Archive of posts with category 'DevOps'
Terraform State Locking with S3 and DynamoDB in 2026
The moment two engineers run terraform apply at the same time without state locking, you have a race condition that can corrupt your entire infrastructure state. Both processes read the...
GitLab CI Environments and Review Apps in 2026
Review apps changed how my team does code review. Instead of reading diffs, reviewers click a link and see the actual change running. The designer can verify spacing on the...
Scrum + Team Topologies: Why Your DevOps Team Structure Might Be Slowing You Down
I spent three years at a company that spent $4 million on “DevOps transformation.” New tools, new cloud infrastructure, training budgets, the works. The velocity of the platform stayed flat....
OPA + Terraform: Policy-as-Code Guardrails in 2026
The first time someone accidentally created a p4d.24xlarge instance in production, we started taking policy-as-code seriously. No one meant to. The Terraform code was correct, the pipeline ran fine, the...
Terraform Testing in 2026: Native Tests, Terratest, and OPA
I shipped Terraform code without tests for years. Then a terraform apply deleted a production database because a conditional flipped. The resource had a lifecycle { prevent_destroy = true }...
AWS VPC Design Patterns in 2026: From Single Account to Multi-Account Landing Zone
The VPC decisions you make on day one will follow you for years. I’ve lived through the consequences—redesigning a network that was built without proper CIDR planning, watching a simple...
Migrate Jenkins to GitLab CI: The Complete 2026 Guide
I’ve migrated three organizations from Jenkins to GitLab CI. Here’s everything I wish someone had told me before starting.
GitLab CI Parallel Jobs and Matrix Builds for Monorepos
Our monorepo pipeline used to take 15 minutes. Every commit ran tests for the API, the background worker, and the frontend — in sequence, regardless of what changed. A one-line...
SBOM + Container Signing on GitLab CI: Supply Chain Security in 2026
Two years ago, SBOMs were a checkbox on a compliance spreadsheet. In 2026, they’re a hard requirement. The US Executive Order 14028 mandated that any software sold to federal agencies...
Platform Engineering with Backstage on AWS: A Practical Guide for 2026
I watched a backend engineer spend two hours yesterday trying to figure out which CloudFormation template to use for their new service. They had three options in a Confluence page....
Terraform + MCP: AI Agents Managing Infrastructure in 2026
I’ve been using Terraform MCP for three months now, and it’s the most significant shift in how I interact with infrastructure since Terraform itself. That’s not hyperbole. I can ask...
GitLab CI Services: Run Databases in Your Pipeline Tests
The first time I tried running integration tests in GitLab CI, I hardcoded a database connection to localhost and wondered why nothing worked. The job would spin up, find no...
Terraform for_each vs count: When to Use Each in 2026
I’ve made the mistake of using count where I should have used for_each. Most people have. You end up with a Terraform state that looks reasonable until you need to...
OpenTelemetry + CloudWatch: Practical Observability for AWS in 2026
I used to instrument AWS services the hard way. AWS X-Ray SDK here, CloudWatch Logs there, custom metrics scattered across a dozen boto3 calls. Each service had its own observability...
GitLab CI/CD + Terraform: A Production IaC Pipeline in 2026
Most tutorials show you how to run terraform apply on a git push and call it a day. I’ve inherited infrastructure built that way. It’s chaos. Drift accumulates silently. Rollbacks...
Terraform vs OpenTofu 2026: Which One Should Your Team Use?
When HashiCorp changed Terraform’s license in August 2023, it forced a reckoning across the infrastructure-as-code community. The shift to the Business Source License (BSL) sent shockwaves through organizations that had...
Spring AI + Amazon Bedrock + MCP: A Practical Java Stack for AI Agents
Java teams already have enough framework churn. Most of them are not looking for a new agent platform. They want to keep Spring Boot, add model access, expose a few...
Bedrock AgentCore Stateful MCP Servers: Elicitation, Sampling, and Long-Lived Context
On March 10, 2026, AWS added stateful MCP server features to Amazon Bedrock AgentCore Runtime. If you only read the headline, it sounds like a protocol update. It is more...
AWS Agent Registry Preview: Govern Agents, MCP Servers, and Skills at Scale
On April 9, 2026, AWS launched AWS Agent Registry in preview inside Amazon Bedrock AgentCore. That launch matters because most teams are no longer struggling with a single agent demo....
