We run a bunch of APIs secured by mTLS at my current place. Third parties establish connections to our API webservers by presenting a client certificate. We check that we consider it valid and if so, permit access to the relevant resources. As our part of the mTLS handshake, we…
Today, I was launching a CloudFormation template which contained an EBS volume which I wanted to be encrypted with an AWS Key Management Service (KMS) Customer Managed Key (CMK). The resource in the template looked like this: "EncryptedVolume": { "Type": "AWS::EC2::Volume", "DeletionPolicy": "Snapshot", "Properties": { "AvailabilityZone": "eu-west-1a", "Encrypted": true, "KmsKeyId"…
We’ve been exploring the world of AWS AutoScaling Plans recently. Being captivated by the tasty-looking Predictive Scaling for EC2, we were……
Been working on replacing a crusty old Jenkins job recently that’s used for scaling up a load-testing environment. Currently, it’s a good……
I always forget how to do this. And I always lose Brad Erickson’s excellent article that taught me how to fix it. So here it is, for……
Been working on a data migration recently which involves loading a pretty big tab-separated file into an Amazon Aurora (MySQL) database and……
So you read the title and thought “Hey, I just read that article!”, right? Nah, here’s another article about Puppet CA Server certificates……
Hard to believe it, but it’s coming up on five years since our company stood up its first Puppet master. No cake here. Instead, all we get……
