AWS VPC Flow Logs allow you to log traffic information between network interfaces in a VPC. Further, these logs can be stored in AWS S3 or sent to AWS CloudWatch Logs, while enabling traffic logging does not affect the performance of the network interface in any way. Let’s briefly review the basic concepts, and available… Read More »
The rtfm.co.ua blog is quite slow for users. For example, you can test your website using the https://gtmetrix.com: 4.3 seconds till full load! That’s awful. At the bottom of the results, you can check top of issues on a site: At first, the page size is 1.16 MB, which is big enough. The second thing… Read More »
During an SSH connection, I started getting the “Too many authentication failures” error message from a remote host. The error, and its cause Actually, the root cause is simple: during establishing a new SSH connection, the local ssh-client first tries to use keys, that are loaded by the local ssh-agent, and only after that will… Read More »
Continuing with the theme of the AWS Trusted Advisor service, let’s see how can we configure notifications about new findings. The first part: AWS: Trusted Advisor, part 1 – its features overview. To have notifications, we can use Trusted Advisor metrics from the CloudWatch, see their list on the Trusted Advisor metrics and dimensions page.… Read More »
AWS Trusted Advisor is another service that allows monitoring your accountant its resources in use for their cost-effectiveness, performance, security, and more. Keep in mind, that Trusted Advisor’s checks that are available for you depend on the AWS Support Plan of your account. вашего аккаунта. Fortunately, we have Premium so I’m able to how all… Read More »
We have Github runners in our AWS Elastic Kubernetes service cluster, that are used to build Docker images and deploy them with Helm or ArgoCD. On the first helm install run in a Github runner’s Pod, we are getting the “x509: certificate signed by unknown authority” error: [simterm] # helm –kube-apiserver=https://kubernetes.default.svc.cluster.local list Error: Kubernetes cluster unreachable:… Read More »
If check any of a freshly created AWS Application LoadBalancer with a certificate from the AWS Certificate Manager, and with an HTTPS Listener’s default settings you’ll see the B grade: The main point of the SSL Labs is the support of the deprecated encryption versions – TLS 1.0 and 1.1. AWS LoadBalancer SecurityPolicy and TLS… Read More »
A confidential data leak such as RDS keys or passwords to a Git repository, even if it is a private Github repository, is a very bad thing and it’s good to check your repositories to know if any developer pushed a commit with such data. Scanning utilities To check Git repositories for a leak, at… Read More »
To access a database server, that has no public access (as it must be – access only inside an AWS VPC), Tableau suggests using its tool called Tableau Bridge. The idea is to have a Bridge service running in a network, which has access to a database server via its Private IP. Also, Bridge will… Read More »
One of mine website stopped working with the “Connection reset.” error. NGINX configs seem to be correct, and other sites on the same server are working. NGINX also gave nothing, no errors, PHP-FPM also are good. Let’s check the website with the curl: [simterm] $ curl -Iv https://example.setevoy.org.ua/ * Trying 139.59.205.180:443… * Connected to example.setevoy.org.ua… Read More »