- aws 23
- architecture 22
- terraform 8
- ha 7
- infosec 7
- microservices 7
- caching 5
- patterns 5
- api-gateway 4
- cdktf 4
- iac 4
- iam 4
- nodejs 4
- serverless 4
- bff 3
- ecs 3
- eda 3
- fargate 3
- github 3
- jekyll 3
- lambda 3
- resilience 3
- work-practices 3
- alb 2
- availability 2
- containers 2
- ddd 2
- docker 2
- dynamodb 2
- events 2
- hexagonal-architecture 2
- jeckyll 2
- nines 2
- o11y 2
- python 2
- security 2
- api 1
- aws-cli 1
- career 1
- cloud-native 1
- cloudformation 1
- compliance 1
- cost 1
- cqrs 1
- css 1
- data-mesh 1
- datamesh 1
- design 1
- devops 1
- distributed-systems 1
- dns 1
- eks 1
- enviy 1
- eventbridge 1
- excel 1
- git 1
- hexagonal 1
- ipv6 1
- javascript 1
- jest 1
- json 1
- liquid 1
- mach 1
- monolith 1
- negotiation 1
- nginx 1
- o18y 1
- podman 1
- rest 1
- sam 1
- sandbox 1
- sbom 1
- single-table 1
- solid 1
- sqs 1
- ssh 1
- tagging 1
- team-topologies 1
- testing 1
- threat-modeling 1
- ubuntu 1
- vpc 1
- wasm 1
- webauthn 1
- well-architected 1
- wsl2 1
Architecture
From monolithic to MACH architecture
It’s been a while since my last proper post, but I’ve given a presentation last week that, I believe, deserves to be expanded into a post.
Architecture descriptions in the cloud
This week I have started documenting our target architecture. Now, what I was actually asked to do was “document our target cloud infrastructure”, but I have been there before and believe a formal (ish) overall architecture description is required before diving into any specific problem area.
REST API design resource modeling
Good article about reconciling domain driven design and REST. Quite old, but then again the DDD books I have read are as well, and couched in very old fashion SOA language, which I haven’t had much to do in recent years. Feels like both a trip down memory lane and a refresher 🤨
5 patterns to make your microservice fault-tolerant
Some good info in there about handling failure in downstream services
A quick introduction to clean architecture
Overview (or data dump) of clean architecture concepts
AWs Caching challenges and strategies
Tons of information about caching strategies in this AWS builders library article
Avoiding fallback in distributed systems
Another information packed article from AWS builders library, advising, surprisingly, against fallback strategies
Failure Isolation and Recovery: Learning from High-Scale and Extreme-Scale Computing
Covers a broad swath of resilience issues, with links and references to further material
GROWTH BLOG Scalability and Technology Consulting Advice for SaaS and Technology Companies
Scroll to the bottom to the categories. Lot of good stuff in there.
Google SRE book
TIL that Google book on Site Reliability Engineering is available online!
Hexagonal Architecture: three principles and an implementation example
Interesting dive into hexagonal architecture, ports and adapters, dependencies always facing inward, etc…
Seeing the BFF Pattern used in the wild
Good overview of the BFF Pattern and its relationship with other patterns
The API gateway pattern versus the Direct client-to-microservice communication
Microsoft view on the API gateway and backend-for-frontend patterns
How to keep complexity in check with hexagonal architecture
Description of the use and advantages of hexagonal architecture in frontend components, which would include BFF. (backend for frontend), although they are not referred to as such in this article
Interview with Alistair Cockburn About Hexagonal Architecture… and more
Always fascinating to find out where patterns originated from, from the authors themselves
Layered Architecture: Still a Solid Approach
There is a misconception that layered architectures equate to N-tiers architectures. They don’t and this article supports this (my) interpretation.
Layering Microservices
Another article supporting my view that layering your architecture is good, doesn’t equates to N-tiers and doesn’t clash with microservices, hexagonal and cell based architecture descriptions
DDD, Hexagonal, Onion, Clean, CQRS, … How I put it all together
Aot to unpack in this article, saving it to read later, not convinced about everything in it but worth a proper resd
From monolith to resilient microservices
R
Cloud Native Architecture in Practice
Good summary of the things to look for when architecting for the cloud
API interaction types in a microservice architecture: queries, commands, and events
Nice post with interesting links
Binbash Leverage Documentation
A good reference reference architecture. The documentation is good as well. the leading, easy to deploy, reusable and most automated solution for defining, provisioning and managing your secure and scalable multi-account AWS infrastructure environment.
Aws
From monolithic to MACH architecture
It’s been a while since my last proper post, but I’ve given a presentation last week that, I believe, deserves to be expanded into a post.
Yor: Automated IaC tag and trace
This could be a useful tool
Fargate networking 101
Quick overview of AWS Fargate networking
The Complete History of AWS Outages
Good read, puts things in perspective
iamlive: Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
This could be a useful tool to identify which minimum set of action to allow on my IaC user to allow it to do its works while preserving least privilege.
How to setup a Serverless application with AWS SAM and Terraform
Some good stuff in there. Not exactly what I’m looking for, I think, which is a strong(er) separation of infrastructure and code, but still a good read.
Saving Money By Replacing API Gateway With Application Load Balancer’s Lambda Integration
Our AWS support architect (whatever their title actually is) has pointed out that our planned use of API Gateway could prove quite expensive, and that, on the face of it, the Application Load Balancer might be all we need.
I am therefore doing my own research, and this article supports their argument.