Amazon EKS Auto Mode in Production: What AWS Manages and What You Still Own
AWS announced Amazon EKS Auto Mode on December 1, 2024. The deeper “under the hood” explanation followed on March 31, 2025. On February 10, 2026, AWS added CloudWatch Vended Logs...
Hybrid RAG on AWS: Amazon Bedrock and OpenSearch That Hold Up in Production
On March 1, 2024, AWS added hybrid search to Knowledge Bases for Amazon Bedrock for Amazon OpenSearch Serverless. On March 27, 2025, AWS added Amazon OpenSearch Managed Cluster as a...
How to Test AI Agents in CI/CD with Bedrock AgentCore Evaluations
AWS made Amazon Bedrock AgentCore Evaluations generally available on March 31, 2026. That launch matters because it answers the first serious production question every agent team eventually hits: how do...
Build Coding Agents on AgentCore: Shell Commands and Persistent Session Storage
Amazon Bedrock AgentCore got two features in March 2026 that matter far more than the marketing language around them. On March 17, 2026, AWS launched shell command execution in AgentCore...
VPC Lattice vs ECS Service Connect: Choose the Right AWS Service Connectivity Boundary
Amazon ECS Service Connect and Amazon VPC Lattice both improve service-to-service connectivity on AWS, but they do not solve the same boundary. Amazon ECS Service Connect launched on November 27,...
Terraform Stacks: Multi-Environment State Management
Terraform workspaces seemed like the solution to multi-environment management — one configuration, many states. Then teams discovered the problems: workspace sprawl, no isolation between environments at the module level, and...
Pulumi vs Terraform: Choosing the Right Infrastructure as Code Tool
Terraform and Pulumi solve the same problem — declaring cloud infrastructure and tracking its state — but with fundamentally different approaches to how you express that declaration. Terraform uses HCL,...
Prometheus and Grafana on EKS: Kubernetes Monitoring from Scratch
The kube-prometheus-stack Helm chart installs Prometheus, Alertmanager, Grafana, and a collection of default Kubernetes dashboards in about five minutes. That’s the fastest path to useful EKS monitoring. The harder part...
MiniStack: LocalStack Went Paid, Here Is the Free Replacement
LocalStack built something genuinely useful. A local emulator for AWS services that let you test Lambdas, S3 buckets, SQS queues, and DynamoDB tables without touching a real AWS account. For...
Kyverno Policy-as-Code on EKS: Validate, Mutate, Generate
Kubernetes RBAC controls who can do what, but it doesn’t control whether the things they do are safe. A developer with namespace-level deploy access can create a Pod without resource...
Kubernetes v1.36: What's New
Kubernetes v1.36 shipped April 22, 2026, with 64 enhancements across the release: 17 graduating to stable, 18 moving to beta, and 24 entering alpha. The headline is sidecar containers reaching...
Kubernetes Gateway API: Migrating Away from ingress-nginx
ingress-nginx is End of Life. CVE-2026-4342 — a configuration injection vulnerability enabling potential code execution — was disclosed in April 2026 against all versions below v1.13.9, v1.14.5, and v1.15.1. The...
Kiro: AWS's Agentic AI IDE Built Around Spec-Driven Development
AWS launched Kiro on July 14, 2025. It’s an agentic IDE built on Code OSS (the open-source foundation of VS Code) and it makes a specific bet: the biggest problem...
Helm Charts on EKS: Packaging, Versioning, and Managing Kubernetes Applications
Helm is the package manager for Kubernetes. Raw YAML manifests work fine for a single deployment in one environment. Once you need the same application in staging, production, and three...
GitLab Runner Tags: The Complete Guide for 2026
At some point in every GitLab CI/CD setup, the single shared runner stops being enough. Backend tests queue behind someone’s slow frontend build. GPU jobs wait on the same runner...
GitLab + ArgoCD: GitOps Deployments on EKS in 2026
I spent three years pushing changes to Kubernetes with kubectl apply inside CI/CD pipelines. Every deployment required cluster credentials in GitLab. Every pipeline failure left the cluster in an unknown...
GitHub Actions vs GitLab CI: A Practical Comparison for 2026
Both platforms started at essentially the same place and have converged to a point where the pipeline YAML looks almost identical. The real differences are in pricing model, ecosystem integration,...
GitHub Actions with Terraform: Plan on PR, Apply on Merge
The manual Terraform workflow — terraform plan on your laptop, peer-review the output in Slack, terraform apply if it looks right — breaks down around the time your team hits...
