Pride in Solidarity

PRIDE is about the promotion of the self-affirmation, dignity, equality, and increased visibility of LGBTQ+ community and its allies. At the heart of the movement is the support for people of diverse backgrounds and their recognition and inclusion in society. Within Mastercard we have a strong statement of support throughout the organization that helps to bring together people with different backgrounds and ideas, a powerful belief that our differences enable us to be a better team that makes better decisions, drives innovation, and delivers results that blow my mind away!

AWS Toronto Summit 2019

This post

Minimal Effort Responsibility: Leveraging Managed Services to Build Compliant Microservices on AWS

This post discusses the potential performance benefits provided by Route53. Using AWS Route53 allows you to aggregate DNS queries, potentially resulting in shorter DNS lookup times.

Securing Secrets on AWS

A meetup in review: I presented a talk at the February 2018 Vancouver Amazon Web Services User Group where I discussed "Securing Secrets on AWS". The talk focused on how the AWS KMS service works, how it compares to other approaches (such as DIY and CloudHSM, and some of the services it integrates with. We did a live demo, where we encrypted information fictional information about Fred's death. It was a great opportunity to be apart of the event! This post provides the resources from my presentation.

Securing your AWS Accounts

A meetup in review: I presented a talk at the October 2017 Vancouver Amazon Web Services User Group where I discussed "Securing Your AWS Accounts". The talk focused on how to set AWS accounts up in a secure manner, and the log data that's available for debugging and security purposes. We configured AWS Cloudtrail and AWS Config live at the event, and discussed the usefulness and impact of AWS Organizations. Each of these tools are critical in securing AWS accounts. Do you have them enabled today? With the tools enabled on an account, you’re able to query API call activity and resource changes, audit resources, and control the what can be used on a child account. It was a great opportunity to be apart of the event! This post provides the resources from my presentation.

Securing Your DevOps Pipeline On AWS

A conference in review: I participated in a talk at the 2017 Canadian Executive Cloud and DevOps Summit where I discussed "Securing Your DevOps Pipeline On AWS". The conference had a variety of attendees, including technology executives, AWS staff, DevOps solution vendors, and of course many technically minded individuals that identify with the DevOps movement. It was a great opportunity to be apart of the event! This post provides a review of the conference experience, along with the resources from my presentation.

Securing Your Development Pipeline with AWS Managed Services

What type of CI/CD pipeline are you running? Does it automate all the things you want it to? Is it as secure as you want it to be? Where does it run? In this post, I cover the differences between the CI and CD in a CI/CD pipeline. I also talk about using Jenkins to automate tasks on AWS and how AWS technologies can also be used to support your CI/CD goals.

Advanced Auditing with AWS Config

Does your AWS account comply with your security policies? How do you know? How do you track the state of resources, or alert, or even automatically remediate issues? This post discusses the usage of AWS Config Rules to track resource changes and apply custom rules against the resources on your account. In particular, we'll take a look at the recommended benchmarks for your AWS account from the Center for Internet Security (CIS).

Implementing HTTP Headers for Better Website Security

First off, what are HTTP headers (and in particular, response headers) and how can they make your website more secure? HTTP headers are name-value pairs of strings sent back from a server with web content based on your requests. You can typically see technical information like caching rule, mime types, the server software, etc. You can also use HTTP Response headers to transmit security policies to the end users browser. By passing security policies back to the client in this fashion, hosts can ensure a much safer browsing experience for their visitors by limiting avenues of attack that attackers can utilize.

Basic Auditing on AWS

As time passes I find that AWS accounts become quite cluttered, often with "legacy" items that no one knows about, or so people may claim. Through a combination of services you can trace the history of objects and their changes in an environment. This post discusses how to review and audit various components of your AWS environment, including: things you should enable prior to undertaking an audit, user permissions, firewall configuration, api call history, and environment changes. We'll also cover usage of the Trusted Advisor to do a high level evaluation.

