Leveraging Amazon Inspector for Enhanced Security: A Deep Dive In the realm of cloud computing, securing applications and infrastructure is paramount. Following our exploration of DevSecOps on AWS, this follow-up post delves into Amazon Inspector, an automated security assessment service that aids in improving the security and compliance of applications deployed on AWS. Amazon Inspector is a potent tool in the DevSecOps arsenal, designed to automatically discover and assist you in remediating security vulnerabilities and deviations from best practices....
Introduction to DevSecOps - Part 3
The Evolution of DevSecOps on AWS: A Comprehensive Guide The integration of security into the DevOps process, known as DevSecOps, is revolutionising how organisations deploy software, ensuring that security is not an afterthought but a fundamental aspect of the development lifecycle. Amazon Web Services (AWS), a leader in cloud computing, offers a robust platform for implementing DevSecOps practices. This blog post explores the significance of DevSecOps on AWS, its benefits, key practices, and tools to seamlessly integrate security into your development processes....
Migrating this Blog... Again
Until recently, this blog was hosted on GatsbyCloud – Which was recently discontinued :sadpanda: In theory, it should’ve been reasonably easy to just host Gatsby myself, and carry on, but really I thought I should upgrade to the latest version.. But that got me into NPM Dependency Hell, and frankly my dears, I don’t have time for that kind of nonsense. So I’m reworking it all to be generated by Hugo, then it’s just static, and I can stick it somewhere like S3 and call it a day....
Introduction to DevSecOps - Part 1
I’ve been a DevOps Engineer since roughly 2011, or some time around that when the fashion for pure Systems Administration became a lot more automated, and the start of the ‘shift left’ movement started, with integrating the tooling that we know and love now into deployment architectures. I’ve also spent a significant portion of my working career in security-focussed roles, either from a purely application security perspective, or a more holistic standpoint on infrastructure security....
Introduction to DevSecOps - Part 2
This is Part Two of the series “Introduction to DevSecOps”. In this segment, we’re looking at integrating some tooling into the build and deployment pipelines. Tooling Looking more deeply into what’s possible to action ‘shift-left’ security, it’s time to start thinking about what tools we want to use, where we want to put them in the pipeline, and how to action the results. Starting Point, a vulnerable app. I forked https://github....
Adventures in AWS App Runner
So, a few months back, I applied for the AWS Community Builder (CB) programme, and this time, I was accepted. This is the first in a series of new AWS articles I’m working on. Within a day of joining the CB Programme, I had a challenge, and the source for this article. Mentor Match is an application originally written for the UK Civil Service LGBTQ+ network. It’s currently deployed on Heroku, but given that Heroku have recently announced plans to discontinue their Free Dyno’s plan (GRRRRRR!...
I am now an AWS Community Builder
A lot of my community of readers will already be aware that I’m a pretty big fan of AWS, so it was a real privilege and thrill to receive an email a few weeks ago stating that I’d been accepted into the AWS Community Builder programme. For me, it’s basically an opportunity to have more resources for writing about AWS services, an opportunity to connect with other builders around the world, and focus more on developing and sharing knowledge around Security and Identity....
Repairing HFS+, Recovering Data
So my downstairs neighbour’s macbook died the other day. I wasn’t surprised it died, it was a 2010 MBP. Considering it lasted 12 years before suffering a terminal logic board failure, I’ll write up as “pretty good going”. Mind you, I did replace the CPU fan a couple of years ago, and swapped the original HDD for a samsung SSD about 4 years ago. Funnily enough, neither of those parts were what failed this time....
Building a Cheap-ass VPN for AWS
For me, one of the most appealing features of AWS is the ability to connect securely to an entire Virtual Private Cloud (VPC) of resources over a Virtual Private Network (VPN). Unlike the VPN technology that’s so commonly and popularly marketed on youtube adverts 🙄, a VPN to a VPC is a secure private link between your router and a virtual router within AWS. AWS offer a Site-to-Site VPN as a managed service, but configuration can be a bit of a minefield to the uninitiated....
IPv6 Only EC2 - Is it now a reality?
Short answer: No. Actual answer: Nearly, but not quite. My initial curiosity around this was the following passing thought: “If EC2 supports IPv6 Only instances, and AWS Systems Manager Agent supports IPv6, then can I have access via Session Manager and an Egress-Only Internet Gateway – and remove the requirement for a costly NAT gateway for private subnets?” Let’s break that down into some smaller tasks. Create an IPv6-only Subnet with a ::/0 route pointing at an Egress-only Internet Gateway (EIGW) Create an instance in that subnet....