We consider Bitwarden as a passwords keeper for our project with the main goal to have an ability to have separated access to secrets by user roles and/or ACLs. I.e. Pass or KeePass are good for self-usage by one person but they have no main things – a normal web-interface and role-based access to data.… Read More »
I’m sure that using MFA (Multi-Factor Authentication) today is oblivious. For 2FA (2-Factor Authentication) the most used method is TOTP – Time-based One-time Password, when alongside with the common login:password also needs to enter a code generated by a device or software. The most known implementation is Google Authenticator but also there is a… Read More »
Originally, in a Sentinel’s configs, I have used the bind 0.0.0.0 to make them accessible from external hosts. Because of this when I started rolling out this setup on a real environment faced with an issue when Sentinels could not determine a Master host and other Sentinel hosts. In this post – such an issue… Read More »
This story happened on 10/06/2017, adding this post in English now. The original post (Rus) was written almost right after the well-known Not a Petya attack in Ukraine – that’s why it’s used in the title. I had a new project assigned to me. When I started its existing setup investigation – was just… Read More »
AWS CLI supports so-called named profiles stored in the configuration file .aws/config and ~/.aws/credentials file with keys which by default contains the… Well – the “default” profile. An additional profile can be added using the aws configure command with the –profile option. Here is an example of such file with already existing two profiles: [simterm]… Read More »
One of the disappointing surprises in my AWS CloudFormation experience was the fact that it wasn’t able to automatically create cross-region VPC-peering connections. Note: this post originally was written in Rus on 28 June 2018 but now CloudFormation can do it, check the PeerRegion parameter of the AWS::EC2::VPCPeeringConnection resource. As a result – it tries… Read More »
Examples of how to use Terraform, work with its backends and modules. Here will set up a simple EC2 instance in AWS and will store Terraform’s state-files in an AWS S3 bucket. In short terms – but with real examples and links to documentation. Installation on Arch Linux: [simterm] $ sudo pacman -S terraform [/simterm]… Read More »
We have a bunch of the AWS RDS with MariaDB. Backend-developers asked me to enable slow requests logs so they can debug their application. So the task is: enable AWS RDS logging and configure export to the CloudWatch Logs for further analysis. As everything else – our RDS instances are configured via CloudFormation templates, so… Read More »
OpenVPN Access Server is ready to use OpenVPN server which requires minimal configuration. The free version allows you to have two clients. If you need more – you can buy additional licenses. Infrastructure description Currently to access our resources such as Jenkins, Nexus etc we are using Allow Rules in AWS Security Groups where each user… Read More »
Let’s proceed with the Loki system. First post of this series – Grafana Labs: Loki – logs collecting and monitoring system and the second one – Grafana Labs: Loki – distributed system, labels and filters. There is the Grafana’s Slack community with the dedicated #loki channel where you can ask for some assist (and it’s really helpful).… Read More »