Protecting your website from automated attacks with WAF

When you're hosting a website or web service, one security challenge you may have is how to implement rate limiting to limit abuse of your service. Realistically the main objective of this type of restriction is to prevent denial of service attacks from interrupting your service or causing higher than expected costs.

Using CloudFront to Accelerate Dynamic Content

Are you hosting a Wordpress or other CMS website and do you find that the performance of your website is meh? Enter CloudFront! You can create a CloudFront distribution that allows you to enable dynamic content to be accelerated to your end users.

VPCs, Peering, Routing, and other AWS networking concepts

Networking is generally a topic I find many people struggle with, and networking in cloud environment adds a bit of extra complexity that may throw off even the most experienced network professionals. This post discusses the limitations on networking on AWS, and tackles concepts like transient routing, vpc peering, multicast, unicast, and broadcasting.

Structuring AWS Accounts

When an organization grows and expands their usage of AWS, you'll notice a lot of "mess" from development and trial and error. Sometimes a lot of money could be walking out the door just to poor instance management. This post (which is highly opinionated, there's not necessarily a correct way to do this) discusses the usage of multiple AWS accounts to minimize runaway costs and make groups more accountable for costs.

Improving your S3 website with Cognito and DynamoDB

While S3 can only host a static website, Amazon has other services that can be combined to enable a certain level of dynamic processing. This post discusses the usage of Amazon's Cognito identity service in conjunction with DynamoDB to provide extra features to a basic website hosted on S3. Specifically in this issue, we'll focuses on how to use Cognito and DynamoDB to super charge your website by including access to a database engine.

Using AWS Certificate Manager to Secure Your Website

Amazon releases so many really cool tools, but to me this one is truely amazing. Free SSL certificates with a really good management interface, instant generation, and easily applied to relevent services - who can ask for more? Beats paying hundreds per year per wildcard certificate to a Certificate Authority. This article explores using the service to secure your website.

Adding Dynamic Features to a Basic S3 Hosted Website

AWhile S3 can only host a static website, Amazon has other services that can be combined to enable a certain level of dynamic processing. This post discusses the usage of Amazon's API Gateway and Lambda to provide extra features to a basic website hosted on S3.

Building a Basic Website with S3 and JavaScript

Working with Amazon and popular frameworks makes it fairly to build and develop websites that appear to be dynamic but are really a collection of static files. This post discusses the usage of popular frameworks such as Bootstrap, FontAwesome, and AngularJS to build a lightweight web application with some basic templating.

Configuring a resilient and redundant OpenVPN service

When working with Amazon web services, it's a common trend for beginners to just expose instances using their public ips. A better way is to make use of VPC's and VPC peering connections to build a management VPC and carefully control and restrict traffic. This post discusses the usage of OpenVPN to build an easy to use and resilient VPN service using CloudFormation.

Loggly, loggy, logs! Oh my!

Handling the log files of a single server is typically pretty easy. Even a handful of servers isn't usually that hard. But with scale handling these logs carefully becomes ever more important. Enter the ELK stack! I personally prefer running my own ELK stack over outsourcing to outside services - not that outsourcing is a bad option. This post discusses the standard ELK (Elasticsearch, Logstash, and Kibana) stack, a great alternative over Loggly or Splunk.

Salt Reactor System

Saltstack has so many cool features. Depending on your usage of Saltstack or other configuration management tools, the Salt Reactor System is pretty cool. It works by watching for events and then processing them accordingly. Examples include when a new Cassandra node is configured or a web server joins a cluster. This post discusses SaltStack Reator System, a very powerful event-driven feature.

Building images with Packer

While my previous posts about using Saltstack for active management of instance configuration are pretty cool, using Salt to design and build an image is pretty cool too - and can save time on deployment. You can use Packer to make fully or partially baked AMIs and other images. This post discusses building images with Packer, in particular AWS AMIs and development images.

Basic Developing with Vagrant

Vagrant is a pretty cool tool for quickly getting a development environment up and running or providing a simple demo of a tool or service. This post discusses how to get started with Vagrant and how to develop faster. In a later post I'll address building custom images.