GitHub Actions Deploy to AWS: OIDC, IAM Roles, and Real Workflows
In 2021, GitHub released OIDC support for Actions — and quietly made static AWS access keys in CI/CD pipelines obsolete. The old approach required storing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as GitHub...
Flux CD + OpenTofu: GitOps for Kubernetes and Infrastructure
HashiCorp switched Terraform to the Business Source License in August 2023. Within weeks, the OpenTofu fork was announced under the Linux Foundation, accepted as a CNCF project, and had a...
EKS Networking Deep Dive: VPC CNI, IP Exhaustion, and Pod Networking
Running out of IP addresses in production at 2 AM is a specific kind of bad. It happens in EKS clusters when the VPC CNI plugin has allocated every available...
EKS Karpenter Autoscaling: Faster Nodes, Smarter Scheduling
Karpenter hit v1.0 in late 2024, and for most EKS clusters it’s now the better choice over Cluster Autoscaler. The performance difference alone is enough to justify the switch: Cluster...
Amazon EKS Getting Started: Running Kubernetes on AWS in 2026
AWS re:Invent 2023 had a stat that keeps coming up in job postings: EKS adoption grew 88% year-over-year among enterprise AWS customers. That number isn’t surprising if you’ve been watching...
EKS Fargate Deep Dive: When to Use It and When to Stay on Managed Nodes
A batch job that runs for eight minutes, three times a day. A CI pipeline that spins up test pods on every commit. An API that handles zero traffic on...
EKS Cluster Upgrade: Zero-Downtime Playbook
AWS EKS standard support ends 14 months after a Kubernetes version’s upstream release. Extended support adds another 12 months but costs $0.60 per cluster per hour on top of normal...
EC2 Auto Scaling Groups: Complete Guide to Scaling Policies and Launch Templates
EC2 Auto Scaling has been around since 2009, but teams still misconfigure it in ways that cost them money or reliability. The most common mistake: using simple scaling policies instead...
Docker Multi-Stage Builds: Smaller Images and Faster CI Pipelines
A Node.js application shipped as a Docker image with all development dependencies included: node_modules with Jest, ESLint, TypeScript compiler, and hundreds of transitive dev dependencies baked in. The image weighs...
Crossplane vs Terraform in 2026: Which IaC Approach Wins?
I’ve been running Crossplane alongside Terraform for six months. Here’s my honest take on where each one shines.
CloudWatch Container Insights for EKS: Metrics, Logs, and Dashboards
Running Kubernetes on EKS without Container Insights is like flying without instruments. You can see your pods are running, but when a node is memory-pressured and pods start getting OOMKilled,...
Bedrock AgentCore Gateway Server-Side Tool Execution: Cleaner Than Client Tool Loops
On February 24, 2026, AWS announced server-side tool execution for Amazon Bedrock through Amazon Bedrock AgentCore Gateway integration with the Responses API. That launch changes a stubborn problem in agent...
AWS X-Ray: Distributed Tracing for Debugging Microservices
X-Ray answers the question that CloudWatch logs and metrics can’t: why is this specific request slow? Logs tell you something happened. Metrics tell you how often. X-Ray tells you exactly...
AWS Transit Gateway: Hub-and-Spoke Networking at Scale
At five VPCs, full-mesh VPC peering starts to feel manageable. At ten it’s annoying. At twenty, you have 190 peering connections to maintain, each with its own route table entries,...
AWS SSM Session Manager: Kill Your Bastion Hosts
Every bastion host in your architecture is a maintenance burden and an attack surface. You need to keep the AMI patched, manage SSH keys across the team, control security group...
AWS Savings Plans vs Reserved Instances: Which Saves More in 2026
The biggest bill shock teams get on AWS isn’t from accidental services left running or an exposed S3 bucket. It’s from paying On-Demand rates for workloads that run 24/7. A...
AWS Route 53 Routing Policies: The Complete Guide
Most engineers use Route 53 for one thing: create an A record pointing to a load balancer and move on. But Route 53 has seven routing policies, each solving a...
AWS RDS Proxy: Connection Pooling for Lambda and Serverless Workloads
The problem RDS Proxy solves is simple to describe and expensive to ignore: Lambda functions don’t maintain persistent connections. Every cold start opens a new database connection. At moderate scale...
AWS PrivateLink: Private Connectivity Without NAT or VPN
The default path for a private EC2 instance to reach an AWS service like S3, Secrets Manager, or SSM is through a NAT gateway — $0.045/hour plus $0.045 per GB...
