Posts

Showing posts from October, 2017

Serverless Python Web Services

Zappa makes it super easy to build and deploy server-less, event-driven Python applications (including, but not limited to, WSGI web apps) on AWS Lambda + API Gateway. Think of it as "serverless" web hosting for your Python apps. That means infinite scaling, zero downtime, zero maintenance - and at a fraction of the cost of your current deployments!

Microservices are hard — an invaluable guide to microservices.

Image
Nice article I came across this evening here by Joey Clover, Technical Co-founder @ TabbDrink

Tools covered for microservice management are
Containers (Docker)
Orchestration (Kubernetes)
Management (Forge)
Api Gateway / Canary (Ambassador)
Edge Proxy (Envoy)
Monitoring (Prometheus)
Local Testing (Telepresence)

I love this diagram

FIGO Banking API

figo.io is the first Banking-as-a-Service in Europe. It enables access to every financial services provider through one API.

With the figo Banking API, we can query a bank account, the history of transactions, and the submission of payments.

Authentication is available via OAuth2.

Formats in JSON and REST allow to request and receive responses to retrieve bank accounts, modify bank accounts, and remove a PIN number from the server.

Below is a library of microservices written in GO that will allow you interact with the FIGO API.  Before you begin you will need to obtain a client ID / token ID from FIGO. There is a development version available.

1. Install pre-reqs
go get golang.org/x/oauth2
go get github.com/denizs/go-figo/fig


....more to post

Microservices and Secrets management - How to comply with security must-dos

Very nice and concise article with respect to secret management and what you need to consider when building microservices to meet with security requirements

Microservices and Secrets management - How to comply with security must-dos

The article highlights the following must-dos when considering a solution for secret management as part of your overall microservices deployment architecture

Secure storage of various type of secrets (API Token, Keys, Certificates, username & passwords)Reliable API based access to secretsDynamic secret distribution for automated encryption and authentication of keysFull Audit of access to secrets.Multi-level role based access to secretsCentralized revocation of secrets and redistribution

OWASP Zed Attack Proxy (ZAP) Project

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing

Terraform Module for VictorOps Alerts

My first attempt at a basic terraform module written in GO to interface with VictorOps thorugh the VOPS API

resource_alerts.go
This is rough, just to connect the terraform module to generate an alert in VictorOps
Need to clean up the passing of parameters from the test.tf instead of hard coding in GO
But this is easy enough

package main

import (
"github.com/hashicorp/terraform/helper/schema"
  "bytes"
  "encoding/json"
  "net/http"
  "io/ioutil"
)

type VictoropsAlerts struct {
Code int `json:"code"`
Message string `json:"message"`
Data struct {
MessageType       string `json:"message_type"`
EntityID          string `json:"entity_id"`
EntityDisplayName string `json:"entity_display_name"`
StateMessage      string `json:"state_message"`
} `json:"data"`

}

package main

import (
"github.com/hashicorp/terraform/helper/schema"
  "bytes"
  "encoding/json"
 …

Terraform Locking State in S3

Terraform, as of v0.9, offers locking remote state management. To get it up and running in AWS create a terraform s3 backend, an s3 bucket and a dynamDB table.

For full details check out this blog post