion). The good thing about Amazon Nova is that you pay for what you use, and it can be cheaper per month than ChatGPT Plus.

Amazon Nova Lite is the best service for me, because in my daily work, I use text most of the day. Canvas and Reel are also great, especially Canvas. The images are fantastic, and what I like the most is that I have a lot of options around the image.

The final score is 9.5/10.

If you like this story, clap and follow me.

Check out my website, you will gain basic information about me: ahmedsrebrenica.com.

Defense in Depth approach using AWS

Ahmed Srebrenica — Sun, 06 Oct 2024 12:16:41 +0000

Defense in depth is a layered approach to vulnerability management that reduces risk.

Introduction

AWS offers a variety of security services that can be utilized in different ways and for different types of defense. When it comes to security, we have multiple approaches to effectively defend our infrastructure. We understand that security is the most crucial aspect of our infrastructure. In this demo, I will implement the Defense in Depth approach by utilizing different AWS services. I will set up an infrastructure with a basic application running on an EC2 instance. To implement the Defense in Depth approach, I will make a custom VPC to use custom subnets and ACL, and I will also use EC2, Application Load Balancer, Web Application Firewall, Route 53, and Amazon Certificate Manager.

Cf. Liebmann (1996): “The concept of defense in depth is not only a guide for the review of a particular technical solution as, for example, a set of singular barriers, but a method of reasoning and a general frame- work to examine more fully the entire facility, both for its design and for its analysis”

Prerequisites

Create AWS Account. I already have an AWS Account and I won’t be creating a new one.
Install Terraform to your Local Machine.
This is a WARNING ALERT. This demo can make small charges on your account. You need to have some money in your account.

Create custom VPC

According to AWS Docs, VPC is a logically isolated virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

If you subscribed to my Medium profile, you may have seen my story “How to build an AWS VPC using the Console or Terraform”. I will be creating another one using Terraform. If you’re not familiar with Terraform, I also covered how to create a VPC in the AWS Console. I should mention that in the previous story, I used “eu-central-1” and now I will be changing it to “us-east-1”.

resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
  enable_dns_support = true
  enable_dns_hostnames = true
  tags = {
    Name = "ahmed-srebrenica-vpc"
  }
}

resource "aws_subnet" "public_a" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.1.0/24"
  map_public_ip_on_launch = true
  availability_zone = "us-east-1a" 
  tags = {
    Name = "ahmed-srebrenica-public-subnet-a"
  }
}

resource "aws_subnet" "public_b" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.3.0/24"
  map_public_ip_on_launch = true
  availability_zone = "us-east-1b"
  tags = {
    Name = "ahmed-srebrenica-public-subnet-b"
  }
}

resource "aws_subnet" "private_a" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.2.0/24"
  availability_zone = "us-east-1a"
  tags = {
    Name = "ahmed-srebrenica-private-subnet-a"
  }
}

resource "aws_subnet" "private_b" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.4.0/24"
  availability_zone = "us-east-1b" 
  tags = {
    Name = "ahmed-srebrenica-private-subnet-b"
  }
}

resource "aws_internet_gateway" "igw" {
  vpc_id = aws_vpc.main.id
  tags = {
    Name = "ahmed-srebrenica-igw"
  }
}

resource "aws_route_table" "public" {
  vpc_id = aws_vpc.main.id
  tags = {
    Name = "ahmed-srebrenica-public-rt"
  }
}

resource "aws_route_table_association" "public_association_a" {
  subnet_id      = aws_subnet.public_a.id
  route_table_id = aws_route_table.public.id
}

resource "aws_route_table_association" "public_association_b" {
  subnet_id      = aws_subnet.public_b.id
  route_table_id = aws_route_table.public.id
}

resource "aws_route" "public_route" {
  route_table_id         = aws_route_table.public.id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = aws_internet_gateway.igw.id
}

resource "aws_nat_gateway" "nat" {
  allocation_id = ""  
  subnet_id     = aws_subnet.public_a.id
  connectivity_type = "private"  
  tags = {
    Name = "ahmed-srebrenica-nat-gateway"
  }
}

