Category: Web

The documentation around using the AWS CLI from an AWS EC2 instance on one account to access resources in another account are not great. The information is all there, somewhere, but it’s scattered across many places and to derive what you need from those sources you have to pretty well read all the sources. Two useful places to begin, but you will need to spiral out from, are:

• Switching Roles
• CLI User guide

However, I’ll try to give a summary and simple example here. This won’t include code or detailed instructions to set this up, although I hope to follow this up with a code demonstration expressed in Terraform.

Continue reading “Cross-Account use of AWS CLI”

Recently I finally got around to reading the excellent OpenSSL Cookbook from Ivan Risti? – you can grab a free copy via https://www.openssl.org/docs/ – and the first question in my mind was “what version of OpenSSL is already installed on my Mac”. A quick check showed it’s there pre-built in HighSierra in /usr/bin:

[code lang=text]
$ /usr/bin/openssl version
LibreSSL 2.2.7
[/code]

Continue reading “OpenSSL on HighSierra”

Wherever possible I have been enabling two-factor authentication and similar protections. Not that I am paranoid, it’s just that I am paranoid. One of these I have had in play for a long time is protection on my Google account. So it’s somewhat comforting to get an unexpected SMS message from Google in the middle of the night sending me an unexpected authorisation code. Because it means whoever just tried to access my account could not.

Lock your doors people. A simple username and password combination, particularly on anything critical, is effectively useless.

Time for a shout-out to DreamHost, who have partnered with LetsEncrypt to make using SSL with this website very, very easy. DreamHost have always aimed to make many actions against the site push-button, with sensible defaults, and clear documentation, and generating and attaching the certificate was a walk in the park.

I was a little surprised to see the certificate expiring so soon, but LetsEncrypt’s rationale is very sound: re-rolling certificates can and should be automated, and limiting the life time of a certificate automatically limits the exposure if the certificate is subverted. It is very much in line with a core idea that they have: the default for HTTP traffic should be across SSL, or in some other way encrypted.

For me, the process was as simple as pushing the buttons on the DreamHost control panel, then do a bulk find-and-replace on my site to update any http links to be https. I will probably have to chase around the interwebs to find where I’ve published the old URL, but I’m pretty sure I’ve found and updated the important ones already.

Revising my resumé as part of an overall overhaul of my site, I realised that the presentation on mobile devices was not very good. Fortunately since I last did anything major, CSS3 has become widely implemented, so Media Queries are now an option for degrading onto smaller screens. To my pleasure it did (eventually) just work, but I’m embarrassed to say that I spent a good hour wondering why it was not initially working. It would have helped if I’d remembered that CSS files are read from the top down…

On a side note, I’m quite disappointed in the behaviour of the Safari ‘responsive design mode’. While it does allow quick switching of window size, as far as I can tell apart from tinkering with the user agent string it does not register as a mobile device from the point of view of CSS. I’m hoping to find a better way of designing against mobile, because it’s definitely suboptimal to push changes to a server just so that I can test them on the phone.