@micah.carrick.social
architect • software maker • nature lover • traveler • party-pace cyclist • he/him
Thank you AWS--multi-tenant CloudFront is much more convenient when you have SaaS customers with custom domains and TLS certificates. #aws #SaaS
aws.amazon.com/blogs/aws/re...
Plus you want layers upon layers of networking abstractions so may as well use kuma on istio on K8's networking on AWS networking. You know... just in case.
02.06.2025 18:55 — 👍 1 🔁 0 💬 1 📌 0Competition on who can spend the most money on infrastructure enabling an AI chatbot that does a mediocre job of routing customer prompts to mediocre documentation. Ready go. #AI #chatbot
30.05.2025 15:05 — 👍 0 🔁 0 💬 0 📌 0Oh why didn't I think about that when I was troubleshooting the aws-load-balancer-controller the other day.
30.05.2025 15:03 — 👍 1 🔁 0 💬 0 📌 0I'm confident we could unnecessarily spend even more money. Throw it in EKS, WAF and Shield, SSM, SES, Cognito, Prometheus MS... oh how we could stack up the per-request cost.
30.05.2025 15:02 — 👍 2 🔁 0 💬 0 📌 0ChatGPT is good at helping work with complex structures in Terraform. Like "Show me Terraform code that would take a list of maps of strings and turn it into a map where the keys in the top level map are concatenated with the keys of the map in the list". #ai #terraform #lazy
29.05.2025 23:12 — 👍 0 🔁 0 💬 0 📌 0Just had to increase the session duration of the AWS role that Terraform is assuming because the 1h default wasn't long enough to spin up my EKS cluster. Gross.
But I guess it's better than the old rack 'em and stack 'em days of the good ol' days.
Early lunch break
03.03.2025 19:17 — 👍 0 🔁 0 💬 0 📌 0The other security challenges with the bastion hosts is you need to patch the OS regularly, rotate keys, harden the SSH config and keep up with encryption algos, ship audit logs, etc. Using the AWS services it's all native AWS services. You manage IAM users rather than separate Linux users.
25.02.2025 15:34 — 👍 1 🔁 0 💬 0 📌 0Instance Connect is also pretty great. The age of bastion hosts is over.
25.02.2025 15:30 — 👍 1 🔁 0 💬 0 📌 0I finally purged my stacks of outdated tech books. I had a lot of similar books to yours... back when sites had a badge for "Optimized for Netscape Navigator at 800x600".
The only one I kept was K&R's C Programming Language.
Here's a little script I use to create a session for the AWS CLI with a YubiKey as the MFA device.
#yubikey #aws #mfa
Okay, what's the use case here?
23.02.2025 16:42 — 👍 0 🔁 0 💬 0 📌 0The results of these surveys are always super interesting.
01.02.2025 20:07 — 👍 0 🔁 0 💬 0 📌 0Are you a member of #idpro? If so, let me know and I’ll add your handle to the IDPro Members starter pack.
go.bsky.app/EeUseZ6
I have successfully used OpenTofu on about a half dozen Terraform projects--easily hundreds of lines. No issues.
01.02.2025 19:53 — 👍 0 🔁 0 💬 1 📌 0
Go birds!
#eagles #nfl #superbowl
Ah, a nostalgic look back at 2024...
techcrunch.com/2024/12/31/b...
#cybersecurity #databreach
NAT Gateway is awesome from technical perspective but costs can be steep. I always rule out NAT instances first (eg. outbound calls are not in the critical path of the service or failover is acceptable over HA). VPC endpoints are almost always a good idea.
14.01.2025 19:25 — 👍 1 🔁 0 💬 0 📌 0
Want to use the lightning fast Aerospike database as your Flask cache backend? github.com/MicahCarrick...
#python #flask #aerospike
When I was in my 20's I would always say "I'll do anything except security and networking". Somehow my career path instead lead me to security and IAM expertise... go figure. So those are technologies I now love. But I sympathize with your pain... those are no fun if it's not your bag.
07.01.2025 22:30 — 👍 1 🔁 0 💬 1 📌 0I'd also say accept that different people bring different strengths to the review. One might quickly identify a pitfall of a big-picture design pattern, another might be quick to find code that's hard to test, and another that sees code that's not DevOps friendly... or maybe just find my typos :)
07.01.2025 22:22 — 👍 0 🔁 0 💬 0 📌 0In my experience it needs to be built into the team culture by setting examples and mentorship. It takes time. Some folks are anxious about being critical or "wrong". Make it a safe process and a learning tool by pairing experienced and new engineers on big reviews or even do some team reviews.
07.01.2025 22:17 — 👍 0 🔁 0 💬 0 📌 0> dig +short bsky.app | head -n 1 | xargs whois | grep "Organization"
Organization: Amazon Technologies Inc. (AT-88-Z)
Kubernetes on EKS gotcha: IP exhaustion. The CNI plugin might be allocating more IPs than you think. AWS recommends IPv6 (or using IPv4 from the CG-NAT space). Read up on WARM_ENI_TARGET, WARM_IP_TARGET and MINIMUM_IP_TARGET: github.com/aws/amazon-v...
#eks #aws #kubernetes #networking
Oh may, I've been filling up on tofu. Now I'll be eating bao too.
24.12.2024 15:47 — 👍 0 🔁 0 💬 0 📌 0Half the gray in my beard is from the time I was visiting family for xmas and got paged and had to spend 2 days in my hotel working the issue.
24.12.2024 15:42 — 👍 1 🔁 0 💬 0 📌 0
Are you sure you're actually using the aws-load-balancer-controller in AWS EKS and not just the legacy in-tree controller? www.doit.com/demystifying...
This one tripped me up recently.
#kubernetes #aws #eks #devops
The Terraform AWS provider has supported 'default_tags' since 2021 and I didn't know about it. SMH.
I guess that's what happens when you're maintaining a project that's been going since Terraform v0.12.
#terraform #opentofu #iac
The TikTok ban is cute. Could we have comprehensive data privacy protections please? I don't exactly get warm fuzzies from the US companies that are collecting, selling, sharing, and failing to protect my personal data.
#tiktok #dataprivacy