AWS Lambda Cold Starts: Causes, Measurement, and Solutions
A Lambda cold start is a tax you pay every time AWS needs to create a new execution environment for your function. For a Python function with minimal dependencies, that...
AWS FinOps in 2026: Cost Optimization with the Well-Architected Framework
I’ve watched too many teams misunderstand FinOps. They think it means shutting down instances at night or buying bigger discounts. That’s not FinOps. That’s panic cost-cutting. Real FinOps is about...
AWS EventBridge Pipes: Point-to-Point Event Integration Without the Glue Code
Before EventBridge Pipes launched in December 2022, connecting an SQS queue to a Step Functions state machine meant writing a Lambda function that polled the queue, parsed the payload, and...
AWS DevOps Agent: Autonomous Incident Investigation on AWS
On March 31, 2026, AWS made the DevOps Agent generally available. The announcement tweet from @awscloud got 3.3 million views in a week. The reaction from the DevOps community ranged...
AWS Compute Optimizer: Right-Sizing EC2, Lambda, and ECS Automatically
Most AWS accounts run EC2 instances that are the wrong size. Not dramatically wrong — nobody runs an m5.24xlarge for a blog — but quietly, consistently over-provisioned. An instance that...
AWS CodePipeline and CodeBuild: CI/CD Pipelines Without Leaving AWS
AWS CodePipeline and CodeBuild give you a CI/CD stack that stays entirely within AWS — no Jenkins to maintain, no GitHub Actions runner infrastructure, no CircleCI seat costs. CodeBuild runs...
AWS CloudWatch Deep Dive: Metrics, Alarms, and Logs Insights
A tweet that reached 17,105 people last January listed the seven AWS services you need to know to get hired. CloudWatch was on it alongside EC2, S3, IAM, Lambda, RDS,...
AWS App Runner: Deploy Containerized Apps Without Managing Infrastructure
AWS App Runner launched in 2021 to fill a real gap: you have a containerized web app or API, you want it running on AWS, and you don’t want to...
AWS App Mesh Is Dead on September 30, 2026 — Your ECS Service Connect Migration Guide
September 30, 2026. That’s when AWS App Mesh stops running.
ArgoCD on EKS: GitOps Continuous Delivery for Kubernetes
GitOps is the practice of using a Git repository as the single source of truth for what should run in your Kubernetes cluster. ArgoCD implements this by watching a Git...
Amazon EKS Capabilities: Managed Argo CD, ACK, and kro Without Running More Controllers
Amazon EKS Capabilities is one of the more consequential EKS launches for platform teams because it moves beyond “managed Kubernetes control plane” and starts managing common platform controllers around the...
Amazon ECS Service Connect: Service-to-Service Networking on ECS
AWS App Mesh is end-of-life as of September 30, 2026. If you run ECS services that communicate via App Mesh, migration is required. The AWS-recommended replacement for ECS workloads is...
Terraform Cloud vs OpenTofu in 2026: Is HCP Terraform Still Worth It?
The infrastructure-as-code tooling market looks different in 2026 than it did three years ago. HashiCorp’s 2023 license change from MPL to BSL fractured the Terraform community, triggered the OpenTofu fork...
GitLab vs GitHub in 2026: What Actually Matters for DevOps Teams
Every few months someone on my team asks whether we should migrate from GitLab to GitHub, or vice versa. In 2026 that question is harder to answer than it was...
Terraform Import in 2026: The Complete Guide Including the New import Block
Every infrastructure team hits this wall eventually. The AWS account already has hundreds of resources — VPCs, security groups, RDS clusters, S3 buckets — that predate any Terraform adoption. Someone...
![GitLab Runner Handbook [2026 Edition]](/wp-content/uploads/sites/5/2026/gitlab-runner-handbook-2026-featured.jpg)
GitLab Runner Handbook [2026 Edition]
GitLab Runner is one of those tools that sits at the heart of GitLab CI/CD. It picks up the jobs you define in your pipeline and runs them, reporting results...
GitLab CI Deploy to AWS: Elastic Beanstalk, ECS Fargate, and App Runner in 2026
I’ve been deploying to AWS from GitLab CI for years. The patterns have shifted. In 2021 the answer was almost always Elastic Beanstalk — it was the lowest-friction path from...
Testing in DevOps: Strategies That Actually Work in 2026
Most teams do not have a testing problem. They have a feedback-latency problem. Code gets written, pushed, and the first signal that something is wrong arrives from a production alert...
