Journey to Azure

Recently I achieved a certification in AWS that I have been working on for months, the AWS Solutions Architect – Professional. Of course there are specialty certifications that focus on specific areas in more details but for right now I feel complete in my AWS certification journey. While AWS is still the biggest public cloud, Microsoft Azure is not far behind. Now I learn best by doing and I also feel that is one of the greatest aspects of the public cloud is that its not too expensive to try things out for yourself in a personal lab. So this website and its technology stack was a primary way for me to learn about things in AWS so I figure to bolster my multi-cloud skills I should migrate over to Azure which I have since completed.

Obviously the migration aspect is a big learning experience, and also a big part of my professional career. Thankfully I didn’t have the red tape of change management or people unhappy with downtime, since hardly anyone even reads this blog. I selected Azure’s App Service running PHP for kind of a PaaS approach. I used git to push my existing WordPress code to Azure DevOps which integrates nicely with other Azure offerings including App Service. Its out of the box pipeline config tests and deploys your code once it gets a new commit.

For the database I did a mysqldump from the RDS instance and imported into Azure Database for MySQL server. The interesting thing is it is public facing but can be restricted.

I also spun up a small Azure Cache for Redis instance, it has 250 MB of RAM which seems like it is plenty big for this website.

I’m a little concerned about the cost of all of this so I set up some various cost alerts just so I can be prepared but ultimately I am undecided in how much I’m willing to spend. I view the expense as an investment in my skills which translates into growth in my professional career. Also the app service instance is larger than the Ec2 instance it was running on but it appears to be faster and does more frequent incremental backups which is a nice plus.

Let me know what you think of the new stack running this site in the comments!

Data recovery in the Cloud

Recently in my job I had to perform some data recovery activities for an Ec2 instance in AWS. The instance had been powered off for more than a year and the key pair for logging in had been lost. The instance’s root was an EBS volume that was not encrypted. We had a couple of options, we could have mounted the volume to another instance to insert a new key so we can log back in. It turned out that the client was just interested in the data. So ultimately it was just a matter of mounting the volume to an instance and pulling out the desired files. If this sounds simple it’s because it is. I think this is why it’s important to consider carefully who has elevated access to your AWS account. Even with encryption you can perform these activities, only if the application inside the instance had encrypted the data would I have gotten stuck.