Tips to prevent a serverless wreck
Nice simple article pointing to some useful reference material
Serverless.tf
serverless.tf is an opinionated open-source framework for developing, building, deploying, and securing serverless applications and infrastructures on AWS using Terraform.
Do not use AWS CloudFormation
A useful comparison of Terraform and Cloudformation
AWS Fargate: Understanding the Networking and Security Considerations
First part of this article provides a simple overview of fargate networking
ECS vs. Fargate: What’s the difference?
Things I know or think I know but fail to explain easily
Ws Security Documentation by Category
This is worth bookmarking - a list of all AWS services security pages
AWS and IPv6
Besides more IPs, what are the benefits of adopting all ipv6 and is it practical today?
Serverless Container-based APIs with Amazon ECS and Amazon API Gateway
This blog post guides you through the details of the option based on API Gateway and AWS Cloud Map, and how to implement it: first you learn how the different components (Amazon ECS, AWS Cloud Map, API Gateway, etc.) work together, then you launch and test a sample container-based API.
Application Load Balancer-type Target Group for Network Load Balancer
This new feature allows AWS customers to directly register an ALB as an NLB target, eliminating the need to actively manage changing ALB IP addresses. This is achieved by making use of a newly introduced Application Load Balancer-type target group for NLB.
AWS Access Keys - A Reference
AWS Access Keys are the credentials used to provide programmatic or CLI-based access to the AWS APIs. This post outlines what they are, how to identify the different types of keys, where you’re likely to find them across the different services, and the order of access precedence for the different SDKs and tools.
A Detailed Overview of AWS API Gateway
Tons of useful details in this article
Cross-account role trust policies should trust AWS accounts, not roles
Found this in the context of access control to event carried sensitive data
Binbash Leverage Documentation
A good reference reference architecture. The documentation is good as well. the leading, easy to deploy, reusable and most automated solution for defining, provisioning and managing your secure and scalable multi-account AWS infrastructure environment.
AWS Routing 101
Good summary of routing in aws
AWS: 10 Things You’re Probably Doing Wrong as an Architect
A few gotcha worth knowing about in this article
Lessons Learned From Running Serverless In Production
Great blog entry feom the serverless monk
Aws-certification
Briwser
Ddd
REST API design resource modeling
Good article about reconciling domain driven design and REST. Quite old, but then again the DDD books I have read are as well, and couched in very old fashion SOA language, which I haven’t had much to do in recent years. Feels like both a trip down memory lane and a refresher 🤨
DDD and Messaging Architectures
TA ververy useful list of patterns
Data
Devoos
Devops
How to setup a Serverless application with AWS SAM and Terraform
Some good stuff in there. Not exactly what I’m looking for, I think, which is a strong(er) separation of infrastructure and code, but still a good read.
Dynamodb
Exporting DynamoDB Data to Excel using Lambda with s3 on AWS
This is something I might need to replicate for my current project,where my dynamodb is just a staging stage before the data is eventually sent to our data lake. In the meantime, emailing the data to my colleagues in marketing will do nicely 😁
Safe List updates with DynamoDB
More dynamodb stuff I should really know already
Fidi
Git
Configuring Git to use the proper SSH key across multiple remote repositories
The new job uses both GitLab and BitBucket, and mandates SSH to access both.
Iam
Defining IAM Policies with Terraform safely
Good tip on terraforming IAM policies
AWS IAM Permission Boundaries Has A Caveat That May Surprise You
This looks interesting…
iamlive: Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
This could be a useful tool to identify which minimum set of action to allow on my IaC user to allow it to do its works while preserving least privilege.
AWS Access Keys - A Reference
AWS Access Keys are the credentials used to provide programmatic or CLI-based access to the AWS APIs. This post outlines what they are, how to identify the different types of keys, where you’re likely to find them across the different services, and the order of access precedence for the different SDKs and tools.
Iac
Terraform CDK - part 2
It’s been 2 week since the previous post in this series and I am really starting to enjoy the Terraform CDK.
Terraform CDK - part 1
In this post I start building infrastructure components in my AWS sandbox, using the recently released Terraform Cloud Development Kit (CDK). I am going to keep it very basic, simply create an IAM role and policy, just to get myself going. What I am going to do however is dig into each little command and instructions I found in various tutorials, to make sure I understand the magic they hide from me.
Scripting access to my AWS sandbox
Today I am documenting how I intend to use the AWS sandbox environments provided by my current employer. These are phoenix environments - we can book them for anything between 1 and 7 days, after which time they get wiped out with AWS nuke.
We get given near free rein, with AdministratorAccess AWS managed policy. We are also supposedly restricted in the EC2 instances size we can launch, although I have not seen this reflected in the policies attached to my user 
.
Inframap - generate pretty terraform graphs
Looking for something to make my CDK TF posts prettier
Idempotency
Infosec
Defining IAM Policies with Terraform safely
Good tip on terraforming IAM policies
An Exploration of JSON Interoperability Vulnerabilities
This is a great write up of json interops (or lack of) and the security consequences
Fundamental Practices for Secure Software Development
The best practices in the guide apply to cloud-based and online services, shrink-wrapped software and database applications, as well as operating systems, mobile devices, embedded systems and devices connected to the Internet.
developer security essentials
Another great resource from the footnotes of “Continuous architecture in practice”, handbooks and training materials on “developer security essentials”.
Terraform, can you keep a secret?
Did you now terraform state can and very likely holds sensitive data?
