In a previous instalment I wrote about protecting SSH keys at rest, probably someone with a sharp eye has spotted that I’m using ed25519 signature scheme to generate my SSH key-pair. In this post I’m going to delve the use os elliptic-curve signatures and why they are a good fit... [Read More]

[Read More]

On AWS cloud platform, permissions management are defined by the IAM identities which consist of users, groups of users, or roles with attached scoped policies and most of these policies are defined as Json documents. AWS IAM is a vast topic and requires lot of practices to understand all the... [Read More]

Today Terraform can be considered the de facto infrastructure as code software tool. Whilst the first releases were quite smooth to transition from a version to another. On May 2019 we have got Terraform 0.12 and all the sudden many of us discovered that our modules and code were no... [Read More]

Packer is a free and open source tool to create golden machine images for various platforms and operating systems using single source configuration. I have been using packer to solve quite few interesting problems, from hardening Linux servers, create AWS EC2 ami’s with encrypted boot volume in order to achieve... [Read More]

A bit of history….. Since I started to use terraform back in 2015 (good old days), the state management has been quite painful for individuals and teams. The biggest concerns about state management were state corruption, state leak (usually trough a git public repo) and state deletion, unintentional or intentional.... [Read More]

These days, where the “everything as code” paradigm is pretty much everywhere in the information technology world, infrastructure, containers and applications are configured and deployed usually via declarative tools (Terraform, Ansible, Helm) making the development and deployment consistent and repeatable. However, somewhere where the automate all the things has not... [Read More]