- Dec 30, 2024
by Petri Kallberg
In this episode I've inherited an old web service build on common VPC design for its time. Architecture is basicly ok and fit for the purpose. Public and private resources are in their separate subnets. Only the application load balancer (ALB) is exposed to internet and EC2 instances in private subnets are protected from direct internet access. But today we can do better and with little effort, make it run better, cheaper and be more secure. Pick any 3 ;-)
- Nov 29, 2024
by Petri Kallberg
At the age of genAI it is valuable to have access to expert generated content and not just trying out random advices found from internet forums full of chatbots. If you are working as linux admin, and especially when using RHEL or one of it's derivative distributions Red Hat Knowledge Base can become very helpful resource. But some of the content requires a subscription ...
- Nov 2, 2024
by Petri Kallberg
First +10 years of AWS service lifecycle management was just continous stream of announcements about new services and features. And many (most?) of the services that got out to public are still there with backwards compatibility all the way to the beginnings. But it isn't realistic to think one could just continue building new stuff year after year. At some point you must start end-of-life process for features and services that no longer meet customer demand, have been replaced by more efficient alternatives or have become blocker for future development.
- Jul 31, 2024
by Petri Kallberg
I've been hanging around at repost.aws for a while because the best way to keep your skills fresh is to see what challenges other people have in real life and check if can solve those. And maybe learn something new during the process. That is also how this post got started ...
- May 21, 2024
by Petri Kallberg
This got started when my colleaque came asking how to implement a simple shared password authentication for a web service that must be exposed to public but should be kept off from random browsers. In this context public could be understood as public internet or intranet of a company. My initial reaction was, this is an easy thing to do with ALB and Cognito. Unfortunately this combination wasn't supported at eu-north-1 -region. Ok, but there must be tons of examples how to add HTTP Basic Auth to ALB with Lambda ... but my googling produced no usable results.
