David

S3 bucket policy & IAM policy

AWS S3 provide a lot of flexibility on the permission control, you can either attach the policy on the IAM user, buckets or use the pre-canned ACL. That’s no right or wrong way to attach the policy on either IAM or resource level, it’s depend on your use case and you can use both side…

Data encryption using AWS KMS Key

Security always a top priority when come to the system design and development, encryption is vital when deal with sensitive data which prevent the access by any unauthorized user. AWS KMS (Key Management Service) is the service that manages encryption keys on AWS. These encryption keys are called “Customer Master Keys” or CMKs for short. KMS…

Monitoring server with Prometheus + Grafana

Server monitoring is always the major responsibility of system admin, whether you have 1 server or 10 servers, right tools always make your life easy. I will share the installation for Prometheus + Node exporter + Grafana in this article. I will using docker for Prometheus and Grafana, but for Node exporter it’s not recommended…

AWS Certified Solution Architect Professional

Finally, I completed one of the most difficult exam in AWS – Solution Architect Professional, I should be consider myself lucky as I passed the exam on my first attend. One of the biggest bonus that I get from this exam is that my AWS Solution Architect Associate level qualification being extend 3 more years.…

Cloudflare Access – Secure access to internal applications without a VPN

Cloudflare Access is a new innovative products to secure access to internal applications without a VPN. It build a fence around your internal applications no longer works for your global team. Cloudflare Access replaces corporate VPN clients by putting Cloudflare’s global edge network in front of your internal applications. How’s the Cloudflare Access work is…

ELK

Installing Elastalert for ELK Stack

ELK is one of the most famous monitoring stack which come with 2 version, which is commercial version and community version, it’s allow you to store, parse and monitor text data either is log or any unstructured data. ELK is consist of 3 software which is Elastic Log Stack / Filebeat (Log transfer and transformation),…

Provisioning ACM Certificates on AWS with Terraform

AWS Certificate Manager (ACM) is a service from AWS which provide the free on-demand TLS certificate. It’s similar to the Let’s Encrypt which provide the free cert for you, but the difference is that Amazon controls the Certificate Authority (Amazon Trust Services, LLC) behind the certificates, as well as the accompanying API to manage them.…

Installing Nginx Pagespeed Module

PageSpeed is a technology from Google, designed to help a website’s performance optimizations. Faster websites offer a better user experience, boost rankings in Google and increase conversion rates. Pagespeed lets you measure and (automatically) optimize your web pages and comply with web performance best practices. Speed up your web site and boost web performance! Assume…

Accessing S3 using VPC endpoints

VPC endpoint enables creation of private connection between VPC to the supported AWS services. As an example use case, we want to accessing S3 bucket from the EC2, we may need to access it over the public Internet. By travel out from our VPC to the public internet and than come back to AWS S3…

Accessing private EC2 using the bastion host/jump host

This post is continuous post from the previous post – Deploying EC2 with Private and Public Subnet Using Terraform in AWS. Bastion hosts are instances that sit within your public subnet and are typically accessed using the SSH or RDP. The primary role for the bastion host is that it’s act as the “jump” server…

google.com, pub-3772983857049267, DIRECT, f08c47fec0942fa0