Blog | Nubis Morocco

Welcome to the Nubis Morocco blog! Here you’ll find the latest articles, tutorials, and insights on AWS, cloud computing, DevOps, and more.

Browse our content by categories:

AWS - Amazon Web Services tutorials and best practices
DevOps - CI/CD, automation, and infrastructure management
Kubernetes - Container orchestration and cloud-native development
Cloud Security - Best practices for securing cloud infrastructure
Tutorials - Step-by-step guides and hands-on learning

Secure Secrets Management in Terraform Part1: Leveraging AWS KMS

Secure Secrets Management in Terraform — Part1: Leveraging AWS KMS One of the key principles of modern Infrastructure as Code is the secure management of sensitive information. In thins first part of our series about secure secrets management in Terraform/OpenTofu, we will focus on the use of AWS Key Management Service, better known as KMS, to securely encrypt and manage secrets with Terraform/OpenTofu. Prerequisites AWS Account with appropriate permissions Terraform/OpenTofu installed AWS CLI configured AWS KMS First, let’s create a KMS key with proper permissions and configurations: ...

Thanos Deep Dive: Addressing Prometheus Limitations at Scale

Open source, highly available Prometheus setup with long term storage capabilities. Prometheus has clearly established itself as the benchmark solution for metrics collection and alerting in cloud-native environments. Its pull-based architecture, powerful query language (PromQL) and extensive ecosystem have made it an essential tool for DevOps and SRE teams. However, as organizations scale their Kubernetes deployments across multiple clusters and regions, they often hit limits with Prometheus. That’s where Thanos comes in, offering a set of components that extend Prometheus’ capabilities and address its scalability challenges. ...

AWS Client VPN: A Practical Guide to Secure Infrastructure Access

Providing secure access to cloud infrastructure is one of the biggest challenges facing IT professionals today. AWS Client VPN offers a robust solution to this challenge, providing a managed client VPN service that enables secure access to AWS resources and on-premises networks. In this guide, I’ll explain everything you need to know to get started with AWS Client VPN. What is AWS Client VPN? Think of AWS Client VPN as your secure tunnel into AWS. It’s a managed VPN service that lets your team safely access AWS resources from anywhere in the world. Unlike traditional VPN solutions that require extensive setup and maintenance, AWS Client VPN handles most of the heavy lifting for you. ...

EKS Pod Identity or IAM Roles for Service Accounts (IRSA) ?

EKS Pod Identity or IAM Roles for Service Accounts (IRSA) ? Photo by Isfak Himu on Unsplash Managing secure access to AWS resources has always been a major concern in EKS and a headache for cluster administrators. IRSAs (IAM Roles for Service Accounts), which we’ve covered in detail in this article, have been very useful in facilitating this process since their introduction in 2019, but had many limitations and required significant configuration and maintenance effort. ...

Exposing Ports in Kubernetes: What You Should to Know

Kubernetes is a popular tool for managing containerized applications. However, there are a few misunderstandings about how it works. One of the most common misconceptions concerns port exposure in Kubernetes pods. This article explains the truth about port exposure in Kubernetes. The Misconception Like many newcomers to Kubernetes, I initially thought that only the ports specified in the pod manifest would be exposed and accessible. The ports field in the YAML file seemed to be a natural place to define which ports were to be opened, in the same way that a traditional firewall is configured. This assumption led me to believe that any port not explicitly declared would be closed and unreachable. ...