An Overview of Amazon AWS and UpGuard (Part 2 of 2)

Posted by UpGuard

In Part 1 of this article, we presented an overview of Amazon AWS and UpGuard, and discussed how the two marry the best in cloud computing and DevOps. We also learned how UpGuard is not just the premier solution for configuration monitoring, control and automation of AWS offerings like EC2 and S3, but can also work with any number of RESTful services. But enough waxing philosophical—time to put theory into action. And what better way than to follow a fictional organization as it sets up UpGuard monitoring for its AWS cloud infrastructure?

AWS and UpGuard PrayingMantisLovers exists primarily to serve the interests of a regional group of praying mantis enthusiasts. They subsist entirely on donor support and accept payments on their public website,, which also houses a virtual storefront for peddling wares such as coffee mugs and t-shirts. Since this is the non-profit’s sole vehicle for income-generating activities, maximizing web server uptime and availability is crucial for ensuring PrayingMantisLovers’ fiscal well-being.

The IT manager is using AWS to host the site, as the non-profit is a small organization with big aspirations. They want to be known as the worldwide authority on praying mantises, so despite their diminutive web infrastructure he’s chosen Amazon’s cloud in anticipation of scaling up in the future.

AWS and UpGuard’s EC2 server instances on Amazon AWS.'s web infrastructure consists of two micro EC2 Amazon Linux servers running in tandem: a production instance serving the live site, and a staging server where the web developers test and finalize pages and configurations.

The IT manager currently faces a couple challenges with their current web infrastructure:

  • The site has gone down several times in the past few months, and PrayingMantisLovers’ executive director has made it top priority to implement a solution to stay on top of things.
  • The staging and production server configurations fall out of sync periodically. This usually happens when the web developers make server configuration changes to staging in order to accommodate development efforts. They do not have access to the production server, so the IT manager has to track the configuration changes in order to accommodate their code once it moves into production.

Because IT operations are run on a shoestring budget, the IT manager has limited resources for acquiring and implementing a solution. Furthermore, he’s weary of contacting the web developers (who work in different time zones) every time server configurations fall out of sync.

A colleague and fellow systems administrator recommends UpGuard as a potential solution, so he decides to try it out for monitoring PrayingMantisLovers’ web infrastructure. Out of the gate, ScriptRock’s per node pricing model is music to the IT manager's ears. It allows PrayingMantisLovers to get started with UpGuard inexpensively and scale up monitoring cost-effectively when adding additional EC2 server instances or other AWS components in the future.

Full details on how to set up UpGuard monitoring with SSH can be found here. For this discussion, we've chosen a simple use case to illustrate the ease-of-use and power of UpGuard. We'll be exploring other features in-depth in forthcoming articles.

After signing up for UpGuard, he’s taken to a screen for setting up nodes to be monitored. He selects the “Linux/Unix” option to set up monitoring for the staging/production web servers hosted on AWS EC2.

 AWS and UpGuard 

The next screen displays 3 options for connecting to the server in question: “Agent,” “SSH,” or “Manually Add Node.”

 AWS and UpGuard

He selects the “SSH” option—this is how he and his staff typically access the servers. 

AWS and UpGuard 

Per Step 3, he connects to the server and runs the command. After it completes successfully, he clicks “continue.” UpGuard then begins scanning the system.

 AWS and UpGuard

After finishing the scan, the IT manager clicks “View and Compare Scan” to see the results.’s production web server is now being monitored by UpGuard and will automatically be scanned periodically.

He follows the same procedure as above for the staging server. With both now set up to work with UpGuard, the IT manager now can track changes between the two systems.

AWS and UpGuard

By selecting a node from the Manage / Nodes pane and choosing another node to compare with, one can view configuration differences between two servers. For example, the IT manager can now compare the production and staging environments to troubleshoot any problems or issues. 

AWS and UpGuardUpGuard reveals crucial informaion regarding different configurations between two systems.

Another of UpGuard's handy monitoring capabilities is the ability to monitor websites. This is also of interest to the IT manager, as he would like high-level notifications regarding critical website issues such as expiring doman names, expiring SSL certificates, and the like. He returns to the screen for setting up nodes by clicking "Add Node,"and this time selects the “Website” option to set up monitoring for the website.

AWS and UpGuard UpGuard’s options for setting up nodes for monitoring.

Selecting this option, he’s taken to a screen for entering additional information about the website node. 

AWS and UpGuard Information required for setting up a website node for monitoring. 

After clicking “continue,” UpGuard immediately begins scanning the node’s system configuration.

AWS and UpGuard UpGuard scans a website node for monitoring.

The scan completes and presents the options “View and Compare Scan” and “Build Policy from Scan.”

 AWS and UpGuard UpGuard successfully completes a scan of a website node for monitoring.

He selects “View and Compare Scan” to immediately see what UpGuard has discovered.

AWS and UpGuard UpGuard’s Manage tab, where information from scanned nodes is viewed.

An item in particular catches his eye: SSL cert expiration. Last year they were caught off-guard with an expired SSL certificate, which halted their ability to collect donations online and sell items in the web store for several days. With UpGuard monitoring these details, he breathes a sigh of relief knowing that this won’t happen again.

Clicking on “wheel view” visualizes the node’s information in a interactive wheel. The web developers often complain of something working in staging, but not in production. Now he can easily identify which scripts are being loaded and compare the two environments for easy troubleshooting.

 AWS and UpGuardUpGuard’s wheel view renders information from scanned nodes to an easy-to-understand format.

With UpGuard in place, PrayingMantisLover's IT Manager no longer spends sleepless nights wondering if the web developers' next slew of changes will disrupt website operations. And with automatic monitoring and notifications in place, PrayingMantisLover's IT staff is the first to know when potential problems arise.

In the future we will be looking at how to implement UpGuard in more advanced, enterprise-grade scenarios-- so be sure to check back soon!

Protect your AWS security groups

More Blogs

The "Hacking" Of 000webhost—Or Why Free Should Never Be Synonymous With Unsecure

So how do events like 000webhost's massive data breach involving free web hosting providing 000webhost transpire? In a word, negligence. Gross negligence, to be precise.
Read Blog >

Why We Made Our Vulnerability Assessment Free for Everyone

Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. For our part, we're offering our full product, including vulnerability assessment, free forever for a user's first ten machines.
Read Blog >

Understanding Risk in the 21st Century

Even today, the risk of data breaches in particular threaten to hamper business innovation. So what is cyber risk, and what can be done about it?
Read Blog >

UpGuard Customers