resource "aws_route_table" "private" {
  vpc_id = aws_vpc.main.id
  tags = {
    Name = "ahmed-srebrenica-private-rt"
  }
}

resource "aws_route_table_association" "private_association_a" {
  subnet_id      = aws_subnet.private_a.id
  route_table_id = aws_route_table.private.id
}

resource "aws_route_table_association" "private_association_b" {
  subnet_id      = aws_subnet.private_b.id
  route_table_id = aws_route_table.private.id
}

resource "aws_route" "private_route" {
  route_table_id         = aws_route_table.private.id
  destination_cidr_block = "0.0.0.0/0"
  nat_gateway_id         = aws_nat_gateway.nat.id
}

In the picture below, you can see that I have successfully created my VPC, and I named it “ahmed-srebrenica-vpc”. I have 4 subnets (2 public and 2 private subnets), Public and Private route tables, an Internet Gateway, and a NAT Gateway. For this demo, we don’t need Private subnets, but if you want to add a database you must have private subnets.

Let's summarize: Every time you start a new project, create a custom VPC. NEVER use the Default VPC. We have created a custom VPC so far with two public and private subnets. Our custom VPC has Network Access Control list, we will change some rules for it later.

Create two EC2 Instances and a Security Group for it

EC2 Instance is like a Virtual Machine but in the Cloud. Security Group is stateful and acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic.

Our next move will be to create a Security group. To do that, go to the EC2 Dashboard, and from the left-hand side choose “Security Groups” and then click the “Create Security Group “ button.

You have to name your security group and don’t forget to select the custom VPC that you created in the first step. Open ports 80, and 443 from Inbound rules.

Click the “Create Security Group” button.

Our next step is to create an EC2 instance and launch Nginx. Go to the EC2 dashboard and from the left-hand side choose “Instances”, then click the “Launch Instances” button.

Our first step is to give the name to the instance and select Amazon Linux 2023 AMI.

The instance type should be t2.micro, and the Key pair is optional.

This is the most important step. Under the “Network Settings”, select your custom VPC, and public subnet, enable Auto-assign public IP, and select the Security Group you previously created.

Go with 8 GiB of storage, and click “Advanced details”

Go to the bottom of the page and in “User data” paste this code:

#!/bin/bash
sudo yum install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx
echo "Hello Friend from $(hostname -f)" > /usr/share/nginx/html/index.html

Click the “Launch Instance” button.

Launch another instance with the same configuration, and change only the subnet. This time select subnet-b.

Wait 2–3 minutes and you will see that the EC2 instances are successfully created.

Let’s summarize: We have created two EC2 instances. To achieve high availability, we launched one EC2 instance in public-subnet-a using us-east-1a, and another EC2 instance in public-subnet-b using us-east-1b. We have created Security Groups for the instances, allowing ports 80 and 443. The Security Group will act as a firewall for our EC2 instances.

Create an Application Load Balancer

According to AWS Docs, Elastic Load Balancing automatically distributes your incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones. It monitors the health of its registered targets, and routes traffic only to the healthy targets. Elastic Load Balancing scales your load balancer as your incoming traffic changes over time. It can automatically scale to the vast majority of workloads. Application load balancer serves as the single point of contact for clients. The Application load balancer distributes incoming application traffic across multiple targets, such as EC2 instances, in multiple Availability Zones. This increases the availability of your application.

Our next step is to create a Target Group for Application Load Balancer. Go to EC2 Dashboard and from the left-hand side, choose Target Groups, and then the “Create Target Group” button.

Under Basic Configuration select Instances and name your Target Group.

The protocol should be HTTP and don’t forget to select your custom VPC.

Leave everything as default and click the “Next” button.

Now we should register targets. Select both instances and click “Include as pending below” button. After that, click the “Create Target Group” button.

Great, we successfully created the target group.
We have to create an Application Load Balancer now. From the left-hand side, choose Load Balancers and then the “Create Load Balancer” button.

