DevSecOps on zoph.me

Thoughts on Indie AWS Consulting in 2025

Sun, 25 Aug 2024 13:37:00 +0200

Background

I started my career in the glass industry as a SysAdmin, specifically in a glass factory crafting fragrance bottles and bottles for pharmaceutical industries in the north of France. Since then, I’ve focused on IT security and cloud computing.

After many full-time positions for Microsoft, French Logistic Railroad, and IT consulting firms, I decided to run my AWS consulting boutique by myself 5 years ago.

Just at the beginning of the pandemic, what a visionary…

Proxy Logs: Preserving Client IPs in AWS PrivateLink

Sun, 18 Aug 2024 13:37:00 +0200

Purpose

Recently, I was working on a centralized explicit proxy service for one of my customers using a well-known Squid Internet proxy.

The infrastructure is built on top of a shared AWS account hosting all standard infrastructure services, such as Internet Proxy, SOCKS5 Proxy, DNS Resolvers, ADDC, Centralized logging, and much more.

Consumers are using the Internet Proxy service from multiple child AWS accounts and regions within the client AWS Organization thanks to AWS PrivateLink.

Over Architecting on Public Cloud

Sun, 04 Aug 2024 13:37:00 +0200

Following a post from my friend Julien Delange (Tech Ramblings) on software over-engineering, I want to share my thoughts about over-architecting in my preferred field of Public Cloud Architecture.

Background

I have been doing Cloud Architecture for more than ten years and have seen many different scenarios and use cases, from startups to GAFAM and multiple company verticals, from TV audience measurement to Gambling and Energy Producers. I also frequently challenge my fellow architects’ decisions.

Turn your AWS DevSecOps Pipeline into a bunker

Thu, 18 Jun 2020 13:37:00 +0200

This post was co-authored by Teddy Ferdinand. Who is working as Cloud Security Architect 🐻

Introduction

In this series, we will talk about the emergence of the DevSecOps movement, and more especially, what the benefits are of introducing a DevSecOps approach to your existing CI/CD Pipelines.

CI/CD Pipeline

To give you some context, you will find in the diagram below a standard DevOps CI/CD Pipeline.

DevSecWhat?

DevSecOps could be defined as a shift from a central internal security team to the inclusion of security practices in the existing DevOps teams: DevSecOps 🎉

My Pet Projects

Thu, 30 May 2019 13:37:00 +0200

In this article, I will describe my current pet projects. These are mainly excuses to learn something new, or exercises to go deeper into particular technologies, but could be (I hope) useful for you too.

Don’t hesitate to issue enhancements, bug fixes (PR), or just give it a try and share your thoughts.

Instance Watcher

:construction_worker: Tech: Lambda, Python, Serverless Application Model (SAM), SES

This app will scan your AWS Account against all EC2 regions worldwide and notify you by email when you have some running EC2 instances. It’s useful for non-production environments that you need to monitor. Use case: labs/training, sandbox accounts.

My DevOps toolbox for AWS practitioner

Thu, 14 Feb 2019 22:31:32 +0200

In this post, you will find my best tools to work with if you are playing around with AWS services.

Please let us know yours in the comments below :punch:

Last Update: 2019-02-14

General :construction:

Description	Links
Use multiple AWS Accounts on the same browser using Firefox Containers	Firefox Containers
Facilitate your switch role experience with this AddOn	FF - Extend Switch Roles - Chrome - Extend Switch Roles
Easy way to know your current public ip, using AWS Service	What is my Public IP
Check if any website is hosted on AWS	Is It on AWS?
Test the reachability of EC2 worldwide	EC2 Reachability
A great reference for IAM, needs to be updated	Cloudonaut IAM Reference
AWS Transfer costs are a nightmare, this is intended to help a bit	AWS Transfer Costs
Want to know the current inter AWS Region latency?	Inter-Region Latency
THE REFERENCE (don’t forget the associate Slack)	AWS Open Guide

FinOps :dollar:

Description	Links
Compare all existing EC2 instances, and pricing on a single view, with search capabilities	ec2instances.info
Well known AWS Calculator, a new version is coming	AWS Calc

Infrastructure as Code (IaC) :memo:

Description	Links
Great post if you plan to use VSCode with CFN	VSCode
Linter for CFN, and really up-to-date!	cfn-lint
PyCharm is my preferred IDE for Terraform with this plugin	Terraform

Security / Governance / Hardening :flashlight:

Description	Links
Cloud Governance, Security and compliance made easy	Cloud Custodian
Entirely nuke an AWS Account (warning), for example, training accounts	aws-nuke
Store your AWS credentials encrypted, with other cool features like login	AWS-Vault
Least Privileges tool from 0xdabbad00, using Athena and CloudTrail	CloudTracker
Map / Audit your AWS environments, and much more, Thanks again Scott	CloudMapper

Schema :triangular_ruler:

Description	Links
Schema / Design your Architecture (with new AWS icons)	Draw.io
Same, with some advanced paid features ($)	CloudCraft

See ya Folks.