Posts

My writing in 2017 and 2018 has been quite sparse, for good reason. Thankfully, this has ended and a raft of articles will be published soon. There were two reasons for the drought, one is personal which I won’t talk about and the other which is technical. The technical impediment was of my own making. This website is built with Middleman and rendered into static HTML files, then uploaded to CloudFront. I like the simplicity of it all, and writing in Ruby still makes me happy. It’s also fast, secure and reliable. ...

NB: Linebreaks (\) have been added to the CLI commands for readability. I am in the process of setting up an AWS account for my family and part of that initial setup is to create users and roles for family members. Everyone receives readonly privileges and has to assume an IAM to gain elevated privileges. The people who are allowed to assume these elevated privileges must have a valid MFA session. ...

If you program in Go and use it to access AWS resources, you’ll notice that each of the services in the SDK require a region to be explicitly specified. This is because AWS constructs an API endpoint that is region-specific and some company resources may exist in a specific region (not necessarily where the code is being run). If the code is knowingly trying to access AWS resources in the same region, it can be annoying to hardcode a region into the code. It makes the code rigid and brittle (non-portable). There is a way to have your code automatically determine its region. ...

Use Case While building infrastructure, especially in The Cloud, you often come across the need to manage a subdomain. Perhaps you have something like staging.example.com that will be wholly managed within Route53 (Amazon Web Services’ DNS service). However, your company’s DNS zone (example.com) is hosted in another place, say, Namecheap (a domain registrar) or Dyn (a DNS management service). What can you do? The Answer The answer is that you need to delegate your DNS subdomain to Route53. This sounds a lot more difficult than it actually is. DNS delegation involves taking a subdomain and pointing it to another set of DNS records. You need permissions to modify both a Route53 hosted zone and your DNS zone in the other DNS service. ...

I’m currently reading the book, Drive, by Daniel Pink. In the Introduction the author sets out the 4 main psychological needs, much like the physical needs set out by Maslow. Here are the psychological needs: We need to feel we belong. We need to feel valued. We need to feel we’re good at something. We need to feel we have a secure future. That’s a lot of feeling, but this is profound. It corresponds directly to what I’ve said before (and possibly written here) that I look for in an employer: money, people, and work. Money helps to pay for things, and it helps to show value in someone (granted, it’s an extrinsic value). People helps define the belonging. And work defines that we are good at something. But the last psychological need, I missed that. ...

These are the songs I was listening to this year. Ni**as In Paris – JAY-Z, Kanye West – Watch The Throne Closer – The Chainsmokers, Halsey – Closer Starboy – The Weeknd, Daft Punk – Starboy Cake By The Ocean – DNCE – DNCE Party Rock Anthem – LMFAO, Lauren Bennett, Goon Rock – Sorry For Party Rocking Through The Wire – Kanye West – The College Dropout Flashing Lights – Kanye West – Graduation WTF (Where They From) – Missy Elliot, Pharrell Williams – WTF (Where They From) Amerika – Wintersleep – The Great Detachment Temperature – Sean Paul – The Trinity Can’t Feel My Face – The Weeknd – Beauty Behind The Madness Ghosts ’n’ Stuff – deadmaus, Rob Swire – For Lack of a Better Name Turn Down for What – DJ Snake, Lil Jon – Turn Down for What Beautiful People – Chris Brown, Benny Benassi – F.A.M.E. Downtown – Macklemore & Ryan Lewis – This Unruly Mess I’ve Made Elastic Heart – Sia – 1000 Forms Of Fear Chandelier – Sia – 1000 Forms Of Fear Nightcall – Kavinsky – Nightcall Why’d You Only Call Me When You’re High? – Arctic Monkeys – AM Rock DJ – Robbie Williams – Sing When You’re Winning Paper Planes – M.I.A. – Kala Somebody That I Used To Know – Gotye, Kimbra – Making Mirrors Cheap Thrills – Sia, Sean Paul – Cheap Thrills Lean On – Major Lazer – Peace Is The Mission Give Me Everything – Pitbull, Ne-Yo, Afrojack, Nayer – Planet Pit Through the Night – Grum – Heartbeats Hypnotize - 2014 Remaster – The Notorious B.I.G. – Life After Death Big Poppa - 2005 Remaster – The Notorious B.I.G. – Ready to Die Still Not a Player – Big Pun, Joe – The Legacy: The Best of Big Pin Break Ya Neck – Busta Rhymes – Genesis It Was A Good Day – Ice Cube – The Predator Working For It – ZHU, Skrillex, THEY. – GENERATIONWHY Wrong – Depeche Mode – Sounds Of The Universe Thinking out Loud – Ed Sheeran – x Watch Me (Whip / Nae Nae) – Silento – Watch Me (Whip / Nae Nae) Mad World – Gary Jules, Michael Andrews – Trading Snakeoil for Wolftickets M.A.D – Hadouken! – M.A.D. New York Groove – Ace Frehley – Kiss; Ace Frehley Red Alert – Basement Jaxx – The Singles Hold Me – Delta Heavy – Overkill / Hold Me Shape of You – Ed Sheeran – Shape of You Move Your Feet – Junior Senior – d-d-don’t don’t stop the beat Down By The Water – PJ Harvey – To Bring You My Love Welcome to the Black Parade – My Chemical Romance – The Black Parade Daydream Believer – The Monkees – The Birds, The Bees, & The Monkees Abracadabra – Steve Miller Band – Abracadabra Jumper – Third Eye Blind – Third Eye Blind Ruiner – Nine Inch Nails – The Downward Spiral Break My Stride – Matthew Wilder – ’80s Pop Hits You Make My Dreams (Come True) – Daryl Hall & John Oates – The Essential Daryl Hall & John Oates Boogie Wonderland – Earth, Wind & Fire, The Emotions – I Am September – Earth, Wind & Fire – Now, Then & Forever Modern Love – David Bowie – Legacy Let’s Groove – Earth, Wind & Fire – 80s 100 Hits Give It Up – KC & The Sunshine Band – 80s 100 Hits I Believe in a Thing Called Love – The Darkness – Permission to Land Swish Swish – Katie Perry, Nicki Minaj – Witness Hotline Bling – Drake – Views And that’s it for 2017! See you next year! ...