Canarytokens.org - Quick, Free, Detection for the Masses
How to test your apps for #log4shell vulnerability 1. Generate a DNS token https://t.co/vCzVG0O03i2. Wrap that token in Prefix: ${jndi:ldap://Suffix: /a}3. Use that value in search forms, profile data, settings etc. of your apps4. Get notified when you triggered a reaction
All things FUDI2/webAuthb
TA curated list of awesome WebAuthn/FIDO2 and now Passkey resources
Javascript
CountAPI This API allows you to create simple numeric counters. IaaS, Integer as a Service.
I’m curious to see whether anyone actually visits the blog pages that I’ve shared (aka attention seeking) and implementing a basic page counter would help.
Log4shell
Microservices
Distributed transaction patterns for microservices compared
This is a good write up on distributed transaction patterns.
5 patterns to make your microservice fault-tolerant
Some good info in there about handling failure in downstream services
GROWTH BLOG Scalability and Technology Consulting Advice for SaaS and Technology Companies
Scroll to the bottom to the categories. Lot of good stuff in there.
Seeing the BFF Pattern used in the wild
Good overview of the BFF Pattern and its relationship with other patterns
Layering Microservices
Another article supporting my view that layering your architecture is good, doesn’t equates to N-tiers and doesn’t clash with microservices, hexagonal and cell based architecture descriptions
From monolith to resilient microservices
R
API interaction types in a microservice architecture: queries, commands, and events
Nice post with interesting links
Miscellaneous
Ml
O11y
Journey on observability
Great thread on observability (i11y) as a practice
Tips to prevent a serverless wreck
Nice simple article pointing to some useful reference material
Sre
Serverless
Tips to prevent a serverless wreck
Nice simple article pointing to some useful reference material
Serverless.tf
serverless.tf is an opinionated open-source framework for developing, building, deploying, and securing serverless applications and infrastructures on AWS using Terraform.
Lessons Learned From Running Serverless In Production
Great blog entry feom the serverless monk
Skip The Lambda Function, Connect Directly To Your AWS Services
Thhow to call aws services directly from api gateway
Terraform
Terraform CDK - part 2
It’s been 2 week since the previous post in this series and I am really starting to enjoy the Terraform CDK.
Terraform CDK - part 1
In this post I start building infrastructure components in my AWS sandbox, using the recently released Terraform Cloud Development Kit (CDK). I am going to keep it very basic, simply create an IAM role and policy, just to get myself going. What I am going to do however is dig into each little command and instructions I found in various tutorials, to make sure I understand the magic they hide from me.
Yor: Automated IaC tag and trace
This could be a useful tool
Defining IAM Policies with Terraform safely
Good tip on terraforming IAM policies
Terraform, can you keep a secret?
Did you now terraform state can and very likely holds sensitive data?
How to setup a Serverless application with AWS SAM and Terraform
Some good stuff in there. Not exactly what I’m looking for, I think, which is a strong(er) separation of infrastructure and code, but still a good read.
A Terraform CDK Construct which doubles as native Terraform Module
I want to see how to consume terraform modules from my CDK code. This covers the other direction, as well
Serverless.tf
serverless.tf is an opinionated open-source framework for developing, building, deploying, and securing serverless applications and infrastructures on AWS using Terraform.
Alb
Saving Money By Replacing API Gateway With Application Load Balancer’s Lambda Integration
Our AWS support architect (whatever their title actually is) has pointed out that our planned use of API Gateway could prove quite expensive, and that, on the face of it, the Application Load Balancer might be all we need.
I am therefore doing my own research, and this article supports their argument.
AWS: 10 Things You’re Probably Doing Wrong as an Architect
A few gotcha worth knowing about in this article
Api
Serverless API Essentials - Idempotency
Great write-up on API Idempotency
Api-gateway
The API gateway pattern versus the Direct client-to-microservice communication
Microsoft view on the API gateway and backend-for-frontend patterns
Saving Money By Replacing API Gateway With Application Load Balancer’s Lambda Integration
Our AWS support architect (whatever their title actually is) has pointed out that our planned use of API Gateway could prove quite expensive, and that, on the face of it, the Application Load Balancer might be all we need.
I am therefore doing my own research, and this article supports their argument.
Serverless Container-based APIs with Amazon ECS and Amazon API Gateway
This blog post guides you through the details of the option based on API Gateway and AWS Cloud Map, and how to implement it: first you learn how the different components (Amazon ECS, AWS Cloud Map, API Gateway, etc.) work together, then you launch and test a sample container-based API.
A Detailed Overview of AWS API Gateway
Tons of useful details in this article
Architecture
From monolithic to MACH architecture
It’s been a while since my last proper post, but I’ve given a presentation last week that, I believe, deserves to be expanded into a post.
Architecture descriptions in the cloud
This week I have started documenting our target architecture. Now, what I was actually asked to do was “document our target cloud infrastructure”, but I have been there before and believe a formal (ish) overall architecture description is required before diving into any specific problem area.
REST API design resource modeling
Good article about reconciling domain driven design and REST. Quite old, but then again the DDD books I have read are as well, and couched in very old fashion SOA language, which I haven’t had much to do in recent years. Feels like both a trip down memory lane and a refresher 🤨
5 patterns to make your microservice fault-tolerant
Some good info in there about handling failure in downstream services
A quick introduction to clean architecture
Overview (or data dump) of clean architecture concepts
AWs Caching challenges and strategies
Tons of information about caching strategies in this AWS builders library article
Avoiding fallback in distributed systems
Another information packed article from AWS builders library, advising, surprisingly, against fallback strategies
Failure Isolation and Recovery: Learning from High-Scale and Extreme-Scale Computing
Covers a broad swath of resilience issues, with links and references to further material
GROWTH BLOG Scalability and Technology Consulting Advice for SaaS and Technology Companies
Scroll to the bottom to the categories. Lot of good stuff in there.
