This scenario takes you through the essentials of defining new Kubernetes Custom Resource Definitions (CRDs). You will extend Kubernetes by creating new resources beyond the standard ones you normally get with any Kubernetes cluster. Once you understand CRDs, you will learn how to further extend Kubernetes using the powerful Operator pattern.

In this scenario you will learn how to:

  • Discover how your CRD becomes a new resource
  • Add, inspect, and remove instances of a custom resource

Kubernetes Extensibility: Custom Resource Definitions

a. verify your Kubernetes cluster is up and running for this LAB and the Helm package manager…


Why use AWS Time-Series Database?

  1. Amazon Timestream’s JDBC Driver is now available under the Apache 2.0 License on GitHub

3. AWS Time-series Database is accessible only in following available zones: us-west-2 , us-east-2, us-east-1, eu-central-1, eu-west-1

https://aws.amazon.com/timestream/

4. Widely support applications such as IoT Devices, AWS Lambda Functions, Grafana, Prometheus, SageMaker, Kinesis, Telegraf for data processing, data analytics, data visualization, data ingestion, query tools, Machine learning Tools. A time-series build in Amazon timestream as follow :


main.tf

resource "aws_dynamodb_table" "nonproductive" {name           ="${var.deployment_name}_nonprod"billing_mode   = "PAY_PER_REQUEST"read_capacity  = "${var.read_capacity}"write_capacity = "${var.write_capacity}"hash_key       = "metadataId"range_key      = "source"point_in_time_recovery = "${var.db_point_in_time_recovery}"…

Assumptions:
1. Account A (S3 Bucket )
2. Account B (Athena query)

Let's start with Account A:

  1. Either edit ACL of the S3 Bucket Object or add Bucket policy
  2. Under ACL add External AWS Account Canonical ID
  3. Edit Bucket policy by Using Policy Generator https://awspolicygen.s3.amazonaws.com/policygen.html
{
“Version”: “2012–10–17”,
“Id”: “Policy1604525342797”,
“Statement”: [
{
“Sid”: “Corss-Account-Permissions”,
“Effect”: “Allow”,
“Principal”: {
“AWS”: [
“arn:aws:iam::xaccountbxx:root”,
“arn:aws:iam::xaccountbxx:user/cross-account-access-user”
]
},
“Action”: “s3:*”,
“Resource”: “arn:aws:s3:::analytics-cross-account-s3access”
},
{
“Sid”: “Corss-Account-Permissions”,
“Effect”: “Allow”,
“Principal”: {
“AWS”: [
“arn:aws:iam::xaccountbxx:root”,
“arn:aws:iam::xaccountbxx:user/cross-account-access-user”
]
},
“Action”: “s3:GetObject”,
“Resource”: “arn:aws:s3:::analytics-cross-account-s3access/*”
}
]
}

5. If KMS…


The following high-level configurations are required for Central DNS on AWS

  1. Configure Route 53 Resolver endpoints. Use the AWS Resource Access Manager to share Route53 Resolver endpoints across AWS accounts.

Assumptions:

Account A = (Development AWS Account)Account B = (Master AWS Account)Route 53 Record exists in the Account A (Z1234567890QWERTYUIOP) which has to be associated with Account B VPC (vpc0987654321)

Steps:

Assume IAM role for Account A

a. aws route53 list-hosted-zones

2. Run the…

DevOps Archaeologist

AWS Community Builder

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store