DevOps for Microservices: Enhancing Scalability in Startup Environments
Startups face a choice: build a monolith and tear it apart later, or start with microservices and add DevOps practices from day one. Most teams that pick the second path...
Microservices vs Monolithic Architectures
Picking an architecture style matters. A lot. You either go with a monolith, which is basically one big codebase where everything lives together, or you split things into microservices, where...
Supercharging System Scalability with Event-Driven Architectures
Can traditional systems handle the expectations we have now for instant responses and real-time engagement? Imagine a system that reacts immediately to what users do, and can handle thousands or...
Revolutionizing App Development: Serverless Operational Model
Think of it this way: what if the servers running your app could scale up automatically when traffic spikes, and scale down when it’s quiet, without you touching anything? That’s...
Key Considerations for Building Scalable Modern Apps
The Importance of Modern Application Development
Unleashing the Power of AI & ML in Enhancing Cloud Security
As cloud usage grows, data spreads across servers everywhere. This creates a real problem: traditional security tools cannot keep up with cybercriminals who move fast and adapt faster. AI and...
Unlock Savings with DevOps Engineers: Maximizing Efficiency
The Role of DevOps Engineers in Cost-Saving
Introduction to DevSecOps with GitLab CI/CD
In software development, security and efficiency matter. DevOps has changed how teams build, test, and deploy software, enabling faster delivery and collaboration between development and operations. However, with evolving security...
The Future of Software Development: AI and DevSecOps
Welcome to DevSecOps and Artificial Intelligence (AI) in software development. This post explores how AI fits into the DevSecOps landscape and how teams handle modern software development challenges.
Harnessing Generative AI for Efficient in DevOps
Cloud services run fast, and when they don’t, customers leave. That’s the reality of running anything online today. Downtime costs money. Latency costs customers. If you’ve ever watched your error...
Breaking Down Barriers: GitLab and Jenkins in Modern DevOps
This article compares GitLab and Jenkins, two popular DevOps tools. We’ll explore their strengths and weaknesses to help you decide which fits your needs.
The Advantages of Implementing CI/CD
If you’ve been watching software teams for any length of time, you know the old way of doing things: developers finish their code, hand it off to testers, who then...
The Comprehensive Guide to OpenSearch for Observability
This guide covers OpenSearch, an open-source, distributed search, log analytics, and data visualization technology used by DevOps organizations.
The Potential of Kubernetes Service in DevOps for Machine Learning
DevOps combines software development and IT operations, which shortens system development cycles and enables continuous delivery. Machine learning needs significant computational resources to process large amounts of data quickly. This...
SDET in 2026: What Actually Gets You Hired vs. What Gets You Trapped in Mediocrity
I want to start with something nobody puts in SDET job postings: the role is a landmine for career stagnation if you let it be.
SaaS vs. PaaS vs. IaaS: Discover the Right Cloud Model
Cloud computing changes how businesses work. But if you’re thinking about moving away from managing your own IT, you need to know what options are actually available.
Cloud Migration: A Practical Guide to Moving Without Breaking Things
I’ve watched three cloud migration projects fall apart. Not because the technology failed — the tech almost never fails. They failed because nobody planned for the human and process side...
Practical Examples of GitLab CI YML
In this tutorial, we’ll walk through a real project that needs a GitLab CI/CD pipeline. We’ll look at actual working examples and explain why gitlab ci yml examples matter in...
A Comprehensive Guide to Mastering Terraform Lambda Modules
A DevOps team at a growing company needed to handle automation and event-driven responses across multiple applications. Managing numerous Lambda functions individually became unwieldy. Terraform provided a way to solve...
How To Set Up Site-to-Site VPN Connections In The Azure Portal
When you want to use IP replication between the recovery site and the on-premises production site, you must configure a site-to-site VPN connection. Before establishing the connection, there are some...
AWS Enhanced Networking: The Ultimate Guide for Beginners
AWS Enhanced Networking improves how your EC2 instances talk to each other. It uses technologies like the Elastic Network Adapter (ENA) and Single Root I/O Virtualization (SR-IOV) to deliver faster,...
Hire DevOps Developers: Ultimate Solution for Your IT Department
Software development has evolved quickly over the years. Businesses now face pressure to deliver high-quality products faster due to increasing demand for software and apps. DevOps and Site Reliability Engineering...
Terraform Destroy: Why, When, Where, and How to Use It
Terraform lets you manage cloud infrastructure through code instead of clicking around in web consoles. Define what you want, apply it, and Terraform figures out how to make it happen....
