Dynamic DNS for EC2 instances using a Lambda function

Posted on

You’ll also have to set some IAM policies on the Lambda execution role:

Bundling and injecting components in Ionic 2 / Angular 2

Posted on

In Ionic 2, one of the nifty concepts is a ‘navigation stack’, where your screens/pages (actually Angular 2 components) simply push and pop from the stack as the user navigates from the root page. Explained briefly in this video, it’s logically better than doing it through UI router in Angular 1 – but also heaps, heaps easier to code as well. Continue reading Bundling and injecting components in Ionic 2 / Angular 2

Arrow function vs thisArg: an Array.prototype.forEach benchmark

Posted on

Here’s a 5-min script that checks the performance different ways of accessing this from within nested functions.

The question stems from an application design (this one’s a Lambda Node.js app) that heavily uses bound contexts – within array.prototype.forEach loops I needed to call functions from the bound context.

Googling yielded naught, so… benchmark time. Continue reading Arrow function vs thisArg: an Array.prototype.forEach benchmark

PHP 7, SQL Server and IIS

Posted on

PHP is great for quick and dirty productivity web apps. Recently I needed to get some data entry done for SQL Server, and it seemed like a great chance to install PHP 7 too.

Here are some common problems when trying to get IIS 10 (Win Server 2016), PHP 7 and the Microsoft SQL Server driver.

I mention specifically Windows Server, however this would work equally validly on regular desktop Windows. Continue reading PHP 7, SQL Server and IIS

Angular 2 thought snippets

Posted on

Why is TypeScript default.
Well… it’s the designated Angular 2 official language, it even comes with a whole mini-history behind it, the AtScript/TypeScript merger.

I don’t want to learn TypeScript, it’s a dirty transpilation language.
Yeah well, JavaScript for Angular 2 honestly isn’t better. Architecturally, Angular 2 doesn’t budge on design and so the plain JavaScript ES2015 syntax consists of monkey patches. TypeScript is the lesser of the two evils. It is also a pain in the butt to need the overhead of a transpilation server.

This requires a lot more setup than Angular 1.
Sort of a rant here. Best practices suggest you need NPM to get the Angular 2 stuff (which is untrue, especially if you want to keep it lightweight). Then you use an auto loader, which requires its own little army of files (and is a new JS concept for me). And this in turn calls the bootstrapper (you must explicitly bootstrap in Angular 2) which needs modules and components in all the right places. Gah!

Bring back the old search though.
The Angular 1 website had a nice search feature where you hit “/” and activated the search box. Also it returned hits in a mega menu which was nice as well.

Give me a boilerplate. Does anyone have a boilerplate please.
Ended up making my own… here.

Not sure if I’ll use the weird-looking grammar for bindings or stick to English.
I think I will warm up to these soon. The downside is that it obfuscates HTML for those not accustomed to Angular 2, and that is not a good thing.

AWS Certified Solution Architect – Associate Exam

Posted on

checked_checkbox1Get an AWS certification

A big tick in the checkbox for me! Most of the people I work with know that I’m an AWS nerd, and I’ve been meaning to attain certification for some time now by completing an exam.

What does it involve?

solutions-architect-associateAWS offers five certifications, three of which are Associate level, meaning they can be taken without any prerequisites. I chose to undertake the Certified Solution Architect – Associate, and based on internet opinion it appears that it’s the most popular AWS certification. Although it would seem like AWS Certifed Developer – Associate would apparently make more sense for my background, I think in truth, CSA is a more transferrable and flexible first certification.

Exam prep vs reality

There’s quite a few AWS certification 3rd party training sites. I was tempted, but didn’t pull the trigger. Their public discussion threads were a little insightful though. I did purchase the practice exam for US$20 from the official test provider’s website, but in honesty found this to be a gross underrepresentation of the depth of the actual exam.

Here’s what I thought vs what I found, for the AWS Certified Solution Architect – Associate exam:

  • Found the exam to be largely scenario-based. This is consistent with everything the internet says.
  • Found the questions to be worded trickily. For example, the question might ask about web-tier, and therefore any questions involving AWS database services would be invalid.
  • Expected more questions involving VPCs. I didn’t get that many VPC scenarios.
  • Was not prepared for the breadth of S3-related questions. If I did this again, I would read up as many S3 use cases as I could find.
  • Was amused at a couple of repeat questions. This happened at least twice.
  • Found that I could apply process-of-elimination to a number of trickier questions. Some questions that required 2 answers out of 5, I was able to rule out 3 impossible answers. Bazinga.
  • Found that the fact-seeking questions generally only covered one aspect of that service. For example, there were a fair few Route 53 questions, which only asked about one specific aspect at a time.

