ercan.cloud

Now

Mon, 25 May 2026 10:00:00 +0200

(Last updated: May 2026)

Writing

Publishing field notes here on cloud, AWS, and platform engineering. Also maintain ercan.ai for AI and applied ML writing, and short-form AI news at news.ercan.ai. Building awsmonthly.cloud, a monthly AWS news digest (not launched yet).

Consulting

Taking on a small number of consulting engagements. Platform engineering advisory, AWS cost optimization (real optimization, not “buy Savings Plans”), EKS and Terraform at scale, interim platform lead, migration and modernization. One or two running at a time. Reach out on LinkedIn if what you are dealing with overlaps.

Consulting & Advisory

Sun, 24 May 2026 10:00:00 +0200

I take on a small number of consulting engagements each year, and I genuinely enjoy it. The variety of teams, stacks, and constraints keeps my platform instincts sharp. Client work feeds the writing here, and the writing feeds the engagements.

Services

Platform engineering advisory. Your team is hitting the point where “just Terraform and hope” stops working. Module boundaries, state ownership, CI/CD design, least-privilege IAM, and the operating model that turns platform into a product.
AWS cost optimization. Real optimization. Line-by-line bill review, traced to specific workloads. Most engagements find 30-50% without touching application code. Deeper than “buy Savings Plans.”
EKS and container platform architecture. Cluster design, nodegroup sizing, IAM for service accounts, networking that actually scales, control-plane upgrade strategy without drama.
Terraform and Terragrunt at organization scale. Module boundaries, state ownership, drift detection, review automation. The boring infrastructure that pays compound interest.
Migration and modernization. Legacy to AWS, monolith to services, multi-account untangling. I have done enough of these to know which parts hurt and how to sequence them.

How I work

Project-based. You have a migration, a platform redesign, or a cost problem. I do the work alongside your team and hand over the result.

About

Sat, 23 May 2026 10:00:00 +0200

I’m Ercan Ermis. Senior cloud platform engineer based in the Netherlands. I write here about cloud, AWS, EKS, Terraform, observability, and the platform-engineering decisions that decide whether a system stays up at 3 AM.

How I got here

The first computer in my life was an Amstrad with two 5.25-inch floppy drives, Floppy A and Floppy B, bought by my father in 1986 for his business. The real switch flipped in 1998, fourth grade, when my teacher installed Linux on one of the Windows 95 machines in our school computer lab and said “this is Linux, it is free software.” Then Pac-Man appeared on that black screen and I was done.

Local DynamoDB Grew Up: A Hands-On Look at ExtendDB

Thu, 21 May 2026 17:42:29 +0300

DynamoDB Local has been the laptop stand-in for AWS DynamoDB since 2013. It's a Java JAR, runs in memory or against a SQLite file, accepts almost any request shape, has no real auth, and treats Streams pretty loosely. It's fine for unit tests. It starts to crack the moment your code does anything beyond PutItem and GetItem.

ExtendDB v0.1.0 just shipped. It's a clean-room implementation of the DynamoDB wire protocol, written in Rust by AWS engineers, backed by PostgreSQL, Apache 2.0. The pitch is "DynamoDB Local, but you can take it seriously." This post is a hands-on look at whether that holds up, run as a side-by-side lab on a single Mac.

How I Found a Hidden Cloudflare Bug on a Sunday mid-night (The joy of curl)

Sun, 10 May 2026 00:44:28 +0300

It was supposed to be a quick weekend project. You know the kind: "I'll just spin up an egress VM, route some traffic through it, sip my coffee, and be done by lunch." Reader, I was not done by lunch.

The Setup

I was building a small access tier for some dev environments: an egress VM with Cloudflare Zero Trust in front of it, hostname-based routing for two specific dev domains, and AWS WAF on the other side checking the source IP. Pretty standard "give my team secure access without exposing things to the public internet" stuff.

Why Your SSH Is Yelling About Quantum Computers (And How to Fix It)

Fri, 17 Apr 2026 13:12:28 +0300

You SSH into your server and see this:

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.

Scary. Let's break it down.

The Threat: Store Now, Decrypt Later

Today's SSH encryption is mathematically strong; breaking it would take a classical computer millions of years.

But quantum computers play by different rules. A sufficiently powerful quantum computer running Shor's algorithm can break the math that protects most of today's public-key cryptography in hours, not millions of years.

IaC-First: Why I am Never Touch the AWS Console in Production

Thu, 16 Apr 2026 19:02:42 +0300

"Never touch the AWS console in production" sounds like an extreme rule. It is not. It is the most important operational discipline in a cloud-native team, and the cost of violating it accumulates silently until it causes a major incident.

This post explains why, and how to enforce IaC-first development in a real team.

The State Drift Problem

Terraform (and OpenTofu) maintains a state file that represents what infrastructure exists. When you apply, Terraform compares the state file against your configuration and makes the minimum set of changes to bring reality in line with the configuration.

I dropped my Google Pixel 9 XL Pro from 6th floor balcony to the street

Sun, 01 Feb 2026 02:14:25 +0300

Gravity 1 – Google Pixel 9 Pro XL 0

Tonight I went to my friend’s place. Great conversation, good laughs, zero awareness of physics. By the time I got home, it was 02:00 AM, that dangerous hour where confidence is high and grip strength is low.

