Accessing EC2 with AWS SSM Session Manager

AWS offers a way to access EC2 in private subnet without needing outbound connection to the internet with AWS Systems Manager Session Manager. This is useful for situation where a bastion server is needed for accessing databases / cache. Some of the benefits in using Session Manager: Access using IAM policies No opening of inbound ports to EC2 needed No management of SSH keys needed Easy access through AWS Console / AWS CLI Logging and auditing sessions through AWS CloudTrail / S3 / CloudWatch Logs Below is an example of an architecture showing how user access the instance which is in the intra subnet (without internet access). ...

November 11, 2024 · 5 min · Hazmei

Code Signing for Lambda 🔐

A couple of months ago, I was working on increasing the security posture of our AWS Lambda functions. Code Signing was one of the AWS features that I tested out. In this post I will talk a bit about my experience with Code Signing for Lambda. Introduction AWS Code Signing for Lambda was released 4 years ago in 2020. This ensures that only trusted code can be deployed to the Lambda functions by validating the code signature with the signing profile. AWS Signer is one of the requirement in implementing code signing. The good news is that there is no additional charge to use AWS Signer with AWS Lambda. 🎉 ...

January 28, 2024 · 5 min · Hazmei

From GitHub Pages to Cloudflare Pages

Hello World! It has been quite some time since I last posted anything on this platform. After a considerable hiatus, I am excited to resume by sharing some insights on the enhancements made to the deployment process of this site. Since its inception, this site has been hosted on GitHub Pages. However, there has always been a certain level of difficulty in regularly posting new content due to the absence of a streamlined deployment workflow for building and deploying the static files (yes, quite ironic, indeed). ...

December 27, 2023 · 2 min · Hazmei

Securely Tunnel Application to Public

Cloudflare Tunnel and teams A few months back I decided to play around with cloudflare teams and tunnel. I’ve been wanting to test this out and see how easy it is to run such tunnels. This would be useful for when I decide to work overseas while still being able to access my home devices (ie. Raspberry Pi / Mac Mini) as if I never left the house. The magic of Cloudflare Cloudflare argo tunnel or Cloudflare tunnel allows anyone to easily and securely expose internal services / application to the public. ...

November 5, 2021 · 3 min · Hazmei

I'm CKA Certified!

The mail is in and… CKA Certified! 🎉 I’ve passed my certification examination for Certified Kubernetes Administrator!

September 27, 2021 · 1 min · Hazmei

Debugging Pods Stuck In Init/ContainerCreating State

Here at Ascenda Loyalty, we are using AWS managed kubernetes service (EKS) to run out applications. Some background info EKS, aka Elastic Kubernetes Service is a managed kubernetes service offered by AWS. They help to manage the control plane of the kubernetes cluster and the worker nodes (for EKS Fargate). Security group for pods are used for our application pods and some internal services. This allows us to manage the network security out of the kubernetes layer and between the AWS resources (ie. RDS, ElastiCache). Due to a limitation in the amount of pods that can use security group (only supported by most nitro based Amazon EC2 instance family and limited number of pods allowed to have SG), we are unable to use it for all of our pods. ...

September 19, 2021 · 5 min · Hazmei