DevOps Archives - Page 23 of 40 - DEVOPS DONE RIGHT.

Know How to Access S3 Bucket without IAM Roles and Use Cases

We all have used IAM credentials to access our S3 buckets. But it’s not a very safe or recommended practice to keep our Access keys and Secrets stored in a server or hard code them in our codebase.
Even if we have to use keys, we must have some mechanism in place to rotate the keys very frequently (eg: using Hashicorp Vault). Another widely adopted method is to use IAM roles attached on the EC2 instance or the AWS service accessing the bucket.

But, what if we need access to the bucket from an on-premise Data Center where we can not attach an IAM role?

Yes, we can obviously use IAM credentials and secret tokens with the rotating mechanism. But setting up the key rotation mechanism itself could be another overhead if we do not have one already in place. What if we do not require keys or roles without making the bucket public?

In this blog, I will make an attempt to cater to this problem with another alternate and easy solution.

Autoscaling in Nomad Cluster

We are living in the microservice era, where we have a number of applications to support a business model. But our application success cannot be determined by the features only, it should have a scalable model as well. Otherwise, something like this would happen:-

When we generally talk about the scaling in the microservices, people think that applications that are running inside Kubernetes as containers. Since Kubernetes has its own method of autoscaling using the metrics-server, we don’t have to worry about the scaling of the applications inside it.

Introduction To Microservices

Introduction

There has been a rapid development in the application development industry in order to keep pace with the technological advancements and to meet customer requirements. However, while working with the traditional developments, people had to use large chunks of code. This made the entire task difficult as people had to go back to square one to resolve a minute problem. Microservices help overcome this by breaking applications into smaller, manageable parts. Continue reading “Introduction To Microservices”

AWS SECRET MANAGER

Introduction

Most of the IT companies are working or are migrating their infrastructure to the cloud environment for cost reduction, high availability, data security, and hassle-free setup. Companies create or use applications/databases on the cloud, where they need to authenticate via secrets (or credentials). These days protection of passwords is one of the challenges, and hard-coding the secrets into the system would be a major security issue. Hence, we can make use of the AWS service named Secret Manager that will be responsible for the management of secrets.

What is a Secret?

A secret is not just a pair of usernames and passwords. It might contain a set of credentials holding key-value pairs or connection details to access the related services. In AWS Secret manager, a secret has metadata:

An Amazon Resource Name, name of the secret, a description, a resource policy, and tags, ARN for an encryption key (an AWS KMS key that Secrets Manager uses to encrypt and decrypt the secret value), Information of rotation of secret.

Your Guide for Patching Elastic Search!

What is Patching?

A patch is a set of updates to a server or its supporting data designed to update, fix and improve, including fixing security vulnerabilities and other bugs. They may be applied to program files on a storage device or in computer memory. Patches may be permanent or temporary.
In a brief overview, you need to perform the following tasks for patch management:
1. Create a patch catalog.
2. Analyze the target to determine the patches that need to deploy.
3. Deploy the required patches to targets requiring remediation.
4. Analyze the targets again to ensure each server has the correct patch.