In the previous post, we explored S3 Access Control Lists (ACLs) and learned why AWS recommends disabling them for most modern use cases. Now it's time to dive into the proper way of securing your S3 buckets: IAM policies and bucket policies. Unlike ACLs, which are considered legacy and can become operationally …

In today's digital landscape, serving APIs has become increasingly challenging. The task of exposing data and functionality to legitimate users has evolved into a complex battle against automated attacks, aggressive crawlers, and misguided AI training attempts. The challenge isn't just technical—it's philosophical. How …

That will be a short microblog-style post. As you may know AWS Community Builders, as part of the program benefits are receiving 500$ per year of AWS Cloud credits. Seems a lot, however, domain name registration is excluded, also based on on-demand pricing, 500$ is ok for test ideas, or writing content. Not very good, …

Recently you were able to read. about S3 security, and methods of avoiding common misconfiguration with the usage of standard and well-known tools. The fact that AWS offers a set of access control mechanisms designed to protect S3 resources, including: Access Control Lists (ACLs) Identity and Access Management (IAM) …

In September this year, I will officially mark 10 years in the IT box. For most of my professional life, I was focused on system administration, automation, DevOps, and a bit of public/hybrid cloud. There was always security, but rather a nice-to-have topic, not the main pillar. Some time ago I decided, that I would …

As you may already know, or not. I'm self-hosting a view apps, where it doesn't mean home-labbing them. My flat wasn't designed to have network cables in all rooms, and storing more units than Synology NAS, HomeAssistant, RasbberyPi and Router on a tiny Ikea shelf could be a dangerous situation. That is why I'm not …

That is the next iteration of the "5 AM Club" Kubernetes migration. As you can remember from other entries published in this series, I started playing with Kubernetes daily. Not on a daily basis, but literally every single day. To be honest, I'm pretty happy with the results. However, my plan has one challenge, that …

Last time we configured our cluster step by step maybe without public code yet, but someday I will publish it. Probably when it will be smooth enough to share. Nevertheless, we have a working cluster. Today I will focus on connecting the External Secret Operator with Doppler. So let's introduce today's stars. External …

Over some time I was really happy with my podman + ansible setup. It was great, but do you know what wasn’t such great? Deployment rollbacks. It all started with linkwarden. On my miniflux, I received a notification - that a new minor release is ready. You can use GitHub repos as RSS links and received notification …

I've been a self-hoster for a while. The adventure started with regular mani-pc manufactured by HP. 32G of RAM, Intel gen 10, and 1T HDD drive. However, as long as it was a great experience at the beginning, with time it became a challenge. My stack was built with portainer and a bunch of docker-compose files. It leads …