Name your ALB, the Scheme should be Internet-facing, the Address type should be IPv4.

Select your custom VPC and both Public subnets.

Great, our next step is to create another Security Group, but this time, the group should be associated with the Application Load Balancer. Click “create a new security group”.

Create a Security Group with 443 opened port.

Go back to Load Balancer and select the new Security Group.

Under the Listeners and Routing, select these Listeners and Configuration.

We must enable WAF protection.

Leave everything as default and click the “Create load balancer” button.

Wait a few minutes for the message “Successfully created load balancer”. Copy the DNS name and paste it into your browser to see if everything works correctly.

Application Load Balancer is successfully created and working correctly.

Btw. this is the WAF traffic overview after a few hours.

Let’s summarize: In these steps, we successfully created an Application Load Balancer in front of two EC2 instances. The Application Load Balancer acts as a server and distributes traffic to the EC2 instances. There are numerous security benefits associated with the Application Load Balancer. It provides SSL/TLS and protects us from DDoS attacks. We also add another layer of security with security group attached to Application Load Balancer.
We attached Web Application Firewall, it helps to protect your web applications from common application-layer exploits that can affect availability or consume excessive resources. We will use WAF default setup.

Create Route 53 records

What is Route 53? According to AWS Docs, Route 53 is a highly available and scalable Domain Name System (DNS) web service. You can use Route 53 to perform three main functions in any combination: domain registration, DNS routing, and health checking.

Our next step would be to create new records in Hosted Zones. Go to Route 53 in your Console and from the left-hand side choose “Hosted Zones”. I already have Domain ahmedsrebrenica.com.

Go to your Domain name and click the “Create record” button.

Name your record, select A record type and TTL should be 60 seconds. Enable Alias and route traffic to Application Load Balancer. Select the us-east-1 region and select the DNS of the Load Balancer. Click the “Create records” button.

We successfully created a new record. We have to add a new record, this time with www.

Let’s summarize: We have successfully created domain names for our demo. However, these domain names do not have SSL certificates.

Create SSL/TLS certificates using AWS Certificate Manager

“AWS Certificate Manager (ACM) handles the complexity of creating, storing, and renewing public and private SSL/TLS X.509 certificates and keys that protect your AWS websites and applications.”

In your Console, search for Certificate Manager service. You should see this. Click the “Request a certificate” button.

The names must be the same as you created in the Route 53 service. Leave everything else to default and click the “Request” button.

We successfully created certificates. Our next step would be to create another Route 53 record, but this time with CNAME Names and CNAME Values from our certificates.

Go to Route 53 and again click the “Create record” button. Paste the CNAME names from Certificate Manager to Record name, select CNAME record type, and paste CNAME Values from Certificate Manager to Value box. Click the “Create Record” button.

That’s it, we are done with Route 53.

Let’s summarize: To secure our domain names, we added certificates using the ACM service.

Add a new listener (HTTPS:443) and edit existing (HTTP:80)

Our final step is to add 443 listener to our existing Application Load Balancer. Go to the Load Balancer section and select the existing Load Balancer. Click the “Add listener” button.

Just follow the configuration from the screenshot. The protocol must be HTTPS, Port 443, and Forward to the target group you created.

Select Certificate from ACM and click the “Add” button.

Check your domain in the browser and you will see the website.

The last step is to edit the existing HTTP:80 Listener. Select HTTP:80 and click Edit Listener.

Switch from Forward to target groups to Redirect to URL and the port must be 443. Click the “Save changes” button.

Okay, we set the routing action redirect to HTTPS on port 443.

Let’s summarize: We have added an HTTPS:443 listener to monitor HTTPS traffic on port 443. Additionally, we have updated the HTTPS listener to redirect from HTTP port 80 to HTTPS port 443. We have also added a certificate from ACM to the HTTPS:443 listener, allowing us to properly use our domain name with SSL.

