Posts

This is Part Two of the series “Introduction to DevSecOps”. In this segment, we’re looking at integrating some tooling into the build and deployment pipelines. Tooling Looking more deeply into what’s possible to action ‘shift-left’ security, it’s time to start thinking about what tools we want to use, where we want to put them in the pipeline, and how to action the results. Starting Point, a vulnerable app. I forked https://github.com/snyk-labs/nodejs-goof into my github account. ...

So, a few months back, I applied for the AWS Community Builder (CB) programme, and this time, I was accepted. This is the first in a series of new AWS articles I’m working on. Within a day of joining the CB Programme, I had a challenge, and the source for this article. Mentor Match is an application originally written for the UK Civil Service LGBTQ+ network. It’s currently deployed on Heroku, but given that Heroku have recently announced plans to discontinue their Free Dyno’s plan (GRRRRRR!), I’ve been working on some Terraform code to deploy it to AWS. ...

A lot of my community of readers will already be aware that I’m a pretty big fan of AWS, so it was a real privilege and thrill to receive an email a few weeks ago stating that I’d been accepted into the AWS Community Builder programme. For me, it’s basically an opportunity to have more resources for writing about AWS services, an opportunity to connect with other builders around the world, and focus more on developing and sharing knowledge around Security and Identity. ...

So my downstairs neighbour’s macbook died the other day. I wasn’t surprised it died, it was a 2010 MBP. Considering it lasted 12 years before suffering a terminal logic board failure, I’ll write up as “pretty good going”. Mind you, I did replace the CPU fan a couple of years ago, and swapped the original HDD for a samsung SSD about 4 years ago. Funnily enough, neither of those parts were what failed this time. This time the GPU just up and quit, and instead of buying a replacement logic board, my neighbour bought a 2nd hand 2017 MBP. ...

For me, one of the most appealing features of AWS is the ability to connect securely to an entire Virtual Private Cloud (VPC) of resources over a Virtual Private Network (VPN). Unlike the VPN technology that’s so commonly and popularly marketed on youtube adverts 🙄, a VPN to a VPC is a secure private link between your router and a virtual router within AWS. AWS offer a Site-to-Site VPN as a managed service, but configuration can be a bit of a minefield to the uninitiated. Ideally you need to have a router capable of BGP, or else you’ll have to create a lot of static routes. ...

Short answer: No. Actual answer: Nearly, but not quite. My initial curiosity around this was the following passing thought: “If EC2 supports IPv6 Only instances, and AWS Systems Manager Agent supports IPv6, then can I have access via Session Manager and an Egress-Only Internet Gateway – and remove the requirement for a costly NAT gateway for private subnets?” Let’s break that down into some smaller tasks. Create an IPv6-only Subnet with a ::/0 route pointing at an Egress-only Internet Gateway (EIGW) Create an instance in that subnet. Enable AWS Systems Manager/Session Manager via Quick Start (it’s the easiest way to get going). The IPv6-only subnet is easy, and the EIGW too. ...

I’ve been making things with Django since around 2009. Usually I just deploy a thing onto a DigitalOcean droplet, and move on. For an interesting challenge this time around, I thought I’d make a thing that’s as AWS native as I possibly can, whilst keeping within the Free Tier. I wrote last week about the difficulties surrounding the fact that the AWS Free Tier doesn’t include Route53. This particular Django project has a ‘requirement’ that some of the processing of requests is actually queued, because it can be a bit on the time consuming side, potentially, so it’d make sense if that happens via a task queue. ...

One of the things that I find most surprising about AWS’s Free Tier, is that it doesn’t include Route 53. I mean, you get a very ample amout of DynamoDB storage (25GB), a million Lambda requests a month - always free.. And 12 months of free EC2 micro instance, and RDS – enough to build out a small project or home lab without incurring fees (Be careful, though, and always set up billing alerts.). But not to offer any free tier for Route 53 seems rather odd, a web service without DNS is kinda anaemic. ...

I’ve been maintaining this blog for a very long time. I actually know exactly how long (since 2008), because I’ve been through every single article in the last few days, and re-formatted everything in Markdown. Originally, this blog started off as a Wordpress site, then became something in Perl, then became something I wrote around Django 0.9. The Something based on Django lasted unti fairly recently, when I basically became bored of maintaining it, and didn’t particularly want to try and migrate it to a later version of Django. ...

A few days ago, I wrote about how I built a system for monitoring the weather using Arduino, and InfluxDB and Grafana. InfluxDB is a wickedly cool Time Series Database, which makes it super easy to store time-based measurements, such as weather measurements, but also more traditional metrics, like server CPU and disk utilisation. In the past, I’ve used Munin, an RRDtool based monitoring utility, but it feels kind of clunky these days, and RRDtool can be a bit of a bugger to extract data back out, and there’s a certain degree of lossy compression in the graphs too, which can make particularly spiky events look a lot smoother than perhaps they might be. ...