This article assumes intermediate knowledge of an EC2 instance’s lifecycle and various AWS services. When an Linux EC2 instance starts up, user data runs as part of the cloud-init system. This allows system administrators to configure an EC2 instance at runtime, exactly once, as user data does not automatically run ever again once the server has started. At Unbounce, we built our user data to install our services onto the machine at runtime, then configure it for the specific environment (production, staging, etc.) that it required. One issue was what to do with failures within the user data script. When a failure happens and fails to start the service successfully, the machine (if behind an auto-scaling group) will be terminated and we lose why the user data failed. The first fix for this is to use off-box logging, like Cloudwatch Logs or, in our case, SumoLogic. That helped, but the turnaround time between the log service receiving the log entry and developers being notified can reach upwards of 5 minutes. By that time, the box is dead and gone. And this all assumes that enough user data ran to configure and start the off-site logging service successfully. ...

During beer o’clock at work, I happened upon Roman, who is a software developer on our API and Integrations team. He asked for my opinion on creating a sort-of “contract” between teams when setting up SNS topics and subscribing them to SQS queues. Now, this is how conversations with me often start. I’m a software developer by trade, but I have my feet in cloud infrastructure and security as well so, at the very least, I’m a good sounding board for people’s architecture ideas. I pushed a bit deeper and he finally relented and stated that he doesn’t want to think about the infrastructure, only the contract between teams and, really, he wants to emit an event and have it consumed by someone else… if they care enough to consume it. ...

Recently, the CodeCommit service from AWS became available in Canada (ca-central-1 region). As I’m Canadian, I like to keep my hosting as close to home as possible, for myriad reasons, but mainly because each commit getting appended with “eh!”. The CodeCommit service from Amazon (AWS) hosts Git repositories. That’s about it. It’s no Github or Gitlab, but it does ensure at-rest encryption and access is limited to specific IAM users. If you just need private Git hosting for free (or on the cheap) without any WebUI help, CodeCommit is good. ...

Secrets management is a constant topic for debate in tech and security circles, even more so for users of cloud providers. There are solutions like Hashicorp Vault, Sneaker, and Credstash (even a locked down S3 bucket) that we have looked at using at Unbounce. Each solution has its own level of complexity to setup and maintain. All of these solutions suffer from the same problem, which I like to call “Step 0” or, how the heck do I manage the master key that unlocks everything? At some point in the encryption process, trust has to be established and that is the point where encryption cannot be used (Step 0). ...