Google SRE book
TIL that Google book on Site Reliability Engineering is available online!
Hexagonal Architecture: three principles and an implementation example
Interesting dive into hexagonal architecture, ports and adapters, dependencies always facing inward, etc…
Seeing the BFF Pattern used in the wild
Good overview of the BFF Pattern and its relationship with other patterns
The API gateway pattern versus the Direct client-to-microservice communication
Microsoft view on the API gateway and backend-for-frontend patterns
How to keep complexity in check with hexagonal architecture
Description of the use and advantages of hexagonal architecture in frontend components, which would include BFF. (backend for frontend), although they are not referred to as such in this article
Interview with Alistair Cockburn About Hexagonal Architecture… and more
Always fascinating to find out where patterns originated from, from the authors themselves
Layered Architecture: Still a Solid Approach
There is a misconception that layered architectures equate to N-tiers architectures. They don’t and this article supports this (my) interpretation.
Layering Microservices
Another article supporting my view that layering your architecture is good, doesn’t equates to N-tiers and doesn’t clash with microservices, hexagonal and cell based architecture descriptions
DDD, Hexagonal, Onion, Clean, CQRS, … How I put it all together
Aot to unpack in this article, saving it to read later, not convinced about everything in it but worth a proper resd
From monolith to resilient microservices
R
Cloud Native Architecture in Practice
Good summary of the things to look for when architecting for the cloud
API interaction types in a microservice architecture: queries, commands, and events
Nice post with interesting links
Binbash Leverage Documentation
A good reference reference architecture. The documentation is good as well. the leading, easy to deploy, reusable and most automated solution for defining, provisioning and managing your secure and scalable multi-account AWS infrastructure environment.
Availability
AWS SLA: Are you able to keep your availability promise?
More on AWS managed component availability
Uptime and downtime with 99.99 % SLA
Was glad to note that AWS SLAs are given with monthly values, basically their invoicing period Their SLAs vary between 3 and 4 nines, or 43m 49s to 4m 22s, per month.
Aws
From monolithic to MACH architecture
It’s been a while since my last proper post, but I’ve given a presentation last week that, I believe, deserves to be expanded into a post.
Yor: Automated IaC tag and trace
This could be a useful tool
Fargate networking 101
Quick overview of AWS Fargate networking
The Complete History of AWS Outages
Good read, puts things in perspective
iamlive: Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
This could be a useful tool to identify which minimum set of action to allow on my IaC user to allow it to do its works while preserving least privilege.
How to setup a Serverless application with AWS SAM and Terraform
Some good stuff in there. Not exactly what I’m looking for, I think, which is a strong(er) separation of infrastructure and code, but still a good read.
Saving Money By Replacing API Gateway With Application Load Balancer’s Lambda Integration
Our AWS support architect (whatever their title actually is) has pointed out that our planned use of API Gateway could prove quite expensive, and that, on the face of it, the Application Load Balancer might be all we need.
I am therefore doing my own research, and this article supports their argument.
Tips to prevent a serverless wreck
Nice simple article pointing to some useful reference material
Serverless.tf
serverless.tf is an opinionated open-source framework for developing, building, deploying, and securing serverless applications and infrastructures on AWS using Terraform.
Do not use AWS CloudFormation
A useful comparison of Terraform and Cloudformation
AWS Fargate: Understanding the Networking and Security Considerations
First part of this article provides a simple overview of fargate networking
ECS vs. Fargate: What’s the difference?
Things I know or think I know but fail to explain easily
Ws Security Documentation by Category
This is worth bookmarking - a list of all AWS services security pages
AWS and IPv6
Besides more IPs, what are the benefits of adopting all ipv6 and is it practical today?
Serverless Container-based APIs with Amazon ECS and Amazon API Gateway
This blog post guides you through the details of the option based on API Gateway and AWS Cloud Map, and how to implement it: first you learn how the different components (Amazon ECS, AWS Cloud Map, API Gateway, etc.) work together, then you launch and test a sample container-based API.
Application Load Balancer-type Target Group for Network Load Balancer
This new feature allows AWS customers to directly register an ALB as an NLB target, eliminating the need to actively manage changing ALB IP addresses. This is achieved by making use of a newly introduced Application Load Balancer-type target group for NLB.
AWS Access Keys - A Reference
AWS Access Keys are the credentials used to provide programmatic or CLI-based access to the AWS APIs. This post outlines what they are, how to identify the different types of keys, where you’re likely to find them across the different services, and the order of access precedence for the different SDKs and tools.
A Detailed Overview of AWS API Gateway
Tons of useful details in this article
Cross-account role trust policies should trust AWS accounts, not roles
Found this in the context of access control to event carried sensitive data
Binbash Leverage Documentation
A good reference reference architecture. The documentation is good as well. the leading, easy to deploy, reusable and most automated solution for defining, provisioning and managing your secure and scalable multi-account AWS infrastructure environment.
AWS Routing 101
Good summary of routing in aws
AWS: 10 Things You’re Probably Doing Wrong as an Architect
A few gotcha worth knowing about in this article
Lessons Learned From Running Serverless In Production
Great blog entry feom the serverless monk
Aws-cli
Scripting access to my AWS sandbox
Today I am documenting how I intend to use the AWS sandbox environments provided by my current employer. These are phoenix environments - we can book them for anything between 1 and 7 days, after which time they get wiped out with AWS nuke.