Change Network ACLs

A network access control list (ACL) allows or denies specific inbound or outbound traffic at the subnet level. To provide better security, we have to change the Access Control List Rules. Go to your custom VPC and from the left-hand side choose Network ACLs. Click the “Edit inbound rules” button.

Change Type from All Trafic to HTTPS (443), because we want to allow only HTTPS traffic, nothing else. Click the “Save changes” button.

ACLs are stateless and compared to security groups, we have to edit outbound rules and open ephemeral ports (port range 1024–65535).

Let’s see if everything works correctly. Check your website.

Let’s summarize: Network Access Control List (NACL) is an additional layer of security that protects our subnets. We have only allowed 443 traffic, and because NACL is stateless, we have opened ephemeral ports in our Outbound section.

Optionally you can set up CloudFront

You can enhance security by using CloudFront alongside the Application Load Balancer. CloudFront automatically defends against DDoS attacks at both the network and application levels. This is achieved through a variety of methods, including traffic filtering, traffic throttling, and traffic redirection. Additionally, CloudFront leverages Amazon’s global network infrastructure to provide an extra layer of protection at the network edge. It also delivers content through a global network of data centers known as edge locations. When a user requests content served with CloudFront, the request is directed to the edge location with the lowest latency, ensuring optimal performance. However, it’s important to note that using CloudFront is optional for this demo.

Conclusion

In this demonstration, we utilized various AWS services and implemented multiple layers of security to follow the Defense in Depth Approach. This approach is commonly used to protect Cloud infrastructure. If attackers attempt to compromise our infrastructure, they will encounter numerous security measures. We have employed security groups for our EC2 instances and an additional security group for the Application Load Balancer. Our Application Load Balancer is equipped with DDoS protection and a Web Application Firewall to safeguard against web-based attacks. Furthermore, we have secured our domain with an SSL certificate and have restricted traffic to only HTTPS in our NACL.

If you like this story, clap and follow me.

Check out my website, you will gain basic information about me: ahmedsrebrenica.com.

The main differences between EC2 and ECS

Ahmed Srebrenica — Wed, 10 Jul 2024 11:52:07 +0000

Elastic Compute Cloud vs Elastic Container Service

Introduction

In this article, we will explore the main differences between** EC2 (Elastic Compute Cloud) and ECS (Elastic Container Service)**.

To make a difference between EC2 and ECS, we must understand what IaaS and CaaS are…

“Infrastructure as a Service (IaaS) is a business model that delivers IT infrastructure like compute, storage, and network resources on a pay-as-you-go basis over the internet.”

One of the most well-known IaaS is AWS EC2.

“Containers as a Service (CaaS) is a cloud computing service that allows developers to manage and deploy containerized applications, giving businesses of all sizes access to portable, easily scalable cloud solutions.”

One of the most well-known CaaS is AWS ECS.

Business case

Let’s assume your company has an on-premises multi-container application and wants to deploy it on AWS. As a Solution Architect, what would be your recommended solution? Would you choose EC2 or ECS?

EC2 offers:

Full control — I mentioned earlier that EC2 is one of the most well-known IaaS, which means you will have full control. You will be able to control the operating system, storage, memory, CPU, network, etc. This includes tasks such as patching your instances and taking care of your containers.

Flexibility — You have the flexibility to choose the OS you prefer. For example, you want to choose Ubuntu or Windows instead of Amazon Linux 2023 to manage your containers.

Complexity — EC2 is the perfect option for complex infrastructure configurations and high customization

ECS offers:

Scalability — ECS provides better scalability instead of EC2. It provides more automated scaling options.

Managed Service — You don’t need to worry about the underlying hardware and infrastructure. Just upload the container(s) and that’s it.

Practicality — ECS Fargate is more practical and it’s a tool only for containers.

Time to start — It only takes a few seconds to start containers compared to EC2, which requires minutes.

Integration — It provides great integration with CI/CD tools, CloudWatch, and Load Balancer.

