Posted on

DevOps on AWS: Everything You Need to Know

DevOps is renowned for fast methodologies, increased security (in the form of DevSecOps), as well as the quick and easy scalability of software development projects. These advantages make it essential for companies to embrace the DevOps culture as a guarantee of future success and growth. 

At the heart of this change, we have Amazon and its pioneering cloud offering, Amazon Web Services. Being the most popular in the market means Amazon has some of the best services, infrastructure, locations, and support in the market. The amount of trained professionals in AWS DevOps is also the highest among the big three; Google Cloud Platform, Microsoft Azure, and AWS.

Posted on

How to Use AWS IAM Role on AWS EKS PODs

How It Works

It’s possible to attach an IAM role in a Kubernetes POD without using third-party software, such as kube2iam and kiam. This is thanks to the integration between AWS IAM and Kubernetes ServiceAccount, following the approach of IAM Roles for Service Accounts (IRSA).

Attach IAM Role to the Kubernetes POD
Using an IAM Role in a Kubernetes POD

Benefits

There are quite a few benefits of using IRSA with Kubernetes PODs.

Posted on

Secrets Management: Using Vault for Accessing the Cloud Infrastructure

Introduction

In the current IT world, there has been a need for having secured connectivity and having many private objects, which need to be accessible only for a limited set of applications or services. We call this orchestration “Secrets Management.” There are many tools currently available in the market that caters to this need. Some of them are inbuilt with the cloud-like Secrets Manager for AWS or Docker Secrets or Vaults. Today, in this post, we will discuss Managing Secrets by Vault and Hashicorp. There are many features that are exposed by Vault in regards to implementing and securing the application authorization and authentication.

We will discuss how dynamic secrets can be generated by Vault using AWS IAM Policies and how to send them to an application via API-based calls. An advantage of dynamic secrets is that they are generated when they are accessed. Dynamic secrets do not exist until they are read, so there is no risk of someone stealing them or another client using the same secrets. Because Vault has built-in revocation mechanisms, dynamic secrets can be revoked immediately after use, minimizing the amount of time the secret existed.