We get given near free rein, with AdministratorAccess AWS managed policy. We are also supposedly restricted in the EC2 instances size we can launch, although I have not seen this reflected in the policies attached to my user .
Bff
Seeing the BFF Pattern used in the wild
Good overview of the BFF Pattern and its relationship with other patterns
The API gateway pattern versus the Direct client-to-microservice communication
Microsoft view on the API gateway and backend-for-frontend patterns
How to keep complexity in check with hexagonal architecture
Description of the use and advantages of hexagonal architecture in frontend components, which would include BFF. (backend for frontend), although they are not referred to as such in this article
Caching
AWs Caching challenges and strategies
Tons of information about caching strategies in this AWS builders library article
A Guide to Caching with NGINX and NGINX Plus
Useful info about using NGINX as a caching proxy or reverse-proxy
Bloom is a REST API caching middleware
I’m bothered that there are so few implementations of transparent read through caching for REST APIs. This is one, but doesn’t even use the proper cache-control headers, or asynchronous cache refresh
Cache-Control for Civilians
More stuff about caching
cacheable-response
An HTTP compliant nodejs route path middleware for serving cache response with invalidation support
Career
Fearless Salary Negotiation
This is a great website, full of advice about salary negotiations for software developers (tho the advice seems portable to other job types). Not sure I agree with it all but this most likely down to doing it all wrong myself. Definitely worth a browse! Might even buy the book…
Cdktf
Terraform CDK - part 2
It’s been 2 week since the previous post in this series and I am really starting to enjoy the Terraform CDK.
Terraform CDK - part 1
In this post I start building infrastructure components in my AWS sandbox, using the recently released Terraform Cloud Development Kit (CDK). I am going to keep it very basic, simply create an IAM role and policy, just to get myself going. What I am going to do however is dig into each little command and instructions I found in various tutorials, to make sure I understand the magic they hide from me.
Jest testing tutorial
Jest is what terraform cdk uses for unit testing, so this tutorial could come handy
A Terraform CDK Construct which doubles as native Terraform Module
I want to see how to consume terraform modules from my CDK code. This covers the other direction, as well
Cloud-native
Cloud Native Architecture in Practice
Good summary of the things to look for when architecting for the cloud
Cloudformation
Do not use AWS CloudFormation
A useful comparison of Terraform and Cloudformation
Compliance
Compliance in a DevOps Culture
These pattern could become useful in the new job, streamline our compliance processes and align them with devops
Containers
Installing Podman on WSL2
As I have a new laptop to go with the new job I am setting up my usual toolset on it.
ECS vs. Fargate: What’s the difference?
Things I know or think I know but fail to explain easily
Cost
Aws cost control resources
This looks interesting…
Cqrs
DDD, Hexagonal, Onion, Clean, CQRS, … How I put it all together
This looks interesting…
Css
Writing Logic in CSS
Thiao many things I didn’t know about CSS
Data-mesh
HelloFresh Journey to the Data Mesh
Well written description of hello fresh transformation of their approach to data
Datamesh
Data Mesh: An Architectural Deep Dive
Zhamak Dehghani introduces the architecture of new Data Mesh concepts
Ddd
REST API design resource modeling
Good article about reconciling domain driven design and REST. Quite old, but then again the DDD books I have read are as well, and couched in very old fashion SOA language, which I haven’t had much to do in recent years. Feels like both a trip down memory lane and a refresher 🤨
DDD and Messaging Architectures
TA ververy useful list of patterns
Design
Avoiding Premature Software Abstractions
A good point, well maxe
Devops
How to setup a Serverless application with AWS SAM and Terraform
Some good stuff in there. Not exactly what I’m looking for, I think, which is a strong(er) separation of infrastructure and code, but still a good read.
Distributed-systems
Distributed transaction patterns for microservices compared
This is a good write up on distributed transaction patterns.
Dns
AWS: 10 Things You’re Probably Doing Wrong as an Architect
A few gotcha worth knowing about in this article
Docker
Installing Podman on WSL2
As I have a new laptop to go with the new job I am setting up my usual toolset on it.
Anti-Patterns When Building Container Images
Some great advice in here if you’re writing Dockerfiles, and some pointers for when not to!
Dynamodb
Exporting DynamoDB Data to Excel using Lambda with s3 on AWS
This is something I might need to replicate for my current project,where my dynamodb is just a staging stage before the data is eventually sent to our data lake. In the meantime, emailing the data to my colleagues in marketing will do nicely 😁
Safe List updates with DynamoDB
More dynamodb stuff I should really know already
Ecs
ECS vs. Fargate: What’s the difference?
Things I know or think I know but fail to explain easily
Anti-Patterns When Building Container Images
Some great advice in here if you’re writing Dockerfiles, and some pointers for when not to!
Serverless Container-based APIs with Amazon ECS and Amazon API Gateway
This blog post guides you through the details of the option based on API Gateway and AWS Cloud Map, and how to implement it: first you learn how the different components (Amazon ECS, AWS Cloud Map, API Gateway, etc.) work together, then you launch and test a sample container-based API.
Eda
DDD and Messaging Architectures
TA ververy useful list of patterns
Asynchronous Messaging and Eventing Resources
Clement Vaters super list of resources about events and message driven architecture
How to choose between EventBridge and SQS in Event Driven Architecture
This looks interesting…
Eks
season of the Elastic Bytes
Curated list of elastic observability videos
Enviy
WASM framework - Spin
For future reference, I’m excited about WASM in Envoy, and this could maybe help
Eventbridge
How to choose between EventBridge and SQS in Event Driven Architecture
This looks interesting…
Events
DDD and Messaging Architectures
TA ververy useful list of patterns
Asynchronous Messaging and Eventing Resources
Clement Vaters super list of resources about events and message driven architecture
Excel
Exporting DynamoDB Data to Excel using Lambda with s3 on AWS
This is something I might need to replicate for my current project,where my dynamodb is just a staging stage before the data is eventually sent to our data lake. In the meantime, emailing the data to my colleagues in marketing will do nicely 😁
Fargate
Fargate networking 101
Quick overview of AWS Fargate networking
AWS Fargate: Understanding the Networking and Security Considerations
First part of this article provides a simple overview of fargate networking
ECS vs. Fargate: What’s the difference?
Things I know or think I know but fail to explain easily
Git
Configuring Git to use the proper SSH key across multiple remote repositories
The new job uses both GitLab and BitBucket, and mandates SSH to access both.
Github
Generate Jekyll pages with GitHub actions
Now that I have customised Jekyll I want to simplify my workflow.
Customising Jekyll
Following my initial setup of Jekyll (as per Setting up my GitHub page with Jekyll), I now want to customise the site to meet my personal requirements.
Setting up my GitHub page with Jekyll
I have decided to finally set up a mini blog type site on my under utilised GitHub. The main intention is to have a single place to put all the random stuff I find when browsing the internet, twitter and linkedin, in a format I can then share as and when I think it could be useful to the wider world.
Ha
5 patterns to make your microservice fault-tolerant
Some good info in there about handling failure in downstream services
AWs Caching challenges and strategies
Tons of information about caching strategies in this AWS builders library article
Avoiding fallback in distributed systems
Another information packed article from AWS builders library, advising, surprisingly, against fallback strategies
Failure Isolation and Recovery: Learning from High-Scale and Extreme-Scale Computing
Covers a broad swath of resilience issues, with links and references to further material
Google SRE book
TIL that Google book on Site Reliability Engineering is available online!
AWS SLA: Are you able to keep your availability promise?
More on AWS managed component availability
Uptime and downtime with 99.99 % SLA
Was glad to note that AWS SLAs are given with monthly values, basically their invoicing period Their SLAs vary between 3 and 4 nines, or 43m 49s to 4m 22s, per month.
Hexagonal
DDD, Hexagonal, Onion, Clean, CQRS, … How I put it all together
This looks interesting…
Hexagonal-architecture
How to keep complexity in check with hexagonal architecture
Description of the use and advantages of hexagonal architecture in frontend components, which would include BFF. (backend for frontend), although they are not referred to as such in this article
Interview with Alistair Cockburn About Hexagonal Architecture… and more
Always fascinating to find out where patterns originated from, from the authors themselves
Iac
Terraform CDK - part 2
It’s been 2 week since the previous post in this series and I am really starting to enjoy the Terraform CDK.
Terraform CDK - part 1
In this post I start building infrastructure components in my AWS sandbox, using the recently released Terraform Cloud Development Kit (CDK). I am going to keep it very basic, simply create an IAM role and policy, just to get myself going. What I am going to do however is dig into each little command and instructions I found in various tutorials, to make sure I understand the magic they hide from me.
Scripting access to my AWS sandbox
Today I am documenting how I intend to use the AWS sandbox environments provided by my current employer. These are phoenix environments - we can book them for anything between 1 and 7 days, after which time they get wiped out with AWS nuke.
We get given near free rein, with AdministratorAccess AWS managed policy. We are also supposedly restricted in the EC2 instances size we can launch, although I have not seen this reflected in the policies attached to my user .
Inframap - generate pretty terraform graphs
Looking for something to make my CDK TF posts prettier
Iam
Defining IAM Policies with Terraform safely
Good tip on terraforming IAM policies
AWS IAM Permission Boundaries Has A Caveat That May Surprise You
This looks interesting…
iamlive: Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
This could be a useful tool to identify which minimum set of action to allow on my IaC user to allow it to do its works while preserving least privilege.
AWS Access Keys - A Reference
AWS Access Keys are the credentials used to provide programmatic or CLI-based access to the AWS APIs. This post outlines what they are, how to identify the different types of keys, where you’re likely to find them across the different services, and the order of access precedence for the different SDKs and tools.
Infosec
Defining IAM Policies with Terraform safely
Good tip on terraforming IAM policies
An Exploration of JSON Interoperability Vulnerabilities
This is a great write up of json interops (or lack of) and the security consequences
Fundamental Practices for Secure Software Development
The best practices in the guide apply to cloud-based and online services, shrink-wrapped software and database applications, as well as operating systems, mobile devices, embedded systems and devices connected to the Internet.
developer security essentials
Another great resource from the footnotes of “Continuous architecture in practice”, handbooks and training materials on “developer security essentials”.
Terraform, can you keep a secret?
Did you now terraform state can and very likely holds sensitive data?
Canarytokens.org - Quick, Free, Detection for the Masses
How to test your apps for #log4shell vulnerability 1. Generate a DNS token https://t.co/vCzVG0O03i2. Wrap that token in Prefix: ${jndi:ldap://Suffix: /a}3. Use that value in search forms, profile data, settings etc. of your apps4. Get notified when you triggered a reaction
All things FUDI2/webAuthb
TA curated list of awesome WebAuthn/FIDO2 and now Passkey resources
Ipv6
AWS and IPv6
Besides more IPs, what are the benefits of adopting all ipv6 and is it practical today?
