Taylor Price

Learning how to computer.

Read this first

Require MFA, but not for programmatic access

If you are looking for a way to enforce MFA for users when they log in to the console without limiting their programmatic access, look no further! Attach this policy to users to cut off all their access until they have logged in with MFA. Bonus points here because using this policy, the user is able to log in and configure their MFA on their own! Once MFA has been configured, the user will have to log out, and then back in again with their MFA token.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowAllUsersToListAccounts",
            "Effect": "Allow",
            "Action": [
                "iam:ListAccountAliases",
                "iam:GetAccountPasswordPolicy",
                "iam:ListUsers"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid":
...

Continue reading →


The Definition of Done

What exactly is the definition of done? What steps are required before you can say a feature is done?

The DoD (Definition of Done) should be a simple checklist of activities/steps that should be completed that add value to the product before work is complete. Things like writing code, unit testing, integration testing, documentation, etc. For something to be ‘done’, it must be potentially shippable. Can you confidently ship code that has been written but never tested in any way? Can you ship documentation? The answer in both cases should be no. But if you have code, tests, documentation, etc, you can say that unit of work is done! So, if a developer says a story is ‘done’, but they haven’t provided a completely shippable unit of work, then they aren’t really done! Other members of the team may need to look at the work and complete other portions of the checklist.

The DoD should be an...

Continue reading →


What is DevOps?

DevOps can be a lot of different things depending on the context - a methodology, a culture, a set of tools, a department or job title…

The purest definition of DevOps is a culture of collaboration between Development and Operations (and really, every other department in the company). In a traditional workflow, you have a product team that comes up with a product. They brainstorm features, do design, etc. Once that is done they will pass off that work to development. The development team will take that, spin up local development environments and then implement all the features/design/specs/etc they got from product. At this point, it’s lobbed over the fence to QA, who has to create all the testing plans and such in a hurry (and then of course actually DO the testing), because at this point development is ‘done’, and the company is breathing down their necks to get the product released...

Continue reading →


Let’s Encrypt - certbot-auto

Let’s Encrypt is a free certificate authority that you can use to generate certificates to use SSL on all of your websites! These certificates are short-lived however (90 days), so a bit of automation is required for it to be useful. That’s where tools like certbot (or certbot-auto) come in handy!

You can use these tools to generate certificates and then auto-renew without any human intervention. Here is an easy getting-started guide for using the webroot plugin with certbot-auto.

Get certbot-auto:

cd /usr/local/sbin
sudo wget https://dl.eff.org/certbot-auto

Make it executable:

chmod a+x /usr/local/sbin/certbot-auto

Make directory structure for the acme-challenge file:

mkdir -p <dir_you_are_serving_from>/.well-known/acme-challenge

Note: webroot-path should be set to wherever your server is serving from.

Note2: --debug is required if running this on amazon-linux, as support

...

Continue reading →


Crazy Spaghetti or: How I Learned to Love Simplicity

Perhaps I am somewhat biased (after all, I am writing this on svbtle, which is an extremely simple platform), but I love simplicity. Things don’t have to be complicated to work well, and often you’ll find that things with good design ARE surprisingly simple.

NOW KISS

Or.. Um.. Keep it Simple, Stupid.

I think the Navy got it right - unnecessary complexity should be avoided like the plague. This is a very important thing to remember in automation. There are a ton of tools out there that all claim to do slightly different things to provision environments, orchestrate deployments, manage configurations.. so on and so forth. Those tools are great, but just remember that you don’t have to use all of them.

If your environment and deployment setups are too complicated, not even you will remember where all the moving parts are when you need to make some changes or fix things. Keep the logic...

Continue reading →


Getting quick information about your EC2 instances…

So, something that has always sort of annoyed me - getting IP addresses and other specific information about your EC2 instances has always been a bit clunky. Obviously, there is the awscli, but it isn’t exactly the easiest place to get this information from on the fly… Assuming you don’t have instance IDs memorized. And if you do, please tell me why you know those, but not the IPs of your systems!

There is also the other obvious answer, which is the web console, but that just takes a bit longer than it really needs to, doesn’t it? Logging in, navigating to ec2, selecting the ‘instances’ section, etc.

Anyway, via the cli you can do stuff like filter based on specific attributes to get your results, but it really comes down to having to type all that out and remembering all the syntax and whatnot. I don’t know about you guys, but I don’t want to have to type that stuff out every time I...

Continue reading →


Exercism…

I just want to take a moment to plug exercism.io - anyone who is looking to get help learning a programming language or extending their current knowledge should use this site as a resource. They provide ‘practice problems’ you can work through to hone your skills.

View →


Web Bloat

[edit] As an amusing update to this article, I found this site: http://www.webbloatscore.com/ it turns any page you give it into an image map and then compares that size to your original payload.

I’ve linked an interesting article here, which talks about the ever-increasing size of web pages. Things like advertisements, images, and other eye-candy are continuing to cause page bloat. While there are a number of problems with this, a lot of them boil down to slow page loads. I don’t know about any of you, but when I have to wait more than 2 or 3 seconds for a page to load, I get really frustrated. Especially if it’s a page I have to use on a regular basis. Using tools like ghostery and ublock, I really get a good idea about how much time tracking pixels/ads/etc take to load up. Visiting a certain page without any blocking add-ons enabled, Chrome tells me it takes 4.55 seconds for the page...

Continue reading →


ilom for mac minis

http://www.lantronix.com/it-management/kvm-over-ip/spiderduo.html

This is the closest thing I could find. Seems like a potential solution of you have Macs in your server racks.

View →


Managing certificates with Chef and Windows

Managing stuff on windows with Chef can be tough.. Especially compared to Linux systems. I’ve been doing it like this:

pfx.each do |pfx|
    s3_file 'c:/chef/' + pfx do
        remote_path '/' + pfx
        bucket 'chef'
        aws_access_key_id node['iis']['aws_key']
        aws_secret_access_key node['iis']['aws_secret']
        action :create
        not_if {::File.exists?("c:/chef/{pfx}.zip")}
    end
    execute 'import pfx' do
        command "c:/chef/importpfx.exe -f c:/chef/{pfx} -t MACHINE -s MY -p \"{pass}\""
    end
end
cert_map = pfx.zip(cert, ip)
cert_map.each do |pfx, cert, ip|
    powershell_script 'bind cert' do
        code <<-EOH
        $var = dir cert:\\LocalMachine\\my | grep {cert}
    $pos = $var.IndexOf(" ")
    $sub = $var.Substring(0,$pos)
    netsh http add sslcert ipport={ip}:443 certhash=$sub appid={ab3c58f7-8316-42e3-bc6e-771d4ce4b201}
    EOH
    not_if
...

Continue reading →