Secret Manangment with Vault

This post discusses how to store secrets with Vault and distribute them securely.

Service Discovery and Health Checking with Consul

This post discusses service discovery and as part of that discovery detecting the health of instances. Consul is a great tool for this, rich with top-notch features and presenting a really nice dashboard.

Simple logging with Amazon CloudWatch Logs

Depending on your logging needs you can use Cloudwatch logs instead of ELK or similar logging service. You can easily add log files on your system and have them forwarded to the service. This post discusses the usage of CloudWatch logs, and the various functionality that exists within CloudWatch Logs.

Modern Monitoring with Sensu

This post discusses changes in the way that we monitor in environments like AWS and Azure, focusing on the flexibility that a tool like Sensu brings to our toolkit.

Continuous Integration with Amazon CloudFormation via Jenkins

This post discusses implementing continuous integration in AWS using CloudFormation with Jenkins and Jenkins Job Builder.

Simplifying Amazon CloudFormation with Troposphere

This post discusses how to use Troposphere to generate AWS CloudFormation templates.

Using Salt-Cloud in AWS EC2

This post discusses how to use SaltStack's salt-cloud to manipulate EC2 resources. We also explore the salt reactor system, a very powerful event-driven feature.

Create Salt Modules to tackle common tasks

This post discusses how to implement custome execution modules using SaltStack. We look how to use custom modules to accomplish complex tasks.

Deploying a Node.js application as a service

This post discusses how to daemonize a Node.js application, how to implement a startup script for node-based applications, and how to deploy using configuration management software (SaltStack).

Easy client configuration management (no master required!)

This post discusses how to implement masterless configuration management in an environment using SaltStack. We look at the required method of installing and configuring the salt-minion so that it can bootstrap it's configured system state.

Configuring basic configuration management with a client-server architecture

This post discusses how to implement configuration management in an environment using SaltStack. We revisit briefly the configuration of a salt-master and a salt-minion, and then move on to the parts relevant to managing the server configuration.

Using nested CloudFormation templates to simplify stack management

This post discusses the usage of nested CloudFormation stacks to create reusable infrastructure components.

Basic Configuring basic remote execution with a client-server architecture

This post discusses how to implement remote execution in an environment using SaltStack. We look at installing and configuring a salt-master and a salt-minion. We then connect the two and run a few example commands.

Using CloudFormation templates to implement network infrastructure

This post discusses the usage of Amazon CloudFormation to create the different sub components required to create and manage a VPC network.

Basic CloudFormation template structure and best practices

This post discusses system automation in AWS, particularly the usage of Amazon CloudFormation to create different types of components in AWS. We look at several important topics, such as infrastructure as code, version controlled templates, and deployment methods.

Implementing IAM Roles with EC2 Instances

This post discusses implementing system controls in AWS using CloudFormation to implement IAM server roles.

Configure a CloudFront distribution to deliver application content

Want your website to load faster? Ever heard of Content Distribution Networks (CDNs) like Akamai? This post discusses how to configure Amazon CloudFront in front of your S3 bucket containing your static website consisting of HTML, CSS, and JavaScript in order to speed up the distribution of your content.

Configure Amazon S3 to host a static web application

Did you know that you can use Amazon S3 to host static websites for literally pennies per month? This post discusses the use of Amazon S3 to host a static website consisting of HTML, CSS, and JavaScript.

Application endpoint optimization (latency / geo routing)

This post discusses the use of latency and geo based routing provided by Route53. Using AWS Route53 allows you to assign endpoints to geographic regions (potentially restricting access to endpoints), or create a latency based routing set that will direct clients to the most performing endpoint.

Application failover with Health Checks

This post discusses the potential redundancy benefits provided by Route53. Using AWS Route53 allows you to specify secondary endpoints for DNS queries and use health checks to detect unhealthy endpoints.

Aggregated DNS Results for shorter DNS lookup times

This post discusses the potential performance benefits provided by Route53. Using AWS Route53 allows you to aggregate DNS queries, potentially resulting in shorter DNS lookup times.