DEVOPS WEEKLY ISSUE #545 - 6th June 2021

1 minute read

Health on-call culture, usable monitoring dashboards, AWS security boundaries, technical posts on ProtoBuf performance, container build toolchains and more.

StackHawk sponsors Devops Weekly

StackHawk is helping One Medical equip developers with automated security testing and self-service remediations. See how:
http://sthwk.com/one-medical

News

An excellent post on building a healthy on-call culture for developers. Lots of concrete advice, centered on respecting engineers and their time.
https://developers.soundcloud.com/blog/building-a-healthy-on-call-culture

ProtoBuf API v2 has some large performance implications. This post is a good primer, as well as a look at how one project solved the problem with a project-specific code generator.
https://vitess.io/blog/2021-06-03-a-new-protobuf-generator-for-go/

Is an AWS account a security boundary? This post digs into the details, showing a large number of ways services cross accounts.
https://matthewdf10.medium.com/aws-accounts-as-security-boundaries-97-ways-data-can-be-shared-across-accounts-b933ce9c837e

Moving from a monolithic architecture to one based on many services often means having to distribute authorization. This post explores how one organization used humeji.
https://medium.com/airbnb-engineering/himeji-a-scalable-centralized-system-for-authorization-at-airbnb-341664924574

Some useful tips for building usable monitoring dashboards.
https://dmoldovan.medium.com/monitoring-how-to-build-your-monitoring-dashboards-e11f89918dd1

A post on the benefits of being able to repave a datacenter, including tips on how to get started.
https://rackn.com/2021/06/03/is-repaving-data-centers-the-way-to-better-roi/

A look at a toolchain for building and publishing container images, using GitHub Actions and ECR. It’s a good example of the trade off between complexity and secure tool chains with current tooling.
https://www.davehall.com.au/blog/2021/05/31/rube-goldberg-machine-container-workflows/

Tools

Managing tags for cloud resources is critical but also a pretty thankless task. Yor is a new tool to help, that integrates with infrastructure as code and is intended for use in a CI pipeline.
https://github.com/bridgecrewio/yor
https://bridgecrew.io/blog/announcing-yor-open-source-iac-tag-trace-cloud-resources/

Updated: