Posts

At work I recently had to show our risk profile with Github vulnerability alerts and display them in Domo. Github’s APIv3 (REST) doesn’t allow you to query the vulnerability alerts, but APIv4 (GraphQL) does. I found the documentation around gathering those results very opaque due to being in Preview status, so here are some examples for pulling out the data you need. Github Vulnerability Alerts can be enabled in the Settings component of a repository. It will scan the dependencies listed in various package managers (requirements.txt, package.json, etc) and build a dependency graph (super cool!). From there, each dependency is checked for CVEs posted on public vulnerability websites. This is useful information but it is difficult to visualize when you have many (in my case, hundreds) of repositories to watch. ...

IAM provides a way for users and roles to become another role. This is known as IAM role switching and uses the underlying sts:AssumeRole action. You can restrict IAM role switching in one of two ways, what I like to call the single lock and double lock methods. With any IAM role switch, there involves a two-way handshake. The person (source) switching to the role (target) must be allowed to assume the role, plus the target must allow the source to assume it. That way, an IAM role switch can be used to switch between roles within the same account, or roles within different AWS account (maybe one that you don’t even own). ...

These are the songs I was listening to this year. Let’s Get Married – Jagged Edge – J.E. Heartbreak Automaton – Jamiroquai – Automaton Cloud 9 - Fred Falke Remix – Jamiroquai, Fred Falke – Cloud 9 Superfresh – Jamiroquai – Automaton Oh My Gosh – Basement Jaxx – The Singles Lady (Hear Me Tonight) – Madjo – Vintage Ibiza Classics Old Thing Back – Matoma, The Notorious B.I.G., Ja Rule, Ralph Tresvant – Old Thing Back I Know You Want Me (Calle Ocho) – Pitbull – Pitbull Starring In Rebelution Where Them Girls At – David Guetta – Nothing but the Beat Delirious (Boneless) – Steve Aoki, Chris Lake, Tujamo, Kid Ink – Delirious Pay My Rent – DNCE – DNCE U Got Me – Room 5 – Music & You U Don’t Know Me – Armand Van Helden – 2 Future 4 U World, Hold On – Bob Sinclair – Dance Grooves, Vol. 3 The Bomb! (These Sounds Fall Into My Mind) – Kenny Dope, The Bucketheads – Heny Street Bombs Vol. 1 Corner Store – Macklemore, Dave B., Travis Thompson – GEMINI Don’t Call Me Baby – Madison Avenue – Don’t Call Me Baby In My Feelings – Drake – Scorpion Girls Like You - Carbi B Version – Maroon 5, Cardi B – Red Pill Blues I Love It – Kanye West, Lil Pump – I Love It Despacito – Luis Fonsi, Daddy Yankee – Shut Up Lets Dance Steal My Sunshine – Len – You Can’t Stop The Bum Rush Pinch Me – Barenaked Ladies – Maroon All Star – Smash Mouth – Astro Lounge Peanut Butter Jelly – Galantis – Pharmacy Do It Right – Martin Solveig, Tkay Maidza – Do It Right Toy – Netta – Toy Water Me – Lizzo – Water Me And that’s it for 2018! See you next year! ...

I don’t often talk of employer, mainly to keep an arm’s length distance between them and the writing on my blog. However, one of the great things about working at Unbounce is the concept of a Professional Development day (Pro-D). This is just like when you were in school and the teachers would take a day for themselves to improve. At Unbounce, every employee gets one day (8 hours) every 2 weeks to educate themselves and elevate their professional and career interests. Some of my best ideas have come out of things I learned on Pro-D day. Today, I decided to take a moment to learn about the AWS Systems Manager Session Manager (whoa, that’s a mouthful). ...

Recently, I was speaking with a company about opportunities they have. It’s a regular, casual affair that I do every so often. It keeps me grounded about what the job market is like, and allows me to see if there are other opportunities out there (because if you never look, opportunities never exist). At the end of the day, I like to help people solve problems because it makes me feel valued. ...

My writing in 2017 and 2018 has been quite sparse, for good reason. Thankfully, this has ended and a raft of articles will be published soon. There were two reasons for the drought, one is personal which I won’t talk about and the other which is technical. The technical impediment was of my own making. This website is built with Middleman and rendered into static HTML files, then uploaded to CloudFront. I like the simplicity of it all, and writing in Ruby still makes me happy. It’s also fast, secure and reliable. ...

NB: Linebreaks (\) have been added to the CLI commands for readability. I am in the process of setting up an AWS account for my family and part of that initial setup is to create users and roles for family members. Everyone receives readonly privileges and has to assume an IAM to gain elevated privileges. The people who are allowed to assume these elevated privileges must have a valid MFA session. ...

If you program in Go and use it to access AWS resources, you’ll notice that each of the services in the SDK require a region to be explicitly specified. This is because AWS constructs an API endpoint that is region-specific and some company resources may exist in a specific region (not necessarily where the code is being run). If the code is knowingly trying to access AWS resources in the same region, it can be annoying to hardcode a region into the code. It makes the code rigid and brittle (non-portable). There is a way to have your code automatically determine its region. ...

Use Case While building infrastructure, especially in The Cloud, you often come across the need to manage a subdomain. Perhaps you have something like staging.example.com that will be wholly managed within Route53 (Amazon Web Services’ DNS service). However, your company’s DNS zone (example.com) is hosted in another place, say, Namecheap (a domain registrar) or Dyn (a DNS management service). What can you do? The Answer The answer is that you need to delegate your DNS subdomain to Route53. This sounds a lot more difficult than it actually is. DNS delegation involves taking a subdomain and pointing it to another set of DNS records. You need permissions to modify both a Route53 hosted zone and your DNS zone in the other DNS service. ...

I’m currently reading the book, Drive, by Daniel Pink. In the Introduction the author sets out the 4 main psychological needs, much like the physical needs set out by Maslow. Here are the psychological needs: We need to feel we belong. We need to feel valued. We need to feel we’re good at something. We need to feel we have a secure future. That’s a lot of feeling, but this is profound. It corresponds directly to what I’ve said before (and possibly written here) that I look for in an employer: money, people, and work. Money helps to pay for things, and it helps to show value in someone (granted, it’s an extrinsic value). People helps define the belonging. And work defines that we are good at something. But the last psychological need, I missed that. ...