WordPress Security

Background In 2019, I moved this site to WordPress hosted on an Amazon Lightsail instance. There were few visits at that time so I lived with the single-server architecture. The website traffic has since been in steady growth but I have been too busy to catch up with the WordPress security setup. In July 2023, … Read moreWordPress Security

The Systems Manager Hodgepodge

Introduction to Systems Manager AWS Systems Manager addresses a lot of SysOps requirements for configuration management, including server automation. In this domain, there is another AWS service called OpsWorks. However, with OpsWorks Stack, OpsWorks Chef and OpsWorks Puppet all coming EOL in 2024, the entire OpsWorks service is mostly deprecated. By partnering with leaders such … Read moreThe Systems Manager Hodgepodge

Orchestrate Landing Zone with Landing Zone Accelerator on AWS

As a continuation to the last post, we explore the Landing Zone Accelerator on AWS (LZA) as an orchestration tool in this post. LZA borrows a lot from the ASEA, an accelerator project to deploy the security reference architecture (SRA). LZA is a multi-purpose project that consists of both the orchestration engine (the accelerator itself) … Read moreOrchestrate Landing Zone with Landing Zone Accelerator on AWS

Orchestrate Landing Zone with AWS Control Tower

Following an introduction to AWS Landing Zone, I’ll dive deeper into Control Tower as an orchestration tool in this post. More on Landing Zone In data center operation, there are numerous tasks that other teams have to complete before the the deployment of an application. For example, the 42U server cabinet must be in place … Read moreOrchestrate Landing Zone with AWS Control Tower

Authentication to kube-apiserver via OIDC

Background There are many benefits of using OIDC to authenticate to kube-api server, especially with multiple clusters that need consistent log-in experience. With the last post on how OIDC Authorization Code Flow works, now I will discuss options with authentication for kubectl to connect to kube API server. To start, let’s look at the anatomy … Read moreAuthentication to kube-apiserver via OIDC

OAuth 2.0 and OIDC 2 of 2

I wrote a brief on this topic a while back. Now I need to configure OIDC in a few occasions I decide to dive deeper into the flows this time. As I stated in the last post, Nate Barbettini’s presentation from 2017 was awesome and I viewed it again. Slides are available here. Another great … Read moreOAuth 2.0 and OIDC 2 of 2