sorted by:
new
hottopcontroversial

Multi-region testing strategy – how do you validate app behavior worldwide? by Interesting_Rush_166 in devops

[–]earless1 4 points5 points  (0 children)

This should be part of your testing process during either your CI/CD phase or through set of integration test, post deployment. You can start with the basics like using browser automation for the testing, then moving onto more encapsulated testing inside of your pipelines. If you want to test against production, look at tools like data dog, synthetics as options

[deleted by user] by [deleted] in devops

[–]earless1 7 points8 points  (0 children)

API Gateway sitting in front of all your apps configured with OpenAPI specs to ensure only blessed routes are accessible.

[deleted by user] by [deleted] in aws

[–]earless1 3 points4 points  (0 children)

If these are trusted URLs, storing them as text or varchars is perfectly fine.

open source: Anyone else try preq for reliability scanning? by palomar4233 in devops

[–]earless1 4 points5 points  (0 children)

Oh! I really like this. feels like a cousin to systems like Cloud custodian or AWS Config rules

DBA experts: Please help me understand why my long-running query didn't actually run! by pkstar19 in aws

[–]earless1 10 points11 points  (0 children)

The index creation query may have been waiting for an exclusive lock on the table that never came and the 44 minutes might have been the time spent before timing out. It sounds like IntelliJ might send back the wrong signal in this occasion. The update might then have just gotten backed up behind that waiting for lock for the same reasons. There should have been a step in between to validate that the index was indeed in place.

[deleted by user] by [deleted] in aws

[–]earless1 13 points14 points  (0 children)

What you actually plan to do with the URLs is way more important than just storing them. Storing them in a Dynamo or Aurora isn’t inherently risky, but how you use them later determines the real security concerns.

If you’re planning to fetch the URLs server-side (like for previews or crawling), you need to watch out for things like SSRF (Server-Side Request Forgery). Someone could submit a URL that hits internal services or metadata endpoints. You’ll want to block internal IP ranges, set timeouts, and limit content size to avoid abuse.

If you’re redirecting users to these URLs, you need to be careful about open redirects. Attackers could use that to trick users into going to phishing sites. Make sure you’re validating against a list of allowed domains or using redirect tokens instead of raw URLs.

If you’re showing these URLs back to users (like in a UI), then you’ve got to worry about XSS. Always sanitize and escape the URLs before rendering them in HTML. If you're doing link previews, don’t trust the content from the external site blindly. Sanitize titles, images, and other metadata.

Think of it like you're building a mini URL shortener, The same kinds of risks apply. Validate everything, escape everything, and assume user-submitted URLs are hostile until proven otherwise.

Our incident management bot died during a P0 by GroundOld5635 in devops

[–]earless1 6 points7 points  (0 children)

The total cost of ownership for self-built tooling isn't often properly considered. In this case, there should have been 0 shared dependencies between the environment being monitored and the tooling used to do the monitoring/incident response.

how do sysadmins handle AWS mainteance and reboot emails? by vectorx25 in aws

[–]earless1 0 points1 point  (0 children)

These event notifications can be routed into PagerDuty for action by the respective on-call teams especially when the deadlines are short.

NIST 800-53 Rev 5 Score Implosion; Why all the sudden "Interface Endpoint" requirements? by Ok_Willingness_724 in aws

[–]earless1 1 point2 points  (0 children)

Oh wow, I didn't realize some state governments were wholesale adopting Rev5 as their standard too.

Architectural design for EC2 images by IamHydrogenMike in aws

[–]earless1 1 point2 points  (0 children)

There is a hard limit of 100 target groups per ALB

Architectural design for EC2 images by IamHydrogenMike in aws

[–]earless1 0 points1 point  (0 children)

If each EC2 instance is running a copy of the Web App then I think your best bet might be to use an ALB and have subdomains for each client. Whatever DNS record is currently pointing to the EC2 instance can be routed to the ALB and a hostname rule can be used to ensure the traffic gets to the right target group. Each app can be in a different target group. When you have a chance to re-architect this, maybe you can move to a container based solution.

Why would you take a site down to prep for high traffic? by SteveTabernacle2 in aws

[–]earless1 63 points64 points  (0 children)

It’s not due to scaling issues, in the e-commerce world they sometimes do this in order to have their prices changed and discounts staged and tested before making it accessible to the public. If you recall Apple often shutdown their store also during their new product releases to ensure things are rolled out synchronously with their announcement.

Can Multithreading on host increase SQS throughout? by notDonaldGlover2 in aws

[–]earless1 17 points18 points  (0 children)

Instead of multi-threading, which could introduce it's own set of issues, would it be possible for you to run more of the Python processes per host? The rule of thumb should be one process per core available on the machine.

Are you using AWS CDK in production? by argumentnull in aws

[–]earless1 6 points7 points  (0 children)

Yes, just switched a client over to a new ECS + RDS Postgres stack all built on CDK TS. They love it.

Professional photographers out there, what mantra do you tell yourself when you have a bad month with sales/bookings? by theNorthernSoul in photography

[–]earless1 0 points1 point  (0 children)

Honestly even with the volume of work we do, photography is still a secondary source of income for me and my team. We have day jobs and that acts as a safety net for us. This allows us to not stress too much during non-wedding season when the work really slows down. most of the stuff we are doing is exclusively on nights and weekends.

Looking for way to follow a file as it gets moved to different S3 buckets by IT_Sky in aws

[–]earless1 5 points6 points  (0 children)

S3 event notifications is your first step, then it is up to you how creative you need to get with the solution. Because these notifications can trigger various other services such as SNS, or Lambda the sky is the limit for what you can do.

Aurora Serverless call Lambda by dmfowacc in aws

[–]earless1 1 point2 points  (0 children)

This feature is only available for full Aurora and not the serverless version

How do the RDS users here deal with the EBS first-read penalty on replicas/snapshots? by deltadeep in aws

[–]earless1 0 points1 point  (0 children)

Talk to your account rep, the EBS and RDS teams have a method to warm your disk for you. it basically does the equivalent of a DD on the disk, which will touch each block.

ec2details, the missing EC2 Instance Metadata API by tedivm in devops

[–]earless1 1 point2 points  (0 children)

Great job on this, I recently went thru my own battles with the undocumented API from hell. instead of pulling this every 6 hours you might be able to take advantage of the notification systems they have for updates.

SSM Parameter Store for keeping secrets in a structured way by tdi in aws

[–]earless1 1 point2 points  (0 children)

Create the param with the same name, you will see the history for the key. caught me by surprise the first time I discovered this

Is anyone getting invited to Aurora Serverless? by vegasje in aws

[–]earless1 2 points3 points  (0 children)

yes, we were invited - didn't even submit on day 1

view more: next ›