Recent Posts

Secure credentials for ECS tasks using the EC2 Parameter Store

In case you haven't been following along, AWS ECS has improved dramatically since my first hands-on experience with it back in 2014. While still not as fully featured and certainly not as pluggable as Kubernetes, I believe that ECS is now the best choice for most containerized workloads. The integration with other services (IAM, ALB, ECR) are hard to accomplish with any other system, and you're relieved of any and all cluster management. And I would wager that it's easier to get security right with ECS than with any other container scheduler.

Tooling around with CloudFormation helpers

Pretty much everybody can agree that working with CloudFormation is a bit, shall we say, cumbersome. Dare I attempt to recite its shortcomings? No, I dare not. Okay, maybe just a few...

Blue moon update

Full time consulting life working at home turns out be, well, quite a lot of work! But finally I'll make time for a few thoughts and updates.

Serverless: what's in a name?

The *serverless* moniker is rubbing a lot of people the wrong way. A cursory search for #serverless captures the prevailing sentiment:

Encrypting EC2 ephemeral volumes with LUKS and AWS KMS

A project I worked on recently has a business requirement to encrypt data at rest. We had a mid-sized Cassandra cluster on EC2 that, for various reasons, stored data on ephemeral volumes. The system had previously relied on Gazzang (now owned by Cloudera) for on-disk encryption, but according to the operations team it was unwieldy to manage and an "operational bottleneck." I can't attest to that as I wasn't involved in the implementation. I was asked to replace it.