A quite old article on debugging a NodeJS AWS Lambda function.
Yet, I still want to share this one, because even if you don‘t have NodeJS functions specifically, the article has some insights on how to debug Lambda functions in general.
Also, there some take away points that would be relevant for any HTTP workload, not just JS.
#aws #serverless
Yet, I still want to share this one, because even if you don‘t have NodeJS functions specifically, the article has some insights on how to debug Lambda functions in general.
Also, there some take away points that would be relevant for any HTTP workload, not just JS.
#aws #serverless
bahr.dev
How We Debugged And Fixed 'EMFILE: too many files open' On AWS Lambda NodeJS
This article shows how we debugged and fixed an 'EMFILE: too many files open' error on AWS Lambda.
Disk encryption in AWS is close to useless and potentially harmful.
No, it’s not like AWS is going to do anything with your data.
tl;dr: Encryption at rest protects you from cases when someone steals your disk. However, such an attack vector is so hard in a cloud environment that it’s completely worthless for an attacker.
However, the correct implementation of the encryption at rest will take time and effort that you can put into real risk mitigation and security hardening instead.
#security #aws
No, it’s not like AWS is going to do anything with your data.
tl;dr: Encryption at rest protects you from cases when someone steals your disk. However, such an attack vector is so hard in a cloud environment that it’s completely worthless for an attacker.
However, the correct implementation of the encryption at rest will take time and effort that you can put into real risk mitigation and security hardening instead.
#security #aws
Mellow Root
Disk encryption in AWS is close to useless and potentially harmful
Security theater is the practice of taking security measures that are considered to provide the feeling of improved security while doing little or nothing to...
Green Metrics is a tool to measure energy impact and CO2 equivalent of your workloads. This is still an experimental tool, so don't run it in production, please.
Yet, I still want to share it because there's a visible shift in the industry from "just give it more cloud instances" towards resource optimization.
Another example is AWS using Rust for many of their core products to achieve their sustainability goals.
Also, there was a dedicated Energy track on FOSDEM, the first time in its history.
There are multiple driving factors for this shift. Funny enough, one of them being COVID. As a speaker from Meta (Facebook) said: "We would have been happy to add more servers, but there were no more servers because factories in China were closed due to COVID too".
#sustainability #enegry #aws
Yet, I still want to share it because there's a visible shift in the industry from "just give it more cloud instances" towards resource optimization.
Another example is AWS using Rust for many of their core products to achieve their sustainability goals.
Also, there was a dedicated Energy track on FOSDEM, the first time in its history.
There are multiple driving factors for this shift. Funny enough, one of them being COVID. As a speaker from Meta (Facebook) said: "We would have been happy to add more servers, but there were no more servers because factories in China were closed due to COVID too".
#sustainability #enegry #aws
GitHub
GitHub - green-coding-berlin/green-metrics-tool: Measure energy and carbon consumption of software
Measure energy and carbon consumption of software - GitHub - green-coding-berlin/green-metrics-tool: Measure energy and carbon consumption of software
I posted about S3 encryption not being a panacea back in a day.
Here’s another article about why AWS S3 encryption by default won’t solve security for you and why you still have to pay attention to the bucket settings.
#aws #security
Here’s another article about why AWS S3 encryption by default won’t solve security for you and why you still have to pay attention to the bucket settings.
#aws #security
Last Week in AWS
S3 Encryption at Rest Does NOT Solve for Bucket Negligence
Amazon S3 encrypting new objects by default is a nice feature, but it's not the panacea for data breaches that commentators make it out to be.
We briefly mentioned Crossplane during in our last voice chat. Here is yet another hello word-ish article about Crossplane.
However, what I like about this article that there is a link to a repository with code samples. So, you can examine the code on your own if you want as well as try to run it by yourself.
BTW, I also wrote an article long time ago. Unfortunately, I don’t have a repo with the sample code. I didn’t think of this back then :\
#kubernetes #aws #crossplane
However, what I like about this article that there is a link to a repository with code samples. So, you can examine the code on your own if you want as well as try to run it by yourself.
BTW, I also wrote an article long time ago. Unfortunately, I don’t have a repo with the sample code. I didn’t think of this back then :\
#kubernetes #aws #crossplane
Medium
Introduction to Crossplane
How to create any resource on the cloud using Kubernetes manifests and Crossplane.
One of the “because we can” tools: cfnctl adds Terraform commands when working with CloudFormation.
The idea is that you still have to write CloudFormation templates but the tool adds commands like plan, apply, destroy, and output.
#aws #tools
The idea is that you still have to write CloudFormation templates but the tool adds commands like plan, apply, destroy, and output.
#aws #tools
GitHub
GitHub - rogerwelin/cfnctl: Cfnctl brings the Terraform cli experience to AWS Cloudformation
Cfnctl brings the Terraform cli experience to AWS Cloudformation :cloud: - GitHub - rogerwelin/cfnctl: Cfnctl brings the Terraform cli experience to AWS Cloudformation
Some AWS usage statistics for 2023.
