5 posts tagged with "pulumi"

Bastion hosts are disposable infrastructure, yet they are often set up with the same weight as long-lived servers. Hardcoded AMI IDs, SSH key pairs, x86 instances. A bastion should be cheaper, more secure, and self-updating. Three practices get you there: Graviton for cost, Session Manager for access, and SSM parameters for always launching the latest AMI. Like evergreen browsers that update silently in the background, an evergreen bastion always runs the current latest image without anyone touching the config.

Docusaurus v3 is out, but official docs are still lacking deployment to AWS as option.

Let me fix this and guide you how to create most secure and up to date approach with AWS S3 and Cloudfront.

Docusaurus is static website generator, so let's review options AWS offers us to serve it.

Quite often I need to create AWS ACM certificate and do DNS validation using Pulumi.

Pulumi aws.acm.CertificateValidation DNS example only show basic and naive implementation:

• hardcoded single domain validation ¯_(ツ)_/¯
• will fail if you try to validated wildcard and apex domain simultaneously

* creating Route 53 Record: InvalidChangeBatch: [Tried to create resource record set [name='_f22110437fea5500aa0f8bf286aed7c7.howto.ahanoff.dev.', type='CNAME'] but it already exists]

Today I'll show how to create validation that works for any domain

I will create AWS ACM certificate with the following conditions:

• multi domain certificate
• validates wildcard domain: *.howto.ahanoff.dev
• validates apex domain: howto.ahanoff.dev

If you are working with AWS ECS, you might know about ECS task healthcheck. AWS documentation suggests to use curl in command:

[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]

I usually try to minimize container image size, thus my first choice for base image is Alpine.

Unfortunately, it doesn't come with curl installed out of the box. It only includes wget.

To be restored from archive