Image for post
Image for post

One of the ways to improve your security and avoid passing around env files is to follow the twelve factor app and start populating your secrets from the environment. Another improvement is to pull those secrets from a known secret store, with features like rotation, auditing etc.

Requirements

  • Ansible
  • Have some secrets stored in AWS Secrets Manager
  • Ansible should have access to the latest aws-cli command(secrets manager is a recent addition)
  • Jq if you’re storing json in your secrets

It’s worth testing your AWS calls to just extract the secret you’re interested in to stdout, from the terminal tests some calls…


Image for post
Image for post

Lambda is a terrific piece of kit for all the benefits listed on the AWS product page and Serverless is a very useful framework for developing Lambda functions. However, developing serverless applications locally is a total pain if what you’re solving isn’t totally trivial.

When things get complicated and your Lambda functions start to integrate with other AWS services, things really begin to break down. …


So I combined a few solutions I found online to come up with a quick way to set up maintenance mode using nginx. Ideally it shouldn’t happen but in times of emergency in can be good to knock up a quick maintenance page for everyone but your own internal ips.

Nginx Config

So here’s the configuration I use for nginx, it starts with setting the internal ips of your company in the main nginx config file. …

About

Shane Dowling

Senior Dev at gousto.co.uk. Runner and terrible guitar player.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store