Posts

Showing posts from January, 2017

A Chrome Plugin: IsItUp serverless service dashboard

Image
A coworker created a Chrome Extension that acts as a zero-infrastructure dashboard. It provides a simple home page that displays service health and support or documentation links related to that service.  The plugin reads JSON file/text to make service calls and build the dashboard. The following picture shows 5 services across up to 6 environments.  The top service does not have a Production environment. The bottom service represents a 3rd external service that has one test environment and one production environment. The  IsItUp  chrome executes health checks via HTTP/HTTPS calls.  The extension requires connectivity to the services being monitored. Video Walk-through The video explains various cell examples and describes how the extension might be used. The plugin used for the video was downloaded from the  Chrome Web Store  . Video created with version available Jan 21 2017 Cell Explanation Each cell contains one Service Status plus any number of supporting links.

A Chrome Plugin: Highlighting your AWS Account

Image
I'm working on a set of projects based in AWS. Our projects have somewhere between 7 and 9 different environments representing different levels of software maturity.  Production is the most restricted.  Development is the least restricted.  The rest fall somewhere in between. The company partitions the different levels of their SDLC into separate AWS accounts. Each account can have multiple environments that are of similar concerns and access controls. AWS account isolation makes it easy to identify and implement security rules and vary developer , dev-ops and operations access based on the account. The diagram at right shows a typical 3 account set-up where some of the accounts contain multiple environments. Our company actually has over 20 accounts used for various pre-prod, prod and partner purposes The AWS Console. The AWS console lets a user operate in a single account at one time.  Enterprise users log into the AWS console with Federated User ids that can provide a

Protecting Data in Transit: Trust Chains

Image
Web traffic is protected in-flight  when it is transferred via TLS encrypted links using HTTPS.  HTTPS is a protocol that is based on encryption algorithms using asymmetrical keys.  Asymmetrical keys are managed, packaged and distributed via certificates. Browsers, applications and servers trust certificates and their associated encryption keys based on their trust of the issuing parties known as Certificate Authorities (CA). Public web sites are identified by public/private certificates pairs that are purchased from one of the well known CAs. Their certificate pairs contain an identity component signed by the Certificate Authority and an encryption key that is encrypted by the CA. Server identity is encrypted in the server certificate with the Certificate Authority public key.  Server traffic is encrypted by the server using the private encryption key embedded in the Server's private certificate.   Server traffic is decrypted by clients using the public encryption key embed