Goal We came across the need to enforce MFA usage on all IAM accounts for security reasons, but we don’t require to limit more AWS permissions so we thought of just telling the users is required and manually deactivate the user if they didn’t activate it after 7 days… But this…

Motivation We’ve been working with gitlab runners for some time now, we have a deploy server that we use to register projects and to make life easier for us, DevOps, on the security point of view (firewall configuration is easier when you use your own server instead of the whole public…

Disclaimer This is a quite technical read, that pretends to show a real world problem and solution. Requires knowledge on Terraform, git and GitHub Actions. The code is along the article, and I will try to explain what it does in an abstract way so it’s easier to understand, however there’s…

The problem with actions Sometime ago I started tinkering around GitHub actions at work, for those who don’t know about them, they are reusable pieces of code that can be integrated into your pipelines. Is a pretty useful feature that allows you to create and maintain reusable actions (like set-up python, execute Ansible etc)…

We recently added some services that requires me, to generate and send accesses to users. I’m a lonely DevOps doing this, so I lose quite some time every week with these access requests. I cannot automate generating some of the secrets, because it requires human interaction or 2FA, but I…

So I’ve been wondering how I could add split tunneling on our VPN, since I’m tired of accepting cookies in German every time I do a google search… I found out that is pretty simple. You only need to add lines to the ovpn profile. Straight to the point You should add the next…

Overview This document aims to show how to allow embedding iframes of panels from Grafana. However there’s a couple warnings. For the embed to work, Grafana must be open to the world and configured with SSL SameSite must be set to ‘none’ therefore, some CSRF attacks are feasible Even after embedding…

You will find cases where you would like to save data easily, securely and make sure you won’t lose it unless the world is ending, for real… We came across this situation, where we needed to save sensitive information, and make sure we won’t lose it whatever it happens. I…

Why? These days everybody has abandoned the idea of running full blown virtual machines and find docker a better tool for local development, or staging/production environments, there’s a lot of reasons for switching to docker but TL;DR is much more faster and lightweight. Our projects where usually made using ansible+vagrant+VB to…