There is much more that EC2 and ECS offer, however, in this case, we have only touched on the basics

Conclusion

If you want to deploy a multi-container application, ECS is generally the better choice because it handles container orchestration better and you don't need to manage the infrastructure. If you want your application to scale independently and take advantage of built-in orchestration benefits, use ECS. In case you want to control the infrastructure yourself and have an identical environment as in development or testing, then use EC2.

If you like this story, please like and follow me.

www.ahmedsrebrenica.com

Deploy Docker Image to AWS EC2 in 5 minutes

Ahmed Srebrenica — Wed, 12 Jun 2024 18:35:05 +0000

From Development to Staging in 5 Minutes…

Introduction

As we know, there are many ways to run your Docker image on the Cloud. I have previously written about this and introduced two methods: “How to Deploy a Docker Image to Amazon ECR and Run It on Amazon EC2” & “How to Deploy a Docker Image on AWS and Run it on Fargate”.

The first method involves managing the infrastructure, security patches, network security, etc., while the second method allows AWS to handle the infrastructure, simplifying many processes for us. However, I will write about this in future articles.

In this article, I will show you the easiest way to move your Docker image from the Development to the Staging environment. This process takes approximately 5 minutes. We will use Docker on our local machine, DockerHub and AWS.

Prerequisites

Create AWS Account. I already have an AWS Account and I won’t be creating a new one.
Create a DockerHub account I already have and I won’t be creating a new one.
Create a GitHub Account I already have GitHub and I won’t be creating a new one.
Download Visual Studio Code or another code editor.
Download and install Docker.

Clone the Application to your Local machine

To make it easier, we will use my simple-node-app, which you need to clone to your local machine.

Go to your terminal and follow these steps:


git clone https://github.com/srebreni3/simple-nodejs-app

Then navigate to the project directory.

Go to your code editor, and you will see this:

We have app.js, package.json, and Dockerfile, it’s all we need.

I don’t want to explain the code of the application again, go to this article and you will find everything about it.

Let’s summarize: If you follow these steps, you will have an application on your Local machine, and that Local machine will be your Development environment. Feel free to change the code if you want.

Push the Docker image to Docker Hub

We need to create a Docker image for our application. Navigate to the directory where the application is located. If you are using an M1 or newer chip, use the following command to create the Docker image:


docker buildx build --platform linux/amd64 -t node-app .

If you are not using M1 or newer, use this command to create a Docker image:


docker build -t node-app.

When you have successfully created a Docker image, our next step is to push that image on Docker Hub.

Go to Docker Hub and create a new repository.

Let’s summarize: With these steps, you can push your Docker image to Docker Hub. It’s preferable to push it to the Private repository rather than the Public repository.

Create an EC2 Instance and install Docker on it

Go to the EC2 dashboard in AWS Console and click the Launch instance button.

2. Name your instance, for example: node-docker-server. The image should be Amazon Linux 2023. If you want a free tier-eligible instance, choose t2.micro.

3. We would like to login to the instance, and we will create a key pair. Security group should have open inbound ports 22 and 3000.

4. For storage, I will leave default settings, I don’t need more than 8 GiB of storage. Don’t forget: Free tier eligible customers can get up to 30 GB of EBS General Purpose (SSD) or Magnetic storage.

5. Under Configure Storage, click the Advanced details.

Go to the bottom of the page, and you will see the User data window. Paste this code into User data:


#!/bin/bash

sudo yum install docker -y
sudo systemctl start docker
sudo systemctl enable docker

From the right side, click the Launch instance button.

Let’s summarize: With these steps, you can create an EC2 instance on AWS to set up your staging environment using User data to install Docker on the instance.

Deploy an image from Docker Hub to AWS EC2

The first step is to connect to the EC2 instance. I will use AWS Console this time, but you can also connect through your Local machine from the terminal. Check out my older articles and you will find how to connect through a terminal from a Local machine.

Switch to sudo mode with this command:


sudo su

Check the Docker with:


docker --version

Everything is set up, the next step is to deploy the image from Docker Hub. Use this command:


docker run -d -p 3000:3000 <docker-hub-repo-name>

The image has been successfully created. Check the Public IP of your Instance with a 3000 port.

