Home ¦ Posts ¦ Books ¦ Articles ¦ Talks ¦ Notes > Category: infrastructure ¦ Atom

Posts on infrastructure

Let's Encrypt, GoDadday DNS and IIS server

I wanted to create a new SSL certificate for IIS hosted ASP.NET framework application. The key data that may make this post relevant to you are:

  • Let's Encrypt Challenge mode: DNS TXT record
  • DNS provider: GoDaddy
  • Target web server: IIS
  • Target operating system: Windows
  • Local operating environment/system: Linux …

AWS VPC subnets and Internet connectivity over IPv4

We can have two kinds of subnets inside a AWS VPC - private and public. A public subnet is one which is attached to an Internet Gateway. This essentially adds a routing table entry to the subnet's routing table sending all Internet traffic to an Internet Gateway. On the other hand …


Docker userns-remap and system users on Linux

In this post, we learn how we can make use of docker's user namespacing feature on Linux in a CI/build environment to avoid running into permission issues. Using user namespacing also keeping things a bit sane without adopting sub-optimal alternatives.

Introduction

Let's consider that we are leveraging docker …


AWS Private Route53 DNS and Docker containers

AWS Route 53 private hosted zones enable you to have private DNS names which only resolve from your VPC. This is great when working from EC2 instances since everything is setup and ready to go. This however becomes a problem when using docker containers on a systemd system. On such …


AWS Network ACLs and ephermal port ranges

In this post, I discuss a problem (and its solution) I encountered while working with AWS (Amazon Web Services) Network ACLs, docker containers and ephermal port ranges.

Infrastructure setup

A Linux EC2 instance with docker engine running in a VPC with inbound and outbound traffic controlled by Network ACLs. I …


Managing AWS lambda functions from start to finish with Terraform

AWS lambda functions look deceptively simple. The devil is in the details though. Once you have written the code and have created a .zip file, there's a few more steps to go.

For starters, we need an IAM profile to be defined with appropriate policies allowing the function to access …


On running Windows Docker containers

I went into working with Windows docker containers after having been worked with docker on Linux exclusively. My goal was to have isolated environments for each build in a continuous integration pipeline. That is, each build happens on an exclusive build host (AWS EC2 VM instance) and every database and …


Using Terraform with consul remote backend

In my new post on the CodeShip blog, I discuss configuring terraform with a consul remote backend. The entire aricle is available here.

The accompanying git repository is here. Please file an issue if you have trouble following the setup.


Notes on using Cloudflare DNS over HTTPS

I recently learned about Cloudflare's 1.1.1.1 DNS service. One of the more interesting things that caught my attention there was DNS over HTTPS. That is, we can do this:

22:27 $ http 'https://cloudflare-dns.com/dns-query?ct=application/dns-json&name=echorand.
me'
HTTP/1.1 200 OK …

Setting up AWS EC2 Assume Role with Terraform

In this post, we will see how we can implement the AWS assume role functionality which allows an IAM role to be able to obtain temporary credentials to access a resource otherwise only accessible by another IAM role. We will implement the infrastructure changes using Terraform and see how to …

© Amit Saha. Built using Pelican. Customised theme based on the one by Giulio Fidente on github.