Public Key Infrastructure 1 of 3 – Basics

In 2021, I wrote an intro to Public Key Infrastructure (PKI). Now that I have to host my own certificate authority, I decide to dive a little deeper into PKI in this series of posts. In software testing scenario, we need to issue (and recycle) a lot of certificates, and manage their lifecycle events such … Read morePublic Key Infrastructure 1 of 3 – Basics

Workload Identity on Kubernetes 2 of 2 – EKS

I discussed in my previous post on workload identity and dived into how it works in AKS (Azure Kubernetes Service). In this post I will continue the topic with AWS as the example. From the perspective of CSP, we consider any running process on the cloud resource as workload. Therefore, I’ll start with control plan … Read moreWorkload Identity on Kubernetes 2 of 2 – EKS

Workload Identity on Kubernetes 1 of 2 – AKS

As applications are moved to the cloud, the application workload hosted on virtual machines need to interact with cloud resources. For this, we need an IAM solution with two mechanisms: CSPs such as Azure and AWS have their own implementations of the two mechanism. In Azure, we have Entra workload identity (including service principal and … Read moreWorkload Identity on Kubernetes 1 of 2 – AKS

WordPress Security Basics

Background In 2019, I moved this site to WordPress hosted on an Amazon Lightsail instance. There were few visits at that time so I lived with the single-server architecture. The website traffic has since been in steady growth but I have been too busy to catch up with the WordPress security setup. In July 2023, … Read moreWordPress Security Basics

The Systems Manager Hodgepodge

Introduction to Systems Manager AWS Systems Manager addresses a lot of SysOps requirements for configuration management, including server automation. In this domain, there is another AWS service called OpsWorks. However, with OpsWorks Stack, OpsWorks Chef and OpsWorks Puppet all coming EOL in 2024, the entire OpsWorks service is mostly deprecated. By partnering with leaders such … Read moreThe Systems Manager Hodgepodge

Orchestrate Landing Zone with Landing Zone Accelerator on AWS

As a continuation to the last post, we explore the Landing Zone Accelerator on AWS (LZA) as an orchestration tool in this post. LZA borrows a lot from the ASEA, an accelerator project to deploy the security reference architecture (SRA). LZA is a multi-purpose project that consists of both the orchestration engine (the accelerator itself) … Read moreOrchestrate Landing Zone with Landing Zone Accelerator on AWS