We got our Docker application on the EC2 instance.

Let’s summarize: Thanks to AWS, we can create a server and deploy whatever we want to that server in just a few seconds. This is an example of deploying from Docker Hub to staging environment (EC2 instance) in a few seconds.

Conclusion

If you prefer to run your production on EC2 instead of ECS using Docker images, one of the easiest ways to transfer images from the Development environment to the Staging environment is by using this method. Although this method has its advantages and disadvantages, it is, in my opinion, the simplest way so far. I hope it proves useful to someone.

From Good to Great: Using AWS Well-Architected Tool for Cloud Excellence

Ahmed Srebrenica — Thu, 23 May 2024 18:23:48 +0000

Operation excellence, Security, Reliability, Performance Efficiency, Cost Optimisation, Sustainability

Introduction

A few years ago, AWS provided us with the AWS Well-Architected Framework on their website, which describes key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. The page features six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability. For each pillar, there is an option to read more about it, as well as a lab option. After some time, AWS enabled us to define workloads through the service AWS Well-Architected Tool. Today, I will write more about how excellent this service is and how it can help our workload function better than before.

Downloaded from: https://afdclinics.com/the-six-pillars-of-health/

Prerequisites

Create AWS Account. I already have an AWS Account, so I won’t be creating a new one.

Define a workload

You need to do a few steps to define your workload:

Go to your account on AWS Console and type in the search bar AWS Well-Architected Tool.

2. Click the Define workload orange button.

3. You need to define a few parameters for your workload, such as N*ame, Description, Review owner, Environment, and Region. Every other parameter is optional. When you are finished, press the Next* button

4. If you want, you can create a profile or search for it. I won’t do that.

5. By default the AWS Well-Architected Framework is checked. Click the Define workload button.

Workload overview part I

Now that we have our workload, let’s see what options we have available. In the overview section, we have basic information such as:

Last updated
Overall questions answered
Overall risks
Workload notes

The Milestones section is very important. In it, we store upgrades, for example, we receive results after the first review, and then based on the results we change certain things related to our application and want to perform a new upgrade. The new upgrade will be displayed in the Milestones section, just like the old one, which will remain there.

The Properties section has properties of our workload that we set before.

In the Shares section, we can share this with the other Principals.

Start reviewing

It’s time to answer the questions for each lens, just click the Start reviewing button.

We have six pillars on the left side, and each pillar has several questions.

In the middle, we have the main question and several sub-questions.

On the right side, we have explanations for every sub-question.

Our task now is to go through each pillar, each question, and each sub-question, and after we finish, it’s necessary to press the Save and exit button and Save milestone button.

Name your milestone and click the Save button.

Workload overview part II

What did you get after you answered the questions? I got 16 high-risk and 4 medium-risk and I have to do everything to minimize the risk.

How can you do the same?

Scroll down and you will see Lenses. Click the High risks number (16).

You will see under the improvement plan what you need to improve.

For example, the question is How do you securely operate your workload? Click the recommended improvement items and you will see something like this:

In my case, I will go to my app and I do as recommended.Don’t forget to click every recommendation, it will guide you to AWS documentation.

Continue reviewing

If you have fixed what was risky, you can go to Continue Reviewing and check off what you have fixed. Go to your workload under the AWS Well-Architected tool and click the Continue reviewing button.

After you have checked off what you have fixed, you need to click the Save Milestone button. I will name it basketball-scoreboard-1.1.

Under the Milestones section, you will see your versions of the AWS Well-Architected tool.

Conclusion

The AWS Well-Architected Tool is essential if you want your workload to operate according to the best AWS practices. Speaking from my experience, the AWS Well-Architected Tool has helped me a lot, especially in terms of security, so I highly recommend using it. As for pricing, there is no additional charge for the AWS Well-Architected Tool. You pay only for your underlying AWS resources.

www.ahmedsrebrenica.com

How can you become an AWS Community Builder?

