Tag Archives: devsecops

Cloud Connectivity in AWS: Choosing Between NAT and Internet Gateways

October 29, 2025Techaws, cloud, cloudcomputing, cybersecurity, devops, devsecops, Gateway, IGW, Internet, NAT, secops, security, sysadmin, sysopsHarout

During a few of my AWS Cloud infrastructure build outs, client team members tend to wonder and ask why I use both Internet Gateway service, as well as a NAT Gateway service when setting up the network layer of the environment. Some with advanced networking knowledge made a point stating that we could skip the NAT configuration, and use the Internet Gateway service for all Internet access, which technically is true, and can be done. As a matter of fact, for smaller configurations with limited complexity requirements, that is a common practice; a single Internet Gateway service for all ingress/egress Internet traffic.

But why is that in other complex and large environments, especially where security is of a high concern, we tend to use different internet facing Gateway services? and what is the benefit of doing so?

Continue reading →

Back Up and Running in Cloud Native

February 20, 2023Techautomation, aws, cloud, cloudcomputing, cloudfront, cloudnative, cybersecurity, devops, devsecops, lightsail, networksecurity, S3, secops, security, sysadminHarout

Finally had the time to rebuild and refresh the blog site. gotsudo.com in now full Cloud Native running in AWS (has always been, however in a more traditional server-based installation).

The recent migration included an AWS Lightsail service that provides various bundles of OS/applications, which in my case is WordPress running on Linux. Various tiers are also available to fit every budget out there.

I decided to take things a step further, and serve the public facing version of the website in a static configuration, leveraging AWS S3 to host the site files, with AWS CloudFront caching layer sitting upfront for the parent gotsudo.com address.

This allows me to limit access to the actual WordPress site running in Lightsail, transforming it to a true authoring and publishing site, rather than a public front-facing one.

Various WordPress plugins are available that can easily produce a static version of the website, and can also integrate with AWS services (or any other CSP) to auto publish files into S3 or any other repository of choice. While these make things much easier and more integrated, I decided to air-gap the systems, allowing me to selectively produce the published files and upload them to S3 using other means of tailored automation.

Later on, I may add some more integrations to the site, however at this point I’m quite happy with how far it came over a busy weekend’s time.

Cloud Compute Concerns

February 16, 2023Techaws, cloud, cloudcomputing, devops, devsecops, ec2, reasonstogoserverless, serverless, sysadmin, sysopsHarout

source: https://www.goodtechthings.com/realization/

Vacation days with no connectivity be like … 😅

Every Cloud Architecture

January 12, 2023Techcloudarchitecture, cloudcomputing, cloudnetworking, containers, dataanalytics, datalake, devops, devsecops, infrastructure, sysops, techopsHarout

Source: https://www.goodtechthings.com/every-cloud-architecture/

I recall a few environments that fit this narrative 🙂

Error is Good!

November 19, 2022Techcloud, development, devops, devs, devsecops, sdlc, sysadmin, systemsHarout

In many cases, key pointers towards success are hidden in a sequence of undesirable outcomes.

Continue reading →

Multilingual Passwords

October 15, 2022Techcyber, devops, devsecops, passwordcracking, passwordmanagement, passwords, secops, security, securityawareness, securitycompliance, sysadminHarout

Benefits of being multilingual in the world of technology: Passwords are so simple to remember, yet meet every password complexity policy being 12 characters long, alphanumeric, Upper case, and special characters 😄

Hold my beer!

October 13, 2022Techcybersecurity, dataloss, datalossprevention, devsecops, holdmybeer, secops, security, securityawareness, whatcouldgowrongHarout

Company: “Our data is encrypted at rest, and in transit. We are SOC2 assessed and HIPAA compliant. Our Cyber team conducts quarterly audits, our Security Ops are 24/7, and our employees go through quarterly security training.”

That one developer about to run a wild query exporting all data to a CSV file: “Hold my beer!”

Invest in Data Access Controls

Uptime…

May 22, 2022Techavailability, devops, devsecops, dns, dnssecurity, engineering, homeoffice, linux, networkinfrastructure, networksecurity, secops, security, sysadmin, uptimeHarout

Remember the days when server up-time was how we measured service availability and bragged about it? This Pi-hole DNS server running on a Debian-loaded mini PC at my home office, is now at 177 days since last reboot, yet is fully patched and running latest version of Pi-hole DNS. Maybe it’s because there are no windows near this mini PC 😏

Pipelines…

May 10, 2022Techconfigmgr, development, devops, devsecops, git, hudson, jenkins, legacy, oldschool, softwareengineering, sysadmin, techops, thinkoutsidetheboxHarout

About 12 years ago, we used a piece of software called Hudson to automate various tasks that were otherwise run by hand. Things like running backup jobs, initiating web server warm-ups, checking on stale DNS records, sending emails reports, executing shell scripts on remote servers, updating firewall rules during peak times of day (think home brew auto-scaling logic), and later on, integrating with Git repositories, and deploying code and config to servers in data-centers.

On a side note, did you know Jenkins used to be called Hudson? It has been around since 2005, and deploying code from Git is only one of the many many things it is otherwise used for by professionals.

Always think outside the box…

Security Assessments

April 22, 2022Techaudits, compliance, devsec, devsecops, secops, security, securityaudit, securityconsulting, securitycontrols, trainingHarout

The deal with security compliance assessments and certifications is not just about that annual or bi-annual point in time, during which auditors certify your establishment as compliant. It’s about whether your organization and all of its individuals follow security guidelines and best practices as outlined in the assessment during their day-to-day operations.

Remember: Once auditors issue a compliance certificate and leave your office, from that point forward, your security is as good as your staff’s training, and discipline to follow security controls.

This is an everyday thing; not once or twice a year thing!