Background: survey ran from 16th Jan to 15th Feb 2023 and 331 people partisipated in it.
It provides some insights on the adoption of the AWS services as well as the satisfaction of using those.
On occasion, I want to make the last call to participate in our Kubernetes Operations Survey 2023, which goal is to better understand how people maintain Kubernetes clusters in their companies.
#aws
Background: survey ran from 16th Jan to 15th Feb 2023 and 331 people partisipated in it.
It provides some insights on the adoption of the AWS services as well as the satisfaction of using those.
On occasion, I want to make the last call to participate in our Kubernetes Operations Survey 2023, which goal is to better understand how people maintain Kubernetes clusters in their companies.
#aws
Answersforaws
2024 Answers for AWS survey results
Which AWS services are people interested in 🧐? Which do they like ✅? Which would they never use again 😡?
A new episode of our voice chat is out!
This time we talked about the best practices and guidelines for writing Terraform modules as well as Terragrunt, AWS Lambda, and other stuff.
The episode is available:
- on YouTube
- on Spotify
- Apple Podcasts
- Google Podcasts
- RSS feed
Enjoy!
#terraform #aws #azure #gcp #labmda
This time we talked about the best practices and guidelines for writing Terraform modules as well as Terragrunt, AWS Lambda, and other stuff.
The episode is available:
- on YouTube
- on Spotify
- Apple Podcasts
- Google Podcasts
- RSS feed
Enjoy!
#terraform #aws #azure #gcp #labmda
YouTube
Terraform [Modules] Best Practices
Поговорили про best practices та guidelines щодо написання Terraform модулів, а також трохи про AWS Lambda. Знов згадали тему динамічних оточень для розробників.
Статті, що згадуються в епізоді:
- How Cloudflare uses Terraform: https://blog.cloudflare.com/terraforming…
Статті, що згадуються в епізоді:
- How Cloudflare uses Terraform: https://blog.cloudflare.com/terraforming…
Remember that a couple of years ago GitHub has disabled automatic execution for its Actions?
The idea behind this decision is more or less described in this article - Build Pipeline Security. The problem described in this article is not some sort of a rocket science. Thus, any malicious actor can do something similar.
This brings me to the topic of CI integrations for public repositories. I think on some podcast or in some article I’ve heard an advice for the beginners to create their pet project and configure CI for it. So, you can show that you have some practical experience. Ok, GitHub has you covered, but what about other CIs which are available for public repositories? Thus, I might have been a good advice, if we were living in the world here all the people are kind to each other, which is not the case.
Does it mean that you cannot have a CI for your pet-project? Of course, not! Just be careful with what it actually can execute on each step. The author of the linked article suggests putting deploy scripts into a separate private repository. I think, nowadays any major VCS vendor allows one to have at least one private repository for free.
Yet, I would say that this is not good enough and you should also make sure that you should follow GitHub’s steps and enforce a mandatory approvals for CI runs as well as have some quotas in place for the compute resources available for your CI. Again, GitHub has you covered here, but if you want to use something else, you are on your own.
#cicd #security #github #aws
The idea behind this decision is more or less described in this article - Build Pipeline Security. The problem described in this article is not some sort of a rocket science. Thus, any malicious actor can do something similar.
This brings me to the topic of CI integrations for public repositories. I think on some podcast or in some article I’ve heard an advice for the beginners to create their pet project and configure CI for it. So, you can show that you have some practical experience. Ok, GitHub has you covered, but what about other CIs which are available for public repositories? Thus, I might have been a good advice, if we were living in the world here all the people are kind to each other, which is not the case.
Does it mean that you cannot have a CI for your pet-project? Of course, not! Just be careful with what it actually can execute on each step. The author of the linked article suggests putting deploy scripts into a separate private repository. I think, nowadays any major VCS vendor allows one to have at least one private repository for free.
Yet, I would say that this is not good enough and you should also make sure that you should follow GitHub’s steps and enforce a mandatory approvals for CI runs as well as have some quotas in place for the compute resources available for your CI. Again, GitHub has you covered here, but if you want to use something else, you are on your own.
#cicd #security #github #aws
sprocketfox.io
Build Pipeline Security
Security concerns with PR build systems
From our subscriber:
Till the end of June you can save up to 40% on the Linux Foundation courses with this promo code:
JUNEBBQ40
UPD. Also, AWS has extended the promo code for exam retake. So, if you fail the exam the first time, you can retake it for free. More details:
AWSRETAKE
#linux #education #kubernetes #aws
Till the end of June you can save up to 40% on the Linux Foundation courses with this promo code:
JUNEBBQ40
UPD. Also, AWS has extended the promo code for exam retake. So, if you fail the exam the first time, you can retake it for free. More details:
AWSRETAKE
#linux #education #kubernetes #aws
Linux Foundation - Training
Promo Inactive - Linux Foundation - Training
Sign up for our newsletter to get updates on our latest promotions.