Posts

Authenticating to AWS EKS (Elastic Kubernetes Service) using AWS IAM (Identity and Access Management) credentials is a crucial aspect of managing and securing these clusters. However, IAM is not the only option when it comes to authenticating with these clusters. You can also configure additional IDP (identity providers) for this purpose. In this post today, I’ll explain the steps necessary to authenticate with Okta. Pre-requisities Before diving into the specifics, please ensure you have the following -...

Terraform is one of the most popular IAC tools out there. Although, it is quite simple to grasp and use, the complexity rises quickly once you introduce multi-account and multi-region deployments. This post is inspired by one such problem I had to tackle recently. The Problem How to create and manage multi-account and multi-region AWS resources using Terraform? A lot of organizations now seggregate their AWS accounts on the basis of environments (development, test, production etc....

Bitbucket Pipelines is quickly becoming a favourite with organisations which are already entrenched into the Atlassian suite of products. People with prior experience of Bamboo may not be thrilled at the prospect, but hey, it’s worth a shot. The Problem One of the key problems with establishing a CI/CD infrastructure flow is that of access control. Specifically for Bitbucket Pipelines, in the past you would need to provide access via repository variables....

Prometheus Blackbox Exporter is a popular plugin to test http endpoints. It offers a range of configuration options which can be tweaked to suit any use case. I recently had to implement monitoring for some APIs, each expecting a different content body. The Problem By design, Prometheus blackbox exporter is not expected to work as a “proxy”, so you cannot pass the body of a request via relabelling in Prometheus configs....

S3 is one of the core services offered by AWS, and more often than not, fulfills a critical storage need in most architectures. Over time, AWS has made it incredibly easy to hook it up with other services, further increasing its adoption. As the Google trends below indicate, S3 is possibly THE most widely used AWS service, even edging out the likes of Lambda, EC2, IAM etc. It may not be a 100% accurate inference, but I am sure, directionally, it is not too far off....

Fastly is a popular CDN based on the open-source Varnish. Since it supports VCL, a lot of custom “logic” to handle incoming requests can be added, right at the edge. It also provides a host of geolocation identification options. In this post, we’ll build on the service we created in a previous post Fastly Meta Service to implement a simple API which returns details about a particular public IP. This service can be nice value add, whether for use by machines (json output helps!...

Amazon Web Services (AWS) offers certifications in 4 broad categories - Foundational, Associate, Professional and Speciality. I recently cleared the Solutions Architect Associate certification. This time, wanted to attempt a “Speciality” certification. And what better topic to delve into than Cloud security. As much of a boon cloud is, it’s Achilies' heel remains unsecure workloads. Although AWS provides a ton of tools to mitigate and potentially limit security incidents, but they still do happen and often cost not just in monetary terms but also reduced customer confidence....

Those who do not learn from history are doomed to repeat it! This is incredibly apt for the software development world as well. And the act of keeping a tab on a project’s Git history has split the world in half, quite literally. On one side, there are people who want the history to be a snashot of what exactly happened in a repo, and a non-linear history is not much of a concern to them....