As usual, before bed, I stepped onto my lovely balcony to get some fresh air. Phone in hand.
First, I was replying to some messages. Normal life stuff. Very safe. Very controlled.

AWS S3 New Feature: Re-encryption without Movement

Fri, 30 Jan 2026 11:51:05 +0300

The recent release of the UpdateObjectEncryption API marks a significant shift in how we manage data security at scale. Historically, changing the encryption of an S3 object was a "physical" operation; you had to move the bits. Now, it’s a "logical" metadata operation.

Technical Deep Dive: Re-encryption without Movement

The "magic" behind this update lies in Envelope Encryption. In the legacy CopyObject In the workflow, S3 had to decrypt the actual data using the old key and re-encrypt it with the new key, effectively creating a new file.

I Built TrumpDaily to Track Donald Trump Without the Noise

Thu, 22 Jan 2026 23:11:48 +0300

Look, tracking Trump is exhausting. The man dominates headlines across BBC, Guardian, NPR, Al Jazeera, and even Babylon Bee. Checking 10+ sites daily? No thanks. So I built Trump Daily! It's a self-hosted RSS aggregator that dumps everything into one clean interface. https://trumpdaily.site was born!

And honestly? This was the most fun I've had coding in months a few years ago.

The Stack (Or: Why I Chose Boring Tech)

Backend: Python/Flask (yes, I love it!)
Database: PostgreSQL
Cache: Redis (for literally everything)
Tasks: Celery (background RSS fetching)
Frontend: Vanilla JS (no React, fight me)
Deploy: Docker Compose (one command, done)

The whole thing is ~1,000 lines of Python and 400 lines of JS. Runs locally. No tracking (Just Google Analytics). No cloud bills. No bullshit.

When Spotify’s Share-to-Instagram Flow Turns Into a Free Billboard

Tue, 09 Dec 2025 01:11:36 +0300

Earlier this week, I tried sharing a song on Instagram Stories "Füsun Önal – Ah Nerede", the 2004 release.

Spotify → Share → Instagram. Something we all do a thousand times.

But instead of the album cover, Instagram opened with a completely unrelated person’s Instagram profile screenshot. Not mine. Not Spotify’s. Someone else’s essentially a free ad.

And it didn’t look like a glitch. It looked injected.

AWS Monthly (Nov '25) The Stateful Serverless Revolution

Sun, 30 Nov 2025 20:21:43 +0300

November and re:Invent 2025 brought us the "holy grail" of serverless: AWS Lambda Durable Functions.

This feature introduces "Stateful Serverless" directly into the Lambda runtime. By using the new withDurableExecution wrapper, you can now write long-running workflows that persist for up to one year. When your function hits a context.wait() call, the compute is suspended and you stop paying, until the event or human approval resumes it.

It effectively replaces many complex Step Functions use cases with pure, testable code. We also got Graviton5, which is 25% faster than Graviton4 and features the Nitro Isolation Engine. This engine uses formal verification to provide mathematical proof of workload isolation.

When the Cloud Sneezes, the World Catches a Cold - Lessons from the us-east-1 Meltdown

Mon, 20 Oct 2025 10:05:41 +0300

Today, once again, half the internet went dark not because of a global power failure or a cyber-attack, but because a single AWS region, us-east-1 (N. Virginia), had a bad day.

Perplexity went down. Amazon itself stumbled. Substack, Signal, Fortnite, and countless others vanished into the ether. Even services like Statuspage.io, used by companies to tell their customers “we’re down!”, couldn’t update their own status pages, because they, too, rely on the same broken backbone. It’s the definition of irony.

AWS Monthly (Sep '25): Vega OS & eBPF Observability

Tue, 30 Sep 2025 20:16:41 +0300

In a surprise move, AWS released Vega OS in September. Vega is a specialized, Linux-based OS optimized for the edge and high-performance UI rendering (with a React Native core). It’s ultra-lightweight and designed to boot in milliseconds, perfect for the next generation of smart devices.

On the observability side, we got CloudWatch Application Map 2.0, which uses eBPF (Extended Berkeley Packet Filter) for auto-discovery. This allows AWS to map your entire service topology, including un-instrumented legacy services and third-party API calls, without you writing a single line of instrumentation code.

AWS Monthly (Aug '25): Big Data, Zero Effort

Sun, 31 Aug 2025 20:14:51 +0300

August was all about "Data Gravity." Amazon Aurora storage limits jumped to 256 TiB, which effectively ends the "sharding" conversation for 99.9% of companies.

However, the real star was the expansion of Zero-ETL Integrations. AWS enabled seamless, near-real-time replication from Aurora to OpenSearch and RDS to Redshift. By leveraging the database's internal transaction logs, AWS replicates data to your analytics engine without impacting the source database’s compute.

For data engineers, this means the death of brittle Python/Glue ETL pipelines for simple sync tasks. We also saw DynamoDB get "Attribute-Based Access Control" (ABAