Migrating from IAM Secret and Access Keys to OIDC for Secure AWS Deployments
Changing our GitHub Action to leverage OIDC instead of hard-coded AWS Secret and Access Keys.
Changing our GitHub Action to leverage OIDC instead of hard-coded AWS Secret and Access Keys.
I previously wrote about Deploying a Jekyll website to AWS S3 with GitHub Actions and AWS CloudFormation. However, as I continue to learn more about AWS, the more tweaks I realize we can make. What I want to walk through today is removing the public access to our S3 bucket which hosts our static site. We will configure an Origin Access Control to allow only CloudFront to access the S3 bucket. There’s one caveat to our use case, but we can resolve that using CloudFront Functions. ...
Tutorial demonstrating how to configure a private Burp Collaborator instance on AWS EC2 behind AWS Route 53 and Let's Encrypt for TLS certificates.
Picking back up where we left off in Part 2 of our homelab automation series, we now have Terraform creating our minimally configured VMs. However, installing and configuring software and settings on VMs can still be a tedious and time-consuming task, especially if you have many VMs and services to manage. This is where Ansible comes in. Overview of Ansible Ansible is an open source infrastructure as code tool that allows you to provision software, perform configuration management, and handle application deployments. Similar to Terraform, it uses a declarative language that is simple to write. Additionally, there are thousands of modules, most can be found at https://docs.ansible.com/ansible/latest/collections/index_module.html. In this article, we will explore how to use Ansible to automate the configuration of our VMs. ...
Picking back up where we left off in Part 1 of our homelab automation series, we now have a cloud-init image that we can use to quickly and easily configure new virtual machines in Proxmox. However, manually creating and configuring each VM can still be a tedious and time-consuming task, especially if you have a lot of them to manage. This is where Terraform comes in. Overview of Terraform Terraform is an open-source infrastructure as code tool that allows you to define and manage your infrastructure as code. This code is a declarative language that is simple to write. In this article, we will explore how to use Terraform to automate the creation of VMs in Proxmox, using the previously generated cloud-init image. But before we can do that, we need to set up Proxmox to allow Terraform to authenticate and interact with the API. ...
Cloud-init is an open-source package which allows the automation of the initial setup and configuration of virtual machines, making it much easier to manage and deploy them. With Cloud-init, we can define a set of instructions, contained within a user-data file, which tells each virtual machine what to do when it starts up. This user-data file can contain instructions such as configuring the network interfaces, setting up user accounts, or installing software packages. By using Cloud-init, we can streamline the process of setting up virtual machines and ensure consistent configurations across all the instances. ...
Introduction article to building a homelab with Proxmox, Cloud-init, Terraform, and Ansible
In this tutorial, we will configure a static website using Jekyll, GitHub Actions, AWS S3, AWS Route 53, AWS Certificate Manager, AWS CloudFront, and AWS CloudFormation. And yes, that sounds like a mouthful, but trust me, it’s not as intimidating as it sounds. To begin, we’ll highlight the main technologies being used and the role they play in our solution. Next, I’ll dive into the roles of each AWS offering used in this architecture, including how CloudFormation is used to create and manage the infrastructure for our website, how Route 53 and Certificate Manager are used to manage our domain, DNS records, and TLS certificates, and how CloudFront will be used for content delivery and caching. ...
Walkthrough showing how to setup Kali Linux as a Docker container and use X11 Forwarding to have a seamless workflow on macOS.