Javascript
CountAPI This API allows you to create simple numeric counters. IaaS, Integer as a Service.
I’m curious to see whether anyone actually visits the blog pages that I’ve shared (aka attention seeking) and implementing a basic page counter would help.
Jeckyll
Jeckyll plug in to create heading anchors
Reminder to myself to add this plug in to my site to enable me to link to individual sections in posts.
CountAPI This API allows you to create simple numeric counters. IaaS, Integer as a Service.
I’m curious to see whether anyone actually visits the blog pages that I’ve shared (aka attention seeking) and implementing a basic page counter would help.
Jekyll
Generate Jekyll pages with GitHub actions
Now that I have customised Jekyll I want to simplify my workflow.
Customising Jekyll
Following my initial setup of Jekyll (as per Setting up my GitHub page with Jekyll), I now want to customise the site to meet my personal requirements.
Setting up my GitHub page with Jekyll
I have decided to finally set up a mini blog type site on my under utilised GitHub. The main intention is to have a single place to put all the random stuff I find when browsing the internet, twitter and linkedin, in a format I can then share as and when I think it could be useful to the wider world.
Jest
Jest testing tutorial
Jest is what terraform cdk uses for unit testing, so this tutorial could come handy
Json
An Exploration of JSON Interoperability Vulnerabilities
This is a great write up of json interops (or lack of) and the security consequences
Lambda
Operating Lambda: Performance optimization
This three-part series discusses performance optimization for Lambda-based applications.
Exporting DynamoDB Data to Excel using Lambda with s3 on AWS
This is something I might need to replicate for my current project,where my dynamodb is just a staging stage before the data is eventually sent to our data lake. In the meantime, emailing the data to my colleagues in marketing will do nicely 😁
How to setup a Serverless application with AWS SAM and Terraform
Some good stuff in there. Not exactly what I’m looking for, I think, which is a strong(er) separation of infrastructure and code, but still a good read.
Liquid
Customising Jekyll
Following my initial setup of Jekyll (as per Setting up my GitHub page with Jekyll), I now want to customise the site to meet my personal requirements.
Mach
From monolithic to MACH architecture
It’s been a while since my last proper post, but I’ve given a presentation last week that, I believe, deserves to be expanded into a post.
Microservices
Distributed transaction patterns for microservices compared
This is a good write up on distributed transaction patterns.
5 patterns to make your microservice fault-tolerant
Some good info in there about handling failure in downstream services
GROWTH BLOG Scalability and Technology Consulting Advice for SaaS and Technology Companies
Scroll to the bottom to the categories. Lot of good stuff in there.
Seeing the BFF Pattern used in the wild
Good overview of the BFF Pattern and its relationship with other patterns
Layering Microservices
Another article supporting my view that layering your architecture is good, doesn’t equates to N-tiers and doesn’t clash with microservices, hexagonal and cell based architecture descriptions
From monolith to resilient microservices
R
API interaction types in a microservice architecture: queries, commands, and events
Nice post with interesting links
Monolith
From monolithic to MACH architecture
It’s been a while since my last proper post, but I’ve given a presentation last week that, I believe, deserves to be expanded into a post.
Negotiation
Fearless Salary Negotiation
This is a great website, full of advice about salary negotiations for software developers (tho the advice seems portable to other job types). Not sure I agree with it all but this most likely down to doing it all wrong myself. Definitely worth a browse! Might even buy the book…
Nginx
A Guide to Caching with NGINX and NGINX Plus
Useful info about using NGINX as a caching proxy or reverse-proxy
Nines
AWS SLA: Are you able to keep your availability promise?
More on AWS managed component availability
Uptime and downtime with 99.99 % SLA
Was glad to note that AWS SLAs are given with monthly values, basically their invoicing period Their SLAs vary between 3 and 4 nines, or 43m 49s to 4m 22s, per month.
Nodejs
Exporting DynamoDB Data to Excel using Lambda with s3 on AWS
This is something I might need to replicate for my current project,where my dynamodb is just a staging stage before the data is eventually sent to our data lake. In the meantime, emailing the data to my colleagues in marketing will do nicely 😁
Cache-Control for Civilians
More stuff about caching
cacheable-response
An HTTP compliant nodejs route path middleware for serving cache response with invalidation support
Tao of Node - Design, Architecture & Best Practices
This looks interesting…
O11y
Journey on observability
Great thread on observability (i11y) as a practice
Tips to prevent a serverless wreck
Nice simple article pointing to some useful reference material
O18y
Lessons Learned From Running Serverless In Production
Great blog entry feom the serverless monk
Patterns
GROWTH BLOG Scalability and Technology Consulting Advice for SaaS and Technology Companies
Scroll to the bottom to the categories. Lot of good stuff in there.
The API gateway pattern versus the Direct client-to-microservice communication
Microsoft view on the API gateway and backend-for-frontend patterns
Interview with Alistair Cockburn About Hexagonal Architecture… and more
Always fascinating to find out where patterns originated from, from the authors themselves
DDD and Messaging Architectures
TA ververy useful list of patterns
What is backoff for?
This looks When do you want backoff and jitter, and when do you want adaptive retries? Are they just two ways to do the same thing, or is there something different about them?
Podman
Installing Podman on WSL2
As I have a new laptop to go with the new job I am setting up my usual toolset on it.
Python
ugit: DIY Git in Python
implement Git in Python to learn more about how Git works on the inside.
Web Browser Engineering
TThis book explains, building a basic but complete web browser, from networking to JavaScript, in a thousand lines of Python.
