Using AWS Secrets Manager as a credential manager for
Concourse CI works well,
however the official documentation currently leaves
out several critical details needed to utilize it properly. These are my notes to fill in the gaps in the documentation.
AWS will sometimes schedule an event to occur on your EC2 instances in order to perform maintenance of the host servers. The most common event will be a scheduled stop/start sequence of your instance which allows AWS to move your instance onto different hardware. When an event is scheduled for one of your instances the only notification AWS generates is an email to your AWS root account. In my experience the AWS root account is usually associated with the CEO or CIO’s email address who may assume others are copied on the notification email, or may simply misunderstand or ignore the notification all together.
AWS Config is becoming a very handy service for monitoring compliance rules within your
AWS account. I find it especially useful in my current job for verifying all EBS volumes and RDS instances have encryption
enabled to meet HIPAA compliance requirements. My one frustration with this service is the lack of user-friendly
notifications when a compliance issue is discovered. You either have to check the web console regularly or have your email
inbox blown up with a constant stream of AWS Config notifications. So today I took the time to create an AWS Lambda function
that will process AWS Config notifications and only email you the ones that indicate a change in compliance status.
SendGrid can be configured to send events like bounces and click tracking to a URL of your choice via their
Webhooks feature. This post describes how to configure an
AWS Lambda function to process these SendGrid events.
By using Lambda you can easily handle the large amount of traffic SendGrid Webhooks can generate, while keeping costs and
system administration work to a minimum.