In this post we'll talk about using a specific Top Level domain to separate your internal application infrastructure addresses from what you're users see. Further, how to provide team level autonomy to using DNS delegation to provide a predictable naming strategy. The Problem One of the big issues with DNS management is the security elements... Continue Reading →
Manage Cross team terraform and azure-cli versions with docker
One of the issues with having multiple teams, and pushing for autonomy to choose everything from infrastructure to languages, is making sure that you have the right versions of everything installed. As developers, we want to be on the bleeding edge, playing with new things, new versions, etc. However, that can have an impact beyond... Continue Reading →
Writing IAM PolicyDocuments in Pulumi C#
I've playing with Pulumi recently, and came across an issue trying to generate an IAM PolicyDocument that included an ARN resource. After hours of searching and trying to get my head around the Ouput<T> types, I found Output.Format(). The Problem Pulumi allows you to define everything you want to create in C#. What it also... Continue Reading →
Deploying .NET Core to Linux using CodeDeploy
I'm a big AWS fanboy, and although I absolutely love Octopus Deploy and advocate for it wherever I go, CodeDeploy is my preferred method of deploying in AWS. That said, when working with Linux and .NET core it's not a simple process to get things deployed seamlessly (at least as a Windows dev). In this... Continue Reading →
Serilog and CloudWatch (with inbuilt credentials)
In this post we'll look at the best way to get Serilog entries to push to Cloudwatch in the most unobtrusive way. Serilog is the defacto standard for logging in dotnet core. It provides integration with the ILogger interface, along with supports structured logging. Beyond that integration, it has extensive support for a multitude of... Continue Reading →
AKS PodIdentity – ServicePrincipals for K8s Pods – Part 2 (Implementation)
From Part 1 you should know a bit about what PodIdentity is, and why it's an important addition. In this Part, we'll set out the basics of adding it, and then using it, with an example. 1. Create your identity This is the identity that you would like your pods to assume. It's also what... Continue Reading →
AKS PodIdentity – ServicePrincipals for K8s Pods – Part 1 (Intro)
I've recently started in the world of Kubernetes (or K8s as you cool kids call it), and for the most part, I've been able to map MOST of the concepts of Instance based deployments in AWS, to Kubernetes configurations in AKS/Azure. However, we hit an issue when it came to credentials. The Problem When we... Continue Reading →
Make it easy to accept your talk!
Curating an agenda for a conference is a hard thing to do. I highly doubt that you thought otherwise, but I also doubt you understand exactly HOW hard it is (I certainly didn't). For the last 2 years, I've been involved in curating the agenda for the best developer conference in the UK (and probably... Continue Reading →
From 1000 submissions to 100 slots, the story of the 10%
This year, I've had the enormouse pleasure of working on the agenda committee for the best developer conference in the UK, NDC London. Obviously I'm slightly biased as I've been going to this conference for the last 4 years, and I love everything about it. Being behind the curtain this year has given me an... Continue Reading →
Opinionated Approach to AWS Account Separation
Maintaining multiple accounts in AWS is an utter pain. If you have effectively separated your accounts for things like Dev/Test, Production that's not too bad, 2 IAM users, with 2FA shouldn't be too difficult. However, if you throw into that, separating operations infrastructure (build and deployment services, Monitoring, alerting, etc), then think about customer separation,... Continue Reading →
