Home ¦ Posts ¦ Books ¦ Articles ¦ Talks ¦ Notes > Category: infrastructure ¦ Atom

Posts on infrastructure

Docker userns-remap and system users on Linux

In this post, we learn how we can make use of docker's user namespacing feature on Linux in a CI/build environment to avoid running into permission issues. Using user namespacing also keeping things a bit sane without adopting sub-optimal alternatives.


Let's consider that we are leveraging docker …

AWS Private Route53 DNS and Docker containers

AWS Route 53 private hosted zones enable you to have private DNS names which only resolve from your VPC. This is great when working from EC2 instances since everything is setup and ready to go. This however becomes a problem when using docker containers on a systemd system. On such …

AWS Network ACLs and ephermal port ranges

In this post, I discuss a problem (and its solution) I encountered while working with AWS (Amazon Web Services) Network ACLs, docker containers and ephermal port ranges.

Infrastructure setup

A Linux EC2 instance with docker engine running in a VPC with inbound and outbound traffic controlled by Network ACLs. I …

Managing AWS lambda functions from start to finish with Terraform

AWS lambda functions look deceptively simple. The devil is in the details though. Once you have written the code and have created a .zip file, there's a few more steps to go.

For starters, we need an IAM profile to be defined with appropriate policies allowing the function to access …

On running Windows Docker containers

I went into working with Windows docker containers after having been worked with docker on Linux exclusively. My goal was to have isolated environments for each build in a continuous integration pipeline. That is, each build happens on an exclusive build host (AWS EC2 VM instance) and every database and …

Using Terraform with consul remote backend

In my new post on the CodeShip blog, I discuss configuring terraform with a consul remote backend. The entire aricle is available here.

The accompanying git repository is here. Please file an issue if you have trouble following the setup.

Notes on using Cloudflare DNS over HTTPS

I recently learned about Cloudflare's DNS service. One of the more interesting things that caught my attention there was DNS over HTTPS. That is, we can do this:

22:27 $ http 'https://cloudflare-dns.com/dns-query?ct=application/dns-json&name=echorand.
HTTP/1.1 200 OK …

Setting up AWS EC2 Assume Role with Terraform

In this post, we will see how we can implement the AWS assume role functionality which allows an IAM role to be able to obtain temporary credentials to access a resource otherwise only accessible by another IAM role. We will implement the infrastructure changes using Terraform and see how to …

Doing something before systemd shuts your supervisord down

If you are running your server applications via supervisord on a Linux distro running systemd, you may find this post useful.

Problem Scenario

An example scenario to help us establish the utility for this post is as follows:

  • systemd starts the shutdown process
  • systemd stops supervisord
  • supervisord stops your processes …

Tip: Terraform and AWS Security Group rules in EC2 classic

When using Terraform's aws_security_group_rule with EC2 classic, you may get an error saying that the source security group doesn't exist, even though it does. That's probably because you (like me and others) used the source security group ID and not the security group name, like so:

resource "aws_security_group_rule" "my_sg_rule" {
  type …

© Amit Saha. Built using Pelican. Customised theme based on the one by Giulio Fidente on github.