If you have followed the posts in this series, Part 3 left us with the following completed: Diagram of our architecture IAM roles S3 bucket and its policies The next step is to build the EC2 server. Requirements In order to do this properly, you’ll need to meet or exceed the minimum system requirements published by Ubiquiti. You can find those officially here, but at the time of this writing they are as follows:
Continuing on from Part 2 where we created the required IAM group, user, and policies we get to the exciting part…building! The first step is to create the storage backend. In this case we’re utilizing Amazon Simple Storage Service (S3). As usual, I will refer you to AWS’s docs for the official S3 guide for creating the bucket. The process itself is very simple, but there are a few details to pay attention to specifically regarding this application.
Part 1 of this series outlined the architecture, which is then followed by creating the IAM group, user, and policy the EC2 will use to place recorded video in the S3 bucket. Open the IAM console Create a group (I named mine ‘unifi’) Attach a policy to the group. This is an example policy that I created in the visual editor. You can open it or restrict it to fit your specific needs as this is not the most restrictive policy example.
Like many of you, I am watching the AWS re:Invent keynotes and announcements remotely. Being network and performance focused here are the announcements I am currently most excited about. I will update this list as the week progresses. VPC ingress routing now makes routing to virtual appliances easier! This is a much welcomed improvement as routing inside the VPC has always been a bit tricky and cumbersome. https://aws.amazon.com/about-aws/whats-new/2019/12/amazon-vpc-ingress-routing-insert-virtual-appliances-forwarding-path-vpc-traffic/ Transit Gateway Manager manages and monitors the on-prem to cloud networks centrally and easier.
There are some gaps and changes to this that I have not completed or corrected. I am currently working on another project. Please contact me if you are using this as a guide and would like a little help. I will get back to this tutorial at a later date. **_Notice: I am not an official representative or affiliate of Ubiquiti or AWS. The process outlined below represents the high-level steps I used to successfully launch this application myself.
This week I attended my first AWS Immersion Day. The event was hosted by Justin McWhirter [justindm.me]. The focus of the day was serverless, and was centered around the Wild Rydes Workshops. By the end of the day we ended up with a web application that looked like this that was built upon many integrated AWS services such as Cognito, Kinesis, S3, Lambda, Amplify, API Gateway, and more. As someone who spends my time generally focused on networking within AWS this was a welcomed change of pace and a good learning experience.
Wasabi Storage Storage is one of the costliest options in the cloud and probably the biggest deterrent to migration. Fortunately, a handful of contenders are changing the game and breaking into affordable options for personal budgets. One of these companies is Wasabi. I have embraced the AWS platform, so on the surface this appears to be in opposition to that. Maybe it is, but Wasabi utilizes AWS S3 on the backend with a pricing strategy fit for personal as well as business use.
As I’ve stated in previous posts, I currently use CloudFlare as my CDN. There are several reasons for this that I won’t go into now. One of the “ToDo’s” on my list has been to clear CloudFlare’s cache when I upload new content to my blog. I was finally able to spend some time and get that done. CloudFlare API To start things off I reviewed the doc for the CloudFlare API.
It’s important to know your limits. In this case study we find a situation stemming from SMTP being throttled. This is part of the packet capture I received: The top lines show the previous conversation ending. SMTP successfully sent 3 messages. After the 3rd message the mail server stopped responding and retransmits began. This pattern was repeatable. More than that it was repeatable from other EC2 instances. The only thing between the EC2 instances and the mail server was a router and a firewall.
If you refer to this post, you’ll see that one of my objectives for this year was to develop an Alexa app for my kids. Well, I am happy to report this objective as completed. The cover art and the image below show the high level architecture. The app idea actually started based on something I was doing for my kids that they really took a liking to. Unfortunately, for this post it might be an idea that I could actually publish and potentially monetize.
- OLDER POSTS
- page 1 of 2