Dynamic references in CloudFormation to secure strings are very handy, providing a simple way to keep secrets (such as passwords) secure. However, SSM Secure String Parameters are only supported in a limited set of places and Elastic Beanstalk environment variables are not one of them (feature request for adding support). Therefore, if you want to … Continue reading Using Dynamic References to AWS Systems Manager Parameter Store Secure Strings with Elastic Beanstalk
Category: Uncategorized
HTTP/3 Support Added to cURL in Gentoo
HTTP/3 may still be in the draft state but that isn’t stopping software from adding support for it. As a Gentoo developer, I decided to maintain Gentoo’s reputation for not being one to shy away from the bleeding edge by adding (optional) support for HTTP/3 to cURL. I believe that this makes Gentoo the first … Continue reading HTTP/3 Support Added to cURL in Gentoo
Improve Security and Reduce Costs with AWS SSM Session Manager
AWS recently enhanced its Systems Manager offering with shell access to EC2 instances and then they enhanced it further with SSH tunnel support. With these improvements, it’s now possible to improve your application’s security posture while reducing it’s operational costs and simplifying setup/maintenance. Systems Manager vs Bastion Hosts Minimizing the attack surface, simplifying as much … Continue reading Improve Security and Reduce Costs with AWS SSM Session Manager
Improve Security with Mount Options
“Defense in Depth” is a key concept of information security; if an attacker can get through one security control, there should be others waiting to thwart him. Mount options are an oftentimes overlooked way to implement defense in depth which are easy to implement, simple to understand, and widely applicable to many situations. The directory … Continue reading Improve Security with Mount Options
Trusting AWS RDS Certificates in Docker and Beanstalk
To connect to AWS RDS databases using TLS/SSL, the client must trust the certificate provided by RDS; RDS doesn’t use certificates trusted by the CAs (Certificate Authorities) included by operating systems. Without TLS/SSL, the connection to the database isn’t secure, meaning an attacker on the network between the client (running in EC2) and the database … Continue reading Trusting AWS RDS Certificates in Docker and Beanstalk
End to End Encryption with Beanstalk
Beanstalk is often configured to terminate SSL at the load balancer then make the connection to the web server/application instances using unencrypted HTTP. That’s usually okay as the AWS network is designed to keep such traffic private, but under certain conditions, such as those requiring PCI compliance, DoD/government rules, or simply out of an abundance … Continue reading End to End Encryption with Beanstalk
Change the Spring Session JDBC Serialization Method to Improve Performance
Spring Session JDBC is a great way to allow an application to be stateless. By storing the session in the database, a request can be routed to any application server. This approach provides significant advantages such as automatic horizontal scaling, seamless failover, and no need for session affinity. By using JDBC, the database the application … Continue reading Change the Spring Session JDBC Serialization Method to Improve Performance
Performance Testing WebDAV Clients
Part of migrating applications from on-premises hosting to cloud hosting (AWS, Azure, etc) involves re-evaluating how users access their data. A recent migration involved users running Windows 10 accessing a Windows file share using the SMB protocol. Since SMB isn’t safe to run directly over the Internet (it’s usually not encrypted and it has a … Continue reading Performance Testing WebDAV Clients
The Sad Story of TCP Fast Open
If there’s a way to make something fast, you’ve got my attention. Especially when there’s a way to make a lot of things fast with a simple change – and that’s what TCP Fast Open (TFO) promises to do. TFO (RFC 7413) started out in 2011 as a way to eliminate one of the round … Continue reading The Sad Story of TCP Fast Open
WordPress on AWS The Easy Way with VersionPress
Developing and administering WordPress can be painful, especially when requirements include the ability to have a team of developers, the ability for a developer to run the site (including content) on their system (so they can reproduce issues caused by content or configuration), multiple content authors, multiple environments (such as staging and production), and the … Continue reading WordPress on AWS The Easy Way with VersionPress