Ahmed Srebrenica — Wed, 01 May 2024 10:16:40 +0000

Introduction

In January of this year, AWS issued a call to fill out applications for the AWS Community Builders program — and I applied. I honestly hoped to be accepted because I know how much effort I put in to meet certain criteria. On March 4th, my happiness knew no bounds when I received an email from AWS stating that I was accepted into the AWS Community Builders program. To experience the same joy as me and to gain all the benefits that this program offers, I will give you some tips to increase your chances of being accepted into this prestigious program.

What is the AWS Community Builders program?

According to AWS, The AWS Community Builders program offers technical resources, education, and networking opportunities to AWS technical enthusiasts and emerging thought leaders who are passionate about sharing knowledge and connecting with the technical community.

Interested AWS builders should apply to the program to build relationships with AWS product teams, AWS Heroes, and the AWS community.

Throughout the program, AWS subject matter experts will provide informative webinars, share insights — including information about the latest services — as well as best practices for creating technical content, increasing reach, and sharing AWS knowledge across online and in-person communities. The program will accept a limited number of members per year. All AWS builders are welcome and encouraged to apply.

How to increase your chances of being selected?

I will share with you a few tips on how to be selected for this program. I will share exactly what I did:

Engage in the community — I think this is the key thing you need to do. Engaging in the community can involve several things. My way of engaging in the community was mostly through writing articles for Medium and sharing those articles on various platforms. It’s very satisfying when someone reaches out and tells you that your article helped them with a certain problem. My articles usually include some demos, but yours don’t have to be the same as mine; they can be of any nature. Also, engaging in the community can involve attending various lectures, webinars, hands-on workshops, blogs, social media, and forums, and being active in everything I mentioned.
Contribute to specific projects — I remember in the application I wrote for this program, there was a requirement for contribution. It wouldn’t hurt to contribute to specific projects, even if it’s just writing documentation or something simpler.
Be active, be a leader, be an ambassador — AWS wants you to be active and help the community, what does that mean? Join some of the Slack or Discord channels where there are topics related to AWS and help others. For example, someone may have a problem creating an EC2 instance; if that’s not a problem for you, reach out to that person, help them, and explain how to create an EC2 instance.
Connect with existing members — Use social networks to connect with existing members who have been accepted into the AWS Community Builders program. But not only with them, but connect with prominent AWS professionals and people who contribute a lot to the community. Through social networks, share their posts related to AWS that can help the community.
Make sure to write a good application — When writing your application, make sure it’s as good as possible. In my application, I also wrote about things unrelated to AWS and IT in general. Since I was a basketball player, coach, and assistant at the university, I mentioned these experiences to let AWS know that I have experience working with communities.

WARNING: Don’t use AI tools in your texts that would write documentation instead of you. It is allowed to use them for code; however, a big NO is placed on everything else. Also, don’t use AI in writing the application for this program, otherwise, you will be rejected.

What are the benefits of this program?

There are many benefits to this program. Depending on what you need most, that will be the greatest benefit for you. Some of the benefits include a $500 credit to your AWS Account, a SWAG package, becoming part of the AWS Community Builders community on Dev.to, joining the Slack community (with over 3000 users), daily communication in various ways with other AWS Community Builders, and the privilege of attending various lectures by different AWS experts.

Personally, for me, the greatest benefit is being part of the Slack community. Why specifically that? I have the opportunity to learn a lot from other AWS Community Builders, both through the content they share and if I ask a question, someone will surely provide an answer for what I’m looking for. I’ve met new people, made new friends, and that is currently the biggest benefit for me. Certainly, the $500 credit is also helpful, but the community is what brings us together, and Slack is the best place for that.

Conclusion

You don’t need any special experience to be accepted into this program. It’s enough to put in effort and work, and the right people will notice. Follow my advice and you’ll likely be accepted. The next application cycle is in 2025, so start preparing now. Become part of this prestigious AWS community. PS. If you follow this text and pass the application next year, let me know the result, and we can celebrate with an online coffee.

Add your name to the waitlist for the January 2025 application cycle.