In our recent office hours, JumpCloud® DevOps Engineer Jude Quintana and Solutions Architect Kyle Moorehead sat down with Product Marketing Manager Leia Schultz to go over a fan favorite topic: Amazon Web Services® (AWS).
We covered a lot! We’ll recap the highlights here, and if you want to know even more about the tools that JumpCloud uses for provisioning cloud resources, or how our teams use serverless for infrastructure automation, make sure you check out the full recording.
Some of the Quicker Questions
First, let’s go through a few of the more rapid-fire questions Jude and Kyle touched on.
Why would an IT administrator use both AWS and JumpCloud?
AWS and JumpCloud fill very different roles in an organization. At a high level, JumpCloud manages identities, access, and devices. AWS, of course, has an almost endless number of services, but it doesn’t really focus on user management outside of AWS.
How does JumpCloud handle user management in Amazon Relational Database Service (RDS)?
The main way to integrate into AWS’s identity and access management (IAM) is through a SAML connector. In addition to the base connector, there’s also a Redshift connector for accessing your data warehouse as well as a connector for the AWS Client VPN. Plus, if you need any more customization, there’s the option to pass some custom attributes that could be used on the AWS side (like AWS Session Tags).
Is there a way in Terraform for an admin to back up their JumpCloud data to AWS in the event that anything were to happen that would require a backup?
There’s a Terraform module for JumpCloud that only handles users, not systems or apps. For a more comprehensive backup of your JumpCloud data, the Get-JCBackup command is the quickest and easiest way. This utilizes the PowerShell module, which is a tool that solutions put out. This can then be used to back up your users and systems.
The next big topic we covered was autoscaling. First, a potentially controversial question: Is Kubernetes the best option for autoscaling?
Well, to answer this, we have to acknowledge, the JumpCloud infrastructure doesn’t run on Kubernetes! Although, to be fair, JumpCloud can manage user access and identities for Kubernetes.
Why? The overhead. We decided that AWS’s autoscaling is actually the better option for our needs. We’re able to build in a pipeline and deploy via a bot. Anytime it needs to scale up, it can usually be done in a reasonable amount of time. We’ve integrated this with our configuration management, which has worked out pretty smoothly.
JumpCloud insider tip: Check out docs.jumpcloud.com to see the System Context API. A fairly common integration between some of our more DevOps heavy customers is in this autoscaling context. If you’re able to install the JumpCloud agent on these systems, you’re able to manage user access, policies, and commands. Once the agent is set up, you can use the system context API to handle the authorizations. This can be really handy if you’re using the built-in AWS autoscaling.
Let’s Talk Serverless Applications
Next, our Office Hours moved to discussing ins and outs of serverless apps. Here’s a great question that came up:
Why does JumpCloud release on the serverless app instead of building into the product itself?
When we release on the serverless app repository, it’s usually because it’s a niche use case. The serverless app gives customers the flexibility to do a one-click deploy or take the code and customize it. We open source everything in GitHub if you want to make changes to tailor it to your own needs.
New Feature Alert! Directory Insights™ and AWS
The JumpCloud Directory Insights enables JumpCloud administrators to save their Directory Insights data to an AWS S3 bucket through our serverless app and work with it however they see fit.
Directory Insights is a premium offering that we built because we love data. Really every single user activity across JumpCloud is logged in the Insights module, and capturing that data in an S3 bucket allows customers to do pretty much anything needed with the data.
There are a lot of use cases where customers need the data for longer than the standard 90 days JumpCloud retains within Directory Insights. Customers can use AWS for long term storage—maybe for audit compliance, or for a SIEM that’s able to ingest data from a bucket to analyze the data as your organization needs.
Staying up to Date With AWS and JumpCloud
Staying knowledgeable with the latest features from both AWS and JumpCloud can be plenty. And, as we joked in the Office Hours, let’s be honest, not even AWS is able to keep up with every service they release!
JumpCloud’s Slack Lounge is a great way to keep updated on our latest releases and talk shop. And, speaking of certifications, JumpCloud University is offering the Core certification free through the end of 2020. Get yours here.
Thanks to all who joined our Office Hours. Email us about what you’d like to learn about at our next session at email@example.com.