Welcome to panlm docs

1 start from

• CodeServer – Using code-server on EC2 instead of Cloud9 due to it has been deprecated
• Quick Setup Cloud9 – 简化创建 Cloud9 脚本，优先选择使用 Terraform 自动初始化；也可以使用脚本从 CloudShell 中完成初始化

2 highlights

(["status":"myblog"] OR ["status":"awsblog"])

- [$frontmatter:title]($filename) -- $frontmatter:description

- CodeServer – Using code-server on EC2 instead of Cloud9 due to it has been deprecated
- Datahub – 部署 Datahub，从 Redshift 和 Glue job 中获取数据血缘
- Quick Deploy BRConnector using Cloudformation – 使用 Cloudformation 快速部署 BRConnector
- Enable Quicksight with Identity Center – 中国区域启用 Quicksight 并且集成 Microsoft Entra
- Using Global SSO to Login China AWS Accounts – 使用 global sso 登录中国区域 aws 账号
- Cross Region Reverse Proxy with NLB and Cloudfront – 跨区域的 Layer 4 反向代理，并使用 nlb + cloudfront，考察证书使用需求
- Migrating Filezilla to AWS Transfer Family – 迁移 Filezilla 到 Transfer Family
- Enable scan on push in ECR and send notification to SNS – 启用 ECR 的 Scan on push 之后，自动将扫描结果中 CRITICAL 的信息发送到目标 SNS 告警
- Create Standard VPC for Lab in China Region or Global Region – 创建实验环境所需要的 VPC ，并且支持直接 attach 到 TGW 方便网络访问
- IRSA 中的 Token 剖析 – 本文档总结了将 AWS IAM 角色授予 AWS EKS 集群的服务账户的过程
- EKS Security Group Deepdive – 深入 EKS 安全组
- Using Grafana Loki for Logging – 使用 Loki 收集日志
- Stream EKS Control Panel Logs to S3 – 目前 EKS 控制平面日志只支持发送到 cloudwatch，且在同一个 log group 中有5种类型6种前缀的 log stream 的日志，不利于统一查询。且只有 audit 日志是 json 格式其他均是单行日志，且字段各不相同。本解决方案提供思路统一保存日志供后续分析处理
- Export Cloudwatch Log Group to S3 – 导出 cloudwatch 日志到 s3
- Security Lake Support Collecting Audit Logging from EKS – 使用 Security Lake 收集 EKS Audit 日志
- Quick Setup Cloud9 – 简化创建 Cloud9 脚本，优先选择使用 Terraform 自动初始化；也可以使用脚本从 CloudShell 中完成初始化
- Setup Cloud9 for EKS – 使用脚本完成实验环境初始化
- assume – assume 工具，可以以另一个账号角色，快速打开 web console，或者执行命令
- openswan-s2svpn-tgw-lab – connect to global aws using site-2-site vpn service, for example access global bedrock service
- Mutating Webhook for Kubernetes in China – 中国区域 k8s 集群 webhook ，自动修改海外镜像到国内地址
- Obsidian Tips – obsidian 使用点滴
<–>

3 my aws blogs

• https://github.com/panlm/blog-private-api-gateway-dataflow
• https://aws.amazon.com/cn/blogs/china/extending-the-prometheus-high-availability-monitoring-architecture-using-thanos/

4 deprecated docs

(["status":"deprecated"])

- [$frontmatter:title]($filename) -- $frontmatter:description

- script-api-resource-method – 每个 api 的每个 resource 的每个 method 都需要单独通过命令行启用“tlsConfig/insecureSkipVerification”，通过这个脚本简化工作
- Building Prometheus HA Architect with Thanos – 用 Thanos 解决 Prometheus 在多集群大规模环境下的高可用性、可扩展性限制
- Prometheus With Thanos Manually – POC-prometheus-with-thanos-manually
- appmesh-workshop-eks – appmesh workshop
<–>

5 rendered

• Welcome
• Cloud9

  • Quick Setup Cloud9 myblog
  • Setup Cloud9 for EKS myblog
  • Cloud9
  • Create Standard VPC for Lab in China Region or Global Region myblog
  • CodeServer myblog
• Container

  • Container
  • EKS

    • Cluster

      • Create EKS Cluster with Terraform
      • Create Public Access EKS Cluster in China Region
      • Create Public Access EKS Cluster
      • Create Private Only EKS Cluster
      • EKS Upgrade Procedure
      • EKS Addons
    • Addons

