Got an alert from the monitoring system this morning, indicating that the blog is down: Well, I thought: another one DDoS, not the first time. Investigating the issue I went to the Cloudflare admin, enabled the Under Attack Mode, and started the investigation. Checked the requests: I think, okay, it’s simple – requests are coming… Read More »
It is time to tidy up SSH on FreeBSD itself and on the clients – laptops running Arch Linux, as I am still using password authentication on my home machines. Actually, the settings described below are specific neither to FreeBSD nor to Linux, as the SSH server is the same on all systems (OpenSSH_9.9p2 on… Read More »
I am continuing to set up my home server on FreeBSD 14.3, which is intended to serve as a NAS. In the previous post, FreeBSD: introduction to Packet Filter (PF) firewall, we got acquainted with firewalls; the next step is to configure a VPN for access. The main idea is to (finally!) connect my “office”… Read More »
I’m continuing to gradually set up my home NAS on FreeBSD, and the first thing I want to dive into is FreeBSD firewalls. I used to work with IPFW back in the day – FreeBSD: initial setup of IPFW, from 2012. Currently, there are three “built-in” firewalls in the system – Packet Filter (PF), IP… Read More »
Ephemeral resources and write-only arguments appeared in Terraform a long time ago, back in version 1.10, but there was no opportunity to write about them in detail. The main idea behind them is not to leave “traces” in the state file, which is especially useful for passwords or tokens, because the data only exists during… Read More »
We have a new EKS cluster 1.30 on our project, where we want to completely remove the old IRSA with OIDC and start using EKS Pod Identities – see AWS: EKS Pod Identities – a replacement for IRSA? Simplifying IAM access management. And everything seems to work fine, but when I started deploying our Backend… Read More »
Quite often for a new project that is just building its infrastructure and CI/CD to do so as an MVP/PoC, and at the beginning, no time is spent on tuning AWS IAM Roles and IAM Policies, but simply connecting AdministratorAccess. Actually, this is exactly what happened in my project, but we are growing, and it’s… Read More »
Another cool feature that Amazon showed back at the last re:Invent in November 2023 is changes in how AWS Elastic Kubernetes Service authenticates and authorizes users. And this applies not only to the cluster’s users, but also to its WorkerNodes. I mean, it’s not really a new scheme (November 2023) – but I just now… Read More »
We’re preparing to migrate our Backend API database from DynamoDB to AWS RDS with PostgreSQL, and finally decided to try out AWS RDS IAM database authentication, which appeared in 2021. IAM database authentication, as the name implies, allows us to authenticate to RDS using AWS IAM instead of the login-password from the database server itself.… Read More »
We have an AWS EKS cluster with WorkerNodes/EC2 created with Karpenter. The process of creating the infrastructure, cluster, and launching Karpenter is described in previous posts: Terraform: Building EKS, part 1 – VPC, Subnets and Endpoints Terraform: Building EKS, part 2 – an EKS cluster, WorkerNodes, and IAM Terraform: Building EKS, part 3 – Karpenter… Read More »