Skip to content

Monthly Archives: January 2017

Letting Go

doll-1187920_640When pursuing a possible contracting opportunity, you need to be persistent, but you also need to know when to let go.

A while ago I was pursuing a possible contract (the startup is still ongoing but I was extending runway) and had been emailing with the decision maker a fair bit.  We wanted to do a meeting to get things going. I’d be taking care of some of the “behind the scenes” tasks that would allow their development to accelerate.  There seemed to be enthusiasm on both sides, but the meeting kept getting rescheduled.  Eventually, emails I sent about the meeting were not returned.

Now, everyone gets busy, and I understand that.  But if someone has a hard time returning emails when they are excited about the new work you are going to help them with, how are they going to be when you are asking them about an unpaid invoice, or for crucial guidance on a technical decision?  Perhaps they’d be responsive, but I wouldn’t bet on it.

So, I sent a note along these lines:

It seems like you aren’t really in a place to meet with me and discuss this work. No worries–I imagine you have many tasks pulling you in different directions.

While I’d love to work with you, I’ve learned clients who don’t have bandwidth are not good working arrangements for me nor for the clients–while I am self directed, there are times when I’ll need some level of feedback, if only to make sure I’m spending my time and your money correctly.

Please feel free to reach out to me if/when you have time and want to re-focus on this work.

Salient points to note:

  • no blame–we’re all busy and the ability to juggle work priorities is one reason why folks use contractors.
  • closure of this conversation frees me up to pursue other opportunities and them to focus on what they are working on (or perhaps to find another contractor, if that’s a better fit).
  • but, leave the door open, so that if there’s an opportunity to work together in the future, no bridges are burned.

It can be hard to let go of a prospective client after you’ve put significant time into learning their problems, but it’s better to let go than to engage with a client who is not committed or is committed but doesn’t have the bandwidth to help you help them.

PS yes, that is Elsa of Frozen fame.

AWS Questions: Kinesis and IAM

  • What happens if you push AWS Kinesis (a high volume managed streaming solution from AWS) past the provisioned shard limits (as specified here)?
    • You start getting exceptions if you are trying to write to or read from the stream.  You can back off or you can increase the number of shards, which increases your throughput.
  • Any planned support for .NET with the Kinesis libraries (Kinesis Producer Library, Kinesis Client Library) which have some nice features?
    • I’m not aware of any future plans.  However both are available on github (KPL, KCL) and are open source(ish) under the Amazon Software License.  I say “ish” because of some concerns about section 3.3, limits of use.  So you could port the code to .NET.  In addition, there is support for running the KCL with other languages (Ruby, .NET, etc) but you still need to run a Java daemon.
  • Can someone create an IAM group with more permissions than the group they are in?
    • Yes, if the IAM system is misconfigured.  If a user is in group A which has the attach group policy permission, and has no other limits, they can attach an arbitrary policy to group B.  As per of the AWS shared responsibility model, you are responsible for your IAM setup.

AWS Questions: ASGs and Amazon Inspector

More questions from AWS course students.

  • EC2 instances in auto scaling groups have a warmup period that you can specify (so that the EC2 instance can be fully ready to take traffic directed to it).  I retold a story from another consultant about the warmup period for an ASG increasing over time (due to increasing numbers of security patches against the base AMI) and one student asked: “Can you set an alarm on instances overrunning the the warmup period?”
    • Since you can create custom metrics in cloudwatch and create alarms on those, you can definitely capture the warmup period.  All you’d need to do is, as the last step before an EC2 instance was fully configured, subtract the current time from the launch time (obtained via the API).  Store that number as your ‘warmup’ metric and set an alert if it ever gets close to your ASG health check value, and you’ll avoid ASG thrashing.
    • Update 4/6/2017: Another instructor pointed out a flaw in the above statements.  Upon further research, warmup time settings  only apply if you are using step scaling, and cooldown periods only apply if you are using simple scaling.  They are both trying to solve similar problems–making sure that you don’t start up or shut down instances before the instances have a chance to affect the situation that triggered the Auto Scaling Group action.  More on policy types.
  • “Can the minimum and maximum number of instances of an ASG be changed after initial configuration?”
  • “Can you point Amazon inspector at non aws resources?  In your own data center, for example?”
    • Amazon is a security tool that looks for vulnerabilities in your EC2 instances.  It requires installing an agent on the instances that it will be monitoring, and thus doesn’t work outside of AWS.

AWS Questions: Cloudfront and SQS

I have recently started a contract teaching AWS courses. (None of the following posts speak for my client.) AWS stands for Amazon Web Services.

During every course I teach I get questions that are not directly covered in the course material that I don’t know. I’m going to try to capture some of the questions asked by my students and post the answers.

  • Does SQS have transactional messages akin to JMS?
    • No.  JMS has the idea of transactions over messages, so you can be sure that all or none of the messages were processed.  SQS has no such construct–each message is independent.  If I were going to have multiple units of work done, I’d use one message, perhaps pointing to different datastores if the message was too big for SQS.
  • Can you push content to the AWS CDN, Cloudfront, ahead of use requests?
    • No, the content always has to be pulled by a requester.  You can of course configure a crawler to pull the data from the origins through Cloudfront (which will then store it).
  • Can you configure Cloudfront to pull from origins over SSL/TLS?