Terraform Apply: The Definitive Guide
Terraform is an open-source infrastructure as a code tool that lets you create, change, and improve infrastructure safely and predictably.
Cloud Computing in Education: Definition, Benefits, and Examples
If you have spent any time in education over the past decade, you have probably noticed that the way people share files, collaborate on projects, and access course materials has...
Why Terraform is an essential tool for DevOps Engineers
As a devops engineer, managing infrastructure eats up a lot of my time. Keeping track of dozens of components, making sure everything talks to each other correctly - it adds...
Terraform's lookup Function: The Map Access Patterns That Actually Matter in Production
The lookup function in Terraform is one of those tools that seems trivial until you’re staring at an error at 11pm and realizing you’ve been using it wrong for six...
DevOps Engineer or Software Engineer? Which one is the best?
So you’re trying to decide between DevOps and Software Engineering. I get it—these roles blur together more than most job postings let on, and the advice out there is usually...
AWS API Gateway with Nginx and WAF
I ran into an interesting architecture problem recently. We had multiple Web Applications running on EC2 instances behind AWS API Gateway, and we needed to add a WAF without breaking...
How to use Terraform Null Resource – Examples!
If you’ve worked with Terraform for a while, you’ve probably hit situations where you need to run something that doesn’t fit neatly into a cloud resource. Maybe you need to...
GitLab Roles – How to define Permissions
If you’re working with GitLab, you’ve probably noticed that managing who can do what gets complicated fast. This post walks through the built-in roles GitLab gives you, what each one...
Why and How you should use Terraform Modules
I’ve gotten quite a few requests to write about Terraform Modules. The topic comes up a lot because people get confused about where modules end and resources begin. Let me...
How Serverless Architecture Can Help with Building Software Applications
Serverless sounds like a new thing, but it’s actually been brewing for decades. Back in the 1950s, computing cost an arm and a leg — we’re talking hundreds of dollars...
What no one tells you about AWS Auto Scaling Group!
Most people know that Auto Scaling Groups monitor your servers and adjust capacity based on traffic. That’s the basic pitch, anyway.
How does AWS contribute to DevOps?
With the evolution of Cloud Computing, the way we access applications and databases has changed. We now access these things over the internet, which has pushed the Cloud Computing providers...
Parsing XML with Python and XPath: A Practical Pipeline Guide
Last year I spent two days debugging a build pipeline because our CI system was reading the wrong version from a Maven POM. The XPath query looked correct, but it...
The easiest way to define AWS Tag in your Terraform Code.
AWS tags let you attach custom key-value pairs to just about any resource in your account. If you’ve ever tried managing tags manually across dozens of resources, you know it...
![Terraform Plan [Tricks] – What you should know about](/wp-content/uploads/sites/5/2022/06/terraform-plan-feature.png)
Terraform Plan [Tricks] – What you should know about
When you start learning Terraform, the first thing you’ll run is terraform plan. It sounds simple, but understanding what it does will save you from costly mistakes later.
Terraform and Ansible: The Integration That Actually Works (And the Parts That Will Ruin Your Weekend)
Here’s the setup: you need to provision infrastructure and then configure it. Terraform does the first part beautifully. Ansible does the second part beautifully. The moment you try to make...
Infrastructure as Code Tools
If you are moving to the cloud, infrastructure as code (IaC) should be part of your toolkit. It helps teams ship faster and keeps environments consistent. But you need the...
![Protect Passwords in the Cloud [Full Project Review]](/wp-content/uploads/sites/5/2022/06/protect-passwords-in-cloud.png)
Protect Passwords in the Cloud [Full Project Review]
I want to walk you through a real project I worked on. The ask was straightforward: go through all our applications and yank out any passwords that were hardcoded in...
Terraform Random Password
Here’s a quick way to generate random passwords with Terraform. This comes in handy when you’re setting up RDS, AWS Secret Manager, MSK, or anything else that needs authentication. The...
How to target resources on Terraform
When you run terraform apply without any flags, Terraform applies all the changes in your plan at once. If you’ve ever worked on a large Terraform project, you know how...
Terraform Dynamic Block
Terraform lets you manage a lot of infrastructure declaratively, but sometimes you need to repeat the same nested block configuration multiple times – with slight variations. That’s where dynamic blocks...
How to use AWS Secret Manager
AWS created Secrets Manager after hearing from customers that managing secrets was critical but difficult. IAM Roles help because they provide temporary credentials automatically. Attach a role to an EC2...
