RexRay is a plugin module available for use with Docker which provides the ability to use shared storage as a Docker volume. It is quick to setup and provides near seamless data sharing between containers. We review it's basic design and detail tips for it's use in the AWS environment. The plugin design supports many different environments.
This is the first of a few related posts on the subject of the importance of controlling and constraining your AWS account resource creation abilities particularly in terms of IAM accounts.
A recent lesson learned caused us to research the area of unexpected resource usage in an AWS account. Trying out the AWS Batch service inadvertently resulted in the launch of an EC2 c4.large instance which ran for a day before we noticed that it was running. This was a surprise because the launch was not explicit, nor was the instance tagged with a descriptive name. After terminating the instance we realized that with this particular account only a limited set of instance types should ever be run and the AWS Config service can be used to detect things outside of normal operational expectations.
AWS Config can be set up using rules that are evaluated and a report generated for anything that fails the rule checks. In this case a rule was created listing the 3 instance types that would be expected to be found for this account. When the Config rules are checked any instance not falling in that list will be reported as non compliant. Note that this service does not prevent the launch of out of norm types but only reports on them so you have to take the action to correct the issue. A subsequent post will cover how IAM policies can be used to prevent a launch in the first place.
Subscribing to our blog is a great way to stay up to date with the latest information from Vizuri, as well as our strategic partners. We focus on providing a range of content that is practically useful and relevant from both a technical and business perspective.