I’m cognisant that the questions for individual exam instances (haha instances) are randomly selected and so my experience may have been a chance outcome.

Overall – pretty happy with this exam, as a reflection of my two years on the AWS platform!

Overcoming Same-Origin with AWS Lambda

Posted on

AWS Lambda just makes it sooo easy to do miniscule bits of server-side lifting that cannot be avoided.

Here’s my situation: I’ve deployed a one-page JS/HTML website on an S3 bucket. The site requires a “live” feed to Instagram, which we can satisfy by using this Instagram hidden-in-plain-sight JSON endpoint (actual account redacted from link).

However… it’s not surprising that Instagram doesn’t set an Access-Control-Allow-Origin=* header on this resource. Therefore I can’t pull it using AJAX from the webpage, at least in modern browsers like Chrome.

We need a server-side solution to retrieve this, and it clearly isn’t efficient to spin up a new EC2 instance, etc, just to provide this capability. Nor did I want to re-use an existing instance to perform this (I want minimum coupling between my projects).

Enter AWS Lambda; tightly coupled dead-simple backend for minimal cost. Beyond writing the code to retrieve the Instagram endpoint JSON content, there were two ways we could integrate:

  1. Connect Lambda to API Gateway and turn it into a web service, or
  2. Write the file to an S3 bucket (then set relevant S3 ACL or IAM permissions)

Bearing in mind our one-page site is hosted in an S3 bucket anyway, option #2 is a cheaper and more appropriate choice. Here’s what the Lambda function looks like (Node.js 4.3):

You’ll want to create a new IAM role to execute this function with. That role would need to have S3 write permissions to the bucket of your choosing. Additionally, if creating your own role via the IAM console, ensure that you’ve added “lambda.amazonaws.com” as a trusted entity.


Coupled with a custom Lambda event, you could turn this function into a generic workhorse by parameterising the Instagram endpoint, bucket name, key, etc.


Automatically stop unused AWS EC2 instances with AWS Lambda

Posted on

I think by now pretty much all developers who use AWS have come across the following:

  1. Create a tiny instance for a very quick validation.
  2. Forget to stop or terminate the instance
  3. Get a +$15 bill in the subsequent month

Inconvenient, to say the least. And being the smart and resourceful people we are, developers who use AWS have indeed got many ways to mitigate the likelihood, including this and that.

Having just re-checked this week and seeing that Lambda is finally in ap-southeast-2 (hooray) I set about writing a simple scheduled Lambda function to perform my daily server cleanup. Benefits include being serverless (no need to deploy a controller anywhere) and using IAM roles without the need to fiddle with keys.

Setting a trigger

You can certainly be creative here, but I just went for a stock-standard cron emulation using a CloudWatch Event scheduled for daily at 5am AEST. The CloudWatch Event cron format confused me a little, I don’t think it’s Vixie cron at all, so here’s the documentation for it. Anyway,  cron(0 19 * * ? *) will run your function at 7pm UTC every day of the year (note the 5th argument is a question mark).

Configuration caveats

Probably one of the earliest gotcha’s is creating the IAM role under which your Lambda function will execute (… but then again, when have IAM roles not been a gotcha??). Without ‘lambda.amazonaws.com’ listed as a trusted entity within the role, won’t work.

The easiest way is probably to do when creating the Lambda itself, and in the ‘Configure function’ screen, under ‘Lambda function handler and role’, the wizard gives you the required presets. For this tutorial you’ll also want to give this role EC2 Full Access (or fine grained permissions is better of course, if you can be bothered)

Screen Shot 2016-08-14 at 3.08.03 AM

Additionally, in the configuration section, don’t assign a VPC. This function doesn’t actually need to; it uses the AWS SDK via the internet. If you do assign a VPC, you prevent internet access, and when you run your Lambda function it just end up timing out.

The code

Happy serverless coding 🎉

You should use HTTPS over GitHub rather than SSH

Posted on

Today’s minor discovery. If you CBF setting up SSH keys just to get a quick-and-dirty commit pushed to GitHub, you can use the HTTPS remote endpoint.

You can use your GitHub username (username, not email) alongside your GitHub password to perform.

*Boom*. This never occurred to me before, since using SSH keypairs is so entrenched for me. But for instance, I wanted to quickly commit a couple of things into my repo before tearing down the cloud instance. Pushing with a username/password is ideal. We need to switch out our remote:

And that URL can be taken from your GitHub repo cover page:Screen Shot 2016-08-07 at 12.15.45 PM

Doesn’t work? Maybe you have 2FA enabled.

Additionally in my case, I tried this a couple of times but it continually returned “fatal: Authentication failed for ‘https://……'”. Makes sense right, if you’ve got GitHub 2FA enabled? In this case, generate a personal access token, and use this in your password field instead.