AWS

AWS PrivateLink has long been the go-to solution for private connectivity of services within a region. Until recently, sharing services across regions required VPC peering or transit gateways — and sometimes even the creation of “outpost” VPCs to serve as transit VPCs. All that changes with the native Cross-Region PrivateLink solution. 1 — The “Gymnastics” of Terraform‑Based Inter‑Region PrivateLink Before December 2024, if you wanted a private interface endpoint in Region B for a service hosted in Region A, you have two options: ...

Managing cloud resources has really changed with the Infrastructure as Code (IaC) approach, and Terraform has become one of the best tools for the job. But as things get more complicated, it can be difficult to keep your Terraform code clean, efficient and secure. Just as software developers use tools such as linters and documentation generators, infrastructure engineers also need specific tools to ensure that their Terraform code is ready for production. ...

Open source, highly available Prometheus setup with long term storage capabilities. Prometheus has clearly established itself as the benchmark solution for metrics collection and alerting in cloud-native environments. Its pull-based architecture, powerful query language (PromQL) and extensive ecosystem have made it an essential tool for DevOps and SRE teams. However, as organizations scale their Kubernetes deployments across multiple clusters and regions, they often hit limits with Prometheus. That’s where Thanos comes in, offering a set of components that extend Prometheus’ capabilities and address its scalability challenges. ...

Providing secure access to cloud infrastructure is one of the biggest challenges facing IT professionals today. AWS Client VPN offers a robust solution to this challenge, providing a managed client VPN service that enables secure access to AWS resources and on-premises networks. In this guide, I’ll explain everything you need to know to get started with AWS Client VPN. What is AWS Client VPN? Think of AWS Client VPN as your secure tunnel into AWS. It’s a managed VPN service that lets your team safely access AWS resources from anywhere in the world. Unlike traditional VPN solutions that require extensive setup and maintenance, AWS Client VPN handles most of the heavy lifting for you. ...

EKS Pod Identity or IAM Roles for Service Accounts (IRSA) ? Photo by Isfak Himu on Unsplash Managing secure access to AWS resources has always been a major concern in EKS and a headache for cluster administrators. IRSAs (IAM Roles for Service Accounts), which we’ve covered in detail in this article, have been very useful in facilitating this process since their introduction in 2019, but had many limitations and required significant configuration and maintenance effort. ...