Terraform Conditional
Terraform is a declarative language. That means you describe the desired state, and Terraform figures out how to get there. Unlike procedural languages, you don’t write step-by-step instructions.
Terraform Environment Variables
If you have been working with Terraform for a while, you probably already know that environment variables can make your life easier, especially when running Terraform in CI/CD pipelines. You...
Terraform Debug
When Terraform does not do what you expect, you need to figure out why. This post covers the debugging tools Terraform gives you and how I use them in practice....
Terraform Variable Types
I want to walk you through Terraform variable types. If you’ve worked with other programming languages, you’ll find Terraform’s approach familiar. Variables hold your data, and you need to know...
![GitLab Webhooks [Python and Google Chat Example]](/wp-content/uploads/sites/5/2022/04/gitlab-webhooks-feature.webp)
GitLab Webhooks [Python and Google Chat Example]
Webhooks let GitLab push HTTP requests to your app when something happens. You can use this to get notified or trigger automation without polling an API.
GitLab CI Cache
If you run the same pipeline over and over, waiting for npm install or bundle install every time, you start wondering if there’s a better way. There is. GitLab CI...
Terraform Workspaces
If you’ve used Terraform for any serious infrastructure work, you’ve probably felt the pain of managing separate state files for dev, staging, and production. That’s exactly what workspaces solve.
GitLab CI Artifacts
Artifacts let you persist files between CI/CD jobs. If your pipeline produces build outputs, test reports, or any other files you need later, GitLab stores them as artifacts. You can...
![Terraform State [Complete Guide]](/wp-content/uploads/sites/5/2022/02/terraform-state.png)
Terraform State [Complete Guide]
Terraform needs to track state about your infrastructure. This state tells Terraform how your configuration maps to real resources already running in the cloud, stores metadata about those resources, and...
![Terraform Taint [Replace Resource]](/wp-content/uploads/sites/5/2022/02/terraform-taint.png)
Terraform Taint [Replace Resource]
Sometimes a resource goes sideways and Terraform loses track. Maybe an application inside a VM crashed while the VM itself keeps running. Or someone manually patched a database server outside...
What is AWS SNS?
Let’s look at another AWS service for decoupling your applications. This one’s called Simple Notification Service, or SNS.
GitLab CI Rules – Change Pipeline Workflow
GitLab’s rules keyword gives you control over whether a job runs or gets skipped. You build these rules from conditions that check variables and events.
![SQS Dead Letter Queue [Complete Guide]](/wp-content/uploads/sites/5/2022/01/sqs-dead-letter-queue-feature-e1645067139414.png)
SQS Dead Letter Queue [Complete Guide]
This article explains how SQS dead letter queues work and when to use them. If you haven’t read our SQS queue overview, start there first.
![AWS SQS – All Topics that you need to know [Exam Tips]](/wp-content/uploads/sites/5/2021/12/amazon-sqs-feature.png)
AWS SQS – All Topics that you need to know [Exam Tips]
Let’s talk about how to decouple applications using poll-based messaging. I’ll walk you through what SQS does, the key settings you’ll touch in practice, and how visibility timeout keeps your...
![Decoupled Architecture [Exam Tips]](/wp-content/uploads/sites/5/2021/12/decouple-architecture-e1645067426316.png)
Decoupled Architecture [Exam Tips]
If you haven’t read it yet, check out our post on horizontal vs vertical scaling. Now let’s talk about what decoupling your applications actually means and how to design a...
![Launch Template vs Launch Configuration [Exam Tips]](/wp-content/uploads/sites/5/2021/12/Launch-Template-vs-Launch-Configuration-FeatureImage.png)
Launch Template vs Launch Configuration [Exam Tips]
If you have launched EC2 instances through the wizard, you know it involves a fair amount of clicking. Image ID, instance type, network, security groups, storage – it adds up....
Horizontal vs Vertical Scaling in AWS
There are two ways to scale in AWS: vertical and horizontal. I want to start with vertical scaling because it’s the approach most of us learned first. Then we’ll get...
![Spot Instances in AWS [Complete Guide]](/wp-content/uploads/sites/5/2021/12/20211218_080245_0000-e1645067831720.png)
Spot Instances in AWS [Complete Guide]
I have been running workloads on AWS for years, and one of the easiest ways to cut your EC2 bill is Spot Instances. In this post I will walk through...
Optimize S3 Performance
S3 is fast out of the box, but there’s a difference between “works fine” and “handles serious traffic.” This post covers how to push S3 harder without resorting to Transfer...