Resilience
5 patterns to make your microservice fault-tolerant
Some good info in there about handling failure in downstream services
Avoiding fallback in distributed systems
Another information packed article from AWS builders library, advising, surprisingly, against fallback strategies
What is backoff for?
This looks When do you want backoff and jitter, and when do you want adaptive retries? Are they just two ways to do the same thing, or is there something different about them?
Rest
REST API design resource modeling
Good article about reconciling domain driven design and REST. Quite old, but then again the DDD books I have read are as well, and couched in very old fashion SOA language, which I haven’t had much to do in recent years. Feels like both a trip down memory lane and a refresher 🤨
Sam
How to setup a Serverless application with AWS SAM and Terraform
Some good stuff in there. Not exactly what I’m looking for, I think, which is a strong(er) separation of infrastructure and code, but still a good read.
Sandbox
Scripting access to my AWS sandbox
Today I am documenting how I intend to use the AWS sandbox environments provided by my current employer. These are phoenix environments - we can book them for anything between 1 and 7 days, after which time they get wiped out with AWS nuke.
We get given near free rein, with AdministratorAccess AWS managed policy. We are also supposedly restricted in the EC2 instances size we can launch, although I have not seen this reflected in the policies attached to my user .
Sbom
SLSA dip — At the Source of the problem!
This article is part of a series about the security of the software supply chain. Each article will be analyzing a component of the Supply chain Levels for Software Artifacts (SLSA) model in depth, from the developer’s workstation all the way to the consumer side of the chain.
Security
AWS Fargate: Understanding the Networking and Security Considerations
First part of this article provides a simple overview of fargate networking
Ws Security Documentation by Category
This is worth bookmarking - a list of all AWS services security pages
Serverless
Tips to prevent a serverless wreck
Nice simple article pointing to some useful reference material
Serverless.tf
serverless.tf is an opinionated open-source framework for developing, building, deploying, and securing serverless applications and infrastructures on AWS using Terraform.
Lessons Learned From Running Serverless In Production
Great blog entry feom the serverless monk
Skip The Lambda Function, Connect Directly To Your AWS Services
Thhow to call aws services directly from api gateway
Single-table
DynamoDB Design Patterns for Single Table Design
I need to up skill on dynamodb, planning to use it in a design but don’t know anywhere as much as I’d like about it. Single table design is especially interesting, seems to be a pattern worth understanding within a microservices architecture
Solid
Layered Architecture: Still a Solid Approach
There is a misconception that layered architectures equate to N-tiers architectures. They don’t and this article supports this (my) interpretation.
Sqs
How to choose between EventBridge and SQS in Event Driven Architecture
This looks interesting…
Ssh
Configuring Git to use the proper SSH key across multiple remote repositories
The new job uses both GitLab and BitBucket, and mandates SSH to access both.
Tagging
Yor: Automated IaC tag and trace
This could be a useful tool
Team-topologies
HelloFresh Journey to the Data Mesh
Well written description of hello fresh transformation of their approach to data
Terraform
Terraform CDK - part 2
It’s been 2 week since the previous post in this series and I am really starting to enjoy the Terraform CDK.
Terraform CDK - part 1
In this post I start building infrastructure components in my AWS sandbox, using the recently released Terraform Cloud Development Kit (CDK). I am going to keep it very basic, simply create an IAM role and policy, just to get myself going. What I am going to do however is dig into each little command and instructions I found in various tutorials, to make sure I understand the magic they hide from me.
Yor: Automated IaC tag and trace
This could be a useful tool
Defining IAM Policies with Terraform safely
Good tip on terraforming IAM policies
Terraform, can you keep a secret?
Did you now terraform state can and very likely holds sensitive data?
How to setup a Serverless application with AWS SAM and Terraform
Some good stuff in there. Not exactly what I’m looking for, I think, which is a strong(er) separation of infrastructure and code, but still a good read.
A Terraform CDK Construct which doubles as native Terraform Module
I want to see how to consume terraform modules from my CDK code. This covers the other direction, as well
Serverless.tf
serverless.tf is an opinionated open-source framework for developing, building, deploying, and securing serverless applications and infrastructures on AWS using Terraform.
Testing
Jest testing tutorial
Jest is what terraform cdk uses for unit testing, so this tutorial could come handy
Threat-modeling
Ws Security Documentation by Category
This is worth bookmarking - a list of all AWS services security pages
Ubuntu
Installing Podman on WSL2
As I have a new laptop to go with the new job I am setting up my usual toolset on it.
Vpc
AWS Routing 101
Good summary of routing in aws
Wasm
WASM framework - Spin
For future reference, I’m excited about WASM in Envoy, and this could maybe help
Webauthn
All things FUDI2/webAuthb
TA curated list of awesome WebAuthn/FIDO2 and now Passkey resources
Well-architected
Binbash Leverage Documentation
A good reference reference architecture. The documentation is good as well. the leading, easy to deploy, reusable and most automated solution for defining, provisioning and managing your secure and scalable multi-account AWS infrastructure environment.
Work-practices
Liberating structures
This website offers an alternative way to approach and design how people work together. It provides a menu of thirty-three Liberating Structures to replace or complement conventional practices.
The use of POWER for meaningful meetings
The POWER Start is a facilitation technique developed by the Agile Coaching Institute to put an end to bad meetings.
Journey on observability
Great thread on observability (i11y) as a practice
Wsl2
Installing Podman on WSL2
As I have a new laptop to go with the new job I am setting up my usual toolset on it.