Hello World! 👋

Setting up HashiCorp Nomad cluster from scratch on Proxmox, covering architecture concepts, installation, configuration, and deploying containerised applications with practical examples

Learn how I used Amazon Q CLI to build a complete snake game from scratch, explore the capabilities of AI-assisted development through iterative prompting and refinement.

Result just came in 2 days after the examination and I’m officially a certified Google Cloud Architect! Google Cloud Innovators Get Certified Program The decision to take the certification exam started from the Google Get Certified Program. This is a guided 8 weeks learning journey program from Google with access to dedicated trainers and Google Cloud Skills Boost credits. To claim for an exam voucher, one has to complete at least 5 google cloud skills boost badges besides being part of the program. These are the courses require for the Professional Cloud Architect (PCA) journey: ...

AWS offers a way to access EC2 in private subnet without needing outbound connection to the internet with AWS Systems Manager Session Manager. This is useful for situation where a bastion server is needed for accessing databases / cache. Some of the benefits in using Session Manager: Access using IAM policies No opening of inbound ports to EC2 needed No management of SSH keys needed Easy access through AWS Console / AWS CLI Logging and auditing sessions through AWS CloudTrail / S3 / CloudWatch Logs Below is an example of an architecture showing how user access the instance which is in the intra subnet (without internet access). ...

A couple of months ago, I was working on increasing the security posture of our AWS Lambda functions. Code Signing was one of the AWS features that I tested out. In this post I will talk a bit about my experience with Code Signing for Lambda. Introduction AWS Code Signing for Lambda was released 4 years ago in 2020. This ensures that only trusted code can be deployed to the Lambda functions by validating the code signature with the signing profile. AWS Signer is one of the requirement in implementing code signing. The good news is that there is no additional charge to use AWS Signer with AWS Lambda. 🎉 ...

Hello World! It has been quite some time since I last posted anything on this platform. After a considerable hiatus, I am excited to resume by sharing some insights on the enhancements made to the deployment process of this site. Since its inception, this site has been hosted on GitHub Pages. However, there has always been a certain level of difficulty in regularly posting new content due to the absence of a streamlined deployment workflow for building and deploying the static files (yes, quite ironic, indeed). ...

Cloudflare Tunnel and teams A few months back I decided to play around with cloudflare teams and tunnel. I’ve been wanting to test this out and see how easy it is to run such tunnels. This would be useful for when I decide to work overseas while still being able to access my home devices (ie. Raspberry Pi / Mac Mini) as if I never left the house. The magic of Cloudflare Cloudflare argo tunnel or Cloudflare tunnel allows anyone to easily and securely expose internal services / application to the public. ...

The mail is in and… CKA Certified! 🎉 I’ve passed my certification examination for Certified Kubernetes Administrator!

Here at Ascenda Loyalty, we are using AWS managed kubernetes service (EKS) to run out applications. Some background info EKS, aka Elastic Kubernetes Service is a managed kubernetes service offered by AWS. They help to manage the control plane of the kubernetes cluster and the worker nodes (for EKS Fargate). Security group for pods are used for our application pods and some internal services. This allows us to manage the network security out of the kubernetes layer and between the AWS resources (ie. RDS, ElastiCache). Due to a limitation in the amount of pods that can use security group (only supported by most nitro based Amazon EC2 instance family and limited number of pods allowed to have SG), we are unable to use it for all of our pods. ...