Gitlab Remove Project – Faster and Secure Way
I had to clean up a bunch of old projects on GitLab recently, and figured I’d write this down while it’s fresh. If your GitLab instance has too many abandoned...
![Terraform Count [Save your time by using it]](/wp-content/uploads/sites/5/2022/04/terraform-count-e1645067624213.webp)
Terraform Count [Save your time by using it]
Terraform is a solid tool for describing your infrastructure as code. But if you need to create multiple resources that are nearly identical, copying and pasting the same block gets...
Terraform Output – What you should know
Terraform outputs are how you get data out of your infrastructure. If you have ever run terraform apply and seen those printed values at the end, those are outputs. They...
Terraform Data – What is and How to use it.
Terraform manages cloud infrastructure as code. You describe what you want, and it figures out how to make it happen. Like any programming language, Terraform has features that aren’t obvious...
Terraform Locals
If you have spent any time writing Terraform, you know that your configurations can get messy fast. You end up repeating the same expressions, hard-coding the same values, and before...
Adding SSH Key on Gitlab – Speed up SSH communication
If you work with GitLab, you probably type your username and password every time you push code. It gets old fast. SSH keys fix that: once set up, GitLab authenticates...
Terraform Template File
Terraform has a handy way to render configuration files dynamically by injecting variables into templates. If you have ever needed to generate a user-data script, a config file, or a...
AWS KMS vs CloudHSM
Let’s talk about CloudHSM and how it compares to KMS. In my previous post, I covered AWS KMS in detail, including command-line examples.
Setup Gitlab Runner with AWS ECR – Authenticate into Private Repository
Setup Gitlab Runner with AWS ECR
AWS KMS CLI
I work with AWS KMS regularly, and in this post I want to share what I’ve learned about the key management service and how to use it from the command...
Run Terraform from Gitlab CI
GitLab is more than a code repo. You can build, test, and deploy straight from it. If you are already working with Infrastructure as Code, you probably use Terraform locally....
Gitlab Rename Branch
Renaming a branch in GitLab is straightforward, but the exact steps depend on what kind of branch you’re dealing with. Here’s how to handle it.
![Gitlab CI Variables [Complete Guide]](/wp-content/uploads/sites/5/2021/09/Gitlab-variable-Project-feature-image.png)
Gitlab CI Variables [Complete Guide]
GitLab CI is a solid choice for building and deploying applications. You get automation, full change tracking, and a pipeline system that handles the heavy lifting.
How to execute Cloud Formation on Gitlab
I wanted to share how I set up CloudFormation templates to run through GitLab CI/CD. If you’ve been writing templates and running them manually from your terminal, moving the whole...
Autoscaling GitLab CI on AWS Fargate
I have been running GitLab CI at scale for a while now, and one thing I keep running into is the need for more hardware as applications get more complex....
![Build Docker Image on Gitlab [without dind and with AWS ECR]](/wp-content/uploads/sites/5/2021/09/20210915_071225_0000.png)
Build Docker Image on Gitlab [without dind and with AWS ECR]
Building a Docker image on GitLab sounds simple, and it usually is – until you hit caching problems or try to push to a remote registry. I ran into these...
![Gitlab Runner and Maven – Guide [With the efficient cache method]](/wp-content/uploads/sites/5/2021/08/20210819_212215_0000.png)
Gitlab Runner and Maven – Guide [With the efficient cache method]
If you are building Java applications, you need Gitlab Runner and Maven in your CI/CD pipeline. This post walks through everything required to get your Java project building on Gitlab,...
![Sonarqube with Docker and Javascript [Everything That You Need to Know]](/wp-content/uploads/sites/5/2021/08/Images-Feature.png)
Sonarqube with Docker and Javascript [Everything That You Need to Know]
If you want to analyze a JavaScript project with SonarQube but don’t want to install Java, Node.js, and a bunch of other tools on your machine, Docker is the way...
Creating Linux Users the Right Way: Beyond useradd
I’ve broken a production server twice by creating users wrong. Once by assigning the wrong UID. Once by not understanding how the primary group assignment works. Neither time was obvious...
How to use Sonarqube with Docker and Maven
I’ve been using SonarQube with Docker and Maven for years, and it’s still my go-to setup for local development. Let me walk you through how I run it without spending...
Terraform Tutorial: Drift Detection Strategies
Teams sometimes assume their infrastructure-as-code templates are the final word on what’s running. That’s rarely true for long. Configuration drift — the gap between what your code says and what’s...