Waterbear Cloud Newsletter, October 2019

By Kevin Teague
Published on Nov 01, 2019

Welcome to October edition of our Waterbear Cloud monthly newsletter, where we share our news for the month and tell you about what we’ve created.

Idle Service joins the Waterbear Cloud Services

Waterbear Cloud Services is our collection of AWS tools that are included with the Waterbear Cloud Platform that are used to enhance the management of your AWS Cloud. This month we’ve added an Idle Service.

Our Idle Service is a collection of schedules associated with a list of AWS Resources. Those resources will then be turned on or off automatically according to the schedule they are on. For example, you can turn your development environment’s AutoScalingGroups and RDS instances on every Monday through Friday morning at 8 am, and turn them off at 7 pm. Since you pay by the hour for EC2 and RDS resources, if you can reduce the number of hours from the full 168 to just 55, you would save 77% on the cost of running your development environment.

While there are other solutions that automate scheduling of your AWS Resources, such as the AWS Instance Scheduler, our solution adds some innovations to instance scheduling.

  1. Simplicity. Other solutions require you to manage a separate tool stack, with its own CLI, and you need to apply custom Tags to your resources for them to participate in a schedule. Our Idle Service is managed with our open source all-in-one AIM tool, and its configuration is a list of AIM references, so you can easily see in one place which resources belong to which schedules.
  2. Power. Our Idle Service can manage resources contained in AutoScalingGroups. Since our semantic configuration makes the configuration of an AutoScalingGroup such as the minimum and desired number of instances available, resources can be spun down to zero, then automatically spun back up to their desired number.

AIM gets a Secrets Manager and CloudFormation Init

We had a busy October with a lot of new additions to our core AIM Cloud Orchestration tool. We’ve add two features that enable you to automatically, securely manage secrets and server configuration between different environments:

  • AIM Secrets Manager allows us to reduce your risks by having automatically rotated, secure secrets with fine-grained access that can be restricted per environment.
  • AIM CloudFormation Init allows you to manage configuration of your EC2 instances. This allows AIM to automatically manage this configuration on a per-environment base. Reduce unexpected downtime from configuration mistakes, such as a production environment resource configured to connect to a server in your test environment.

AIM Secrets Manager for AWS Secrets Manager

AWS Secrets Manager is our way of managing resources for the AWS Secrets Manager service within AIM environments. AWS added the AWS Secrets Manager service in the summer of 2018, and it improves upon the existing ways of managing secrets using SSM Parameter Store by wrapping management of those secrets with Lambda functions(AWS provides ones for RDS, RedShift and DocumentDB and has guidelines on creating custom Lambdas). This gives you the ability to have automatic, safe secrets rotation.

AWS Secrets manager also enables you to manage access to secrets with fine-grained policies. We fit this ability naturally into AIM, where we have the concept of AIM Environments. Each environment gets its own set of secrets, and your secrets are automatically only available within the environment they belong to. No more worries about the production secret being available to developers, contractors, or anyone who doesn’t need direct access to production.


AIM gets support for CloudFormation Init

AWS CloudFormation Init (for short called just cfn-init) is a way to manage configuration (install packages, template out configuration files) for your EC2 instances. We’ve added support to AIM for managing cfn-init directly in your AIM Project’s YAML. Your cfn-init server configuration is directly associated with your application’s AutoScalingGroup configuration, and any setting can be overrode in your environment configuration. This could be used, for example, to enable your development web server to automatically get a configuration file to connect to the development database, while the production web server automatically gets a configuration file to connect to the production database. By overriding just the differences between environments, AIM allows you to easily see only what is different between environments. Confidently promote from your test environment to your production environment without making configuration mistakes.


Level up your DevOps with Waterbear Cloud. Talk to us about how your production environment can have automatic, compliant, securely managed secrets, and painlessly spin up an automatically configured test environment and save costs by running it only when it’s used.

Waterbear Cloud can help you reduce your costs and risks in the cloud, and best of all, by cutting down dramatically on the amount of unplanned work that managing your Cloud environments require, our DevOps-fu will let you focus your own efforts back towards accelerating the development of your applications.