Micah
@micah.carrick.social
architect • software maker • nature lover • traveler • party-pace cyclist • he/him
Plus you want layers upon layers of networking abstractions so may as well use kuma on istio on K8's networking on AWS networking. You know... just in case.
June 2, 2025 at 6:55 PM
Plus you want layers upon layers of networking abstractions so may as well use kuma on istio on K8's networking on AWS networking. You know... just in case.
Oh why didn't I think about that when I was troubleshooting the aws-load-balancer-controller the other day.
May 30, 2025 at 3:03 PM
Oh why didn't I think about that when I was troubleshooting the aws-load-balancer-controller the other day.
I'm confident we could unnecessarily spend even more money. Throw it in EKS, WAF and Shield, SSM, SES, Cognito, Prometheus MS... oh how we could stack up the per-request cost.
May 30, 2025 at 3:02 PM
I'm confident we could unnecessarily spend even more money. Throw it in EKS, WAF and Shield, SSM, SES, Cognito, Prometheus MS... oh how we could stack up the per-request cost.
The other security challenges with the bastion hosts is you need to patch the OS regularly, rotate keys, harden the SSH config and keep up with encryption algos, ship audit logs, etc. Using the AWS services it's all native AWS services. You manage IAM users rather than separate Linux users.
February 25, 2025 at 3:34 PM
The other security challenges with the bastion hosts is you need to patch the OS regularly, rotate keys, harden the SSH config and keep up with encryption algos, ship audit logs, etc. Using the AWS services it's all native AWS services. You manage IAM users rather than separate Linux users.
Instance Connect is also pretty great. The age of bastion hosts is over.
February 25, 2025 at 3:30 PM
Instance Connect is also pretty great. The age of bastion hosts is over.
I finally purged my stacks of outdated tech books. I had a lot of similar books to yours... back when sites had a badge for "Optimized for Netscape Navigator at 800x600".
The only one I kept was K&R's C Programming Language.
The only one I kept was K&R's C Programming Language.
February 24, 2025 at 4:38 PM
I finally purged my stacks of outdated tech books. I had a lot of similar books to yours... back when sites had a badge for "Optimized for Netscape Navigator at 800x600".
The only one I kept was K&R's C Programming Language.
The only one I kept was K&R's C Programming Language.
I have successfully used OpenTofu on about a half dozen Terraform projects--easily hundreds of lines. No issues.
February 1, 2025 at 7:53 PM
I have successfully used OpenTofu on about a half dozen Terraform projects--easily hundreds of lines. No issues.
NAT Gateway is awesome from technical perspective but costs can be steep. I always rule out NAT instances first (eg. outbound calls are not in the critical path of the service or failover is acceptable over HA). VPC endpoints are almost always a good idea.
January 14, 2025 at 7:25 PM
NAT Gateway is awesome from technical perspective but costs can be steep. I always rule out NAT instances first (eg. outbound calls are not in the critical path of the service or failover is acceptable over HA). VPC endpoints are almost always a good idea.
When I was in my 20's I would always say "I'll do anything except security and networking". Somehow my career path instead lead me to security and IAM expertise... go figure. So those are technologies I now love. But I sympathize with your pain... those are no fun if it's not your bag.
January 7, 2025 at 10:30 PM
When I was in my 20's I would always say "I'll do anything except security and networking". Somehow my career path instead lead me to security and IAM expertise... go figure. So those are technologies I now love. But I sympathize with your pain... those are no fun if it's not your bag.
I'd also say accept that different people bring different strengths to the review. One might quickly identify a pitfall of a big-picture design pattern, another might be quick to find code that's hard to test, and another that sees code that's not DevOps friendly... or maybe just find my typos :)
January 7, 2025 at 10:22 PM
I'd also say accept that different people bring different strengths to the review. One might quickly identify a pitfall of a big-picture design pattern, another might be quick to find code that's hard to test, and another that sees code that's not DevOps friendly... or maybe just find my typos :)
In my experience it needs to be built into the team culture by setting examples and mentorship. It takes time. Some folks are anxious about being critical or "wrong". Make it a safe process and a learning tool by pairing experienced and new engineers on big reviews or even do some team reviews.
January 7, 2025 at 10:17 PM
In my experience it needs to be built into the team culture by setting examples and mentorship. It takes time. Some folks are anxious about being critical or "wrong". Make it a safe process and a learning tool by pairing experienced and new engineers on big reviews or even do some team reviews.