      • aws-for-fluent-bit
      • aws-load-balancer-controller
      • cert-manager
      • cluster-autoscaler
      • cni-metrics-helper
      • ebs-for-eks
      • EFS CSI on EKS
      • eks-addons-coredns
      • eks-addons-kube-proxy
      • eks-addons-vpc-cni
      • eks-external-snat
      • eksup
      • externaldns-for-route53
      • karpenter
      • kube-no-trouble
      • kube-state-metrics
      • Kyverno
      • Metrics Server
      • nginx-ingress-controller-community-ver
      • nginx-ingress-controller-nginx-ver
      • nginx-ingress-controller
      • pluto
      • prometheus-adapter
    • Solutions

      • Appmesh

        • appmesh-workshop-eks deprecated
        • automated-canary-deployment-using-flagger
      • Compute

        • Fargate on EKS
      • Gitops

        • argocd
        • flux
      • Logging

        • cloudwatch-to-firehose-python
        • Security Lake Support Collecting Audit Logging from EKS myblog
        • eks-loggroup-description
        • Export Cloudwatch Log Group to S3 myblog
        • Using Grafana Loki for Logging myblog
        • Stream EKS Control Panel Logs to S3 myblog
      • Monitor

        • EKS Container Insights
        • enable-prometheus-in-cloudwatch
        • Install Grafana on Beanstalk
        • install-prometheus-grafana-on-eks
        • kubernetes events exporter
      • Network

        • EKS Security Group Deepdive myblog
        • eks-custom-network
        • eks-prefix-assignment
        • enable-sg-on-pod
      • Security

        • IRSA 中的 Token 剖析 myblog
        • EKS Access API
        • eks-aws-auth
    • Kubernetes

      • horizontal pod autoscaler
      • k8s-liveness-readiness-startup-probes
      • Kubernetes Best Practices - Resource Requests and Limits
      • topology spread constraints
  • ECS

    • Migrating .NET Classic Applications to Amazon ECS Using Windows Containers
    • ecs-windows-gmsa
    • poc-container-on-domainless-windows-in-ecs
    • Windows Authentication with gMSA for .NET Linux Containers in Amazon ECS
  • ECR

    • aws-signer
    • Enable scan on push in ECR and send notification to SNS myblog
    • Mutating Webhook for Kubernetes in China myblog
• Database and Analytics

  • Data and Analytics
  • Datahub myblog
  • Enable Quicksight with Identity Center myblog
  • rds-mysql-replica-cross-region-cross-account
  • redshift-data-api-lab
  • Using MWAA in Private Network
• Serverless

  • apigw-cross-account-private-endpoint
  • Custom Domain Name in API Gateway
  • Get Source IP in API Gateway
  • apigw-private-api-alb-cdk
  • apigw-regional-api-access-from-vpc
• GenAI

  • dify.ai
  • llm-llama3
• Others

  • Others
  • Migrating Filezilla to AWS Transfer Family myblog
  • Prometheus With Thanos Manually deprecated
  • Storage File Gateway
  • Using Global SSO to Login China AWS Accounts myblog
  • create-dashboard-for-instance-cpu-matrics
  • Obsidian Tips myblog
  • Quick Deploy BRConnector using Cloudformation myblog
  • Rescue EC2 Instance
  • script-api-resource-method deprecated
  • script-convert-mp3-to-text
  • self-signed-certificates
  • Network

    • aws-nfw-network-firewall
    • caddy
    • Cross Region Reverse Proxy with NLB and Cloudfront myblog
    • openswan-s2svpn-tgw-lab myblog
  • Well architected

    • WA-卓越运营-Operational-Excellence-202310-Summary
    • WA-可持续性-Sustainability-202310-Summary
    • WA-可靠性-Reliability-202310-Summary
    • WA-安全-Security-202310-Summary
    • WA-性能效率-Performance-Efficiency-202310-Summary
    • WA-成本优化-Cost-Optimization-202310-Summary
  • github-page-howto happy
• CLI

  • Linux Commands

    • linux-cmd
    • docker
    • eksctl
    • eksdemo
    • ffmpeg
    • assume myblog
    • helm-cmd
    • iptables
    • jq
    • kubectx
    • kubernetes-cmd
    • postgres-cmd
    • python-cmd
    • regctl
    • terraform
    • ubuntu
    • vim-cmd
    • web-press-testing-tool
  • AWS CLI

    • acm
    • api-gateway
    • auto-scaling-group
    • ip-ranges
    • aws-nuke
    • cloud9
    • cloudformation
    • cloudwatch
    • copilot
    • directory service
    • ebs
    • ec2
    • ecr
    • ecs
    • efs
    • eks
    • elasticache-redis
    • elb
    • iam
    • lambda
    • lightsail
    • rds
    • redshift
    • route53
    • s3
    • sam
    • sns
    • sqs
    • ssm
    • sts
    • vpc
  • Windows

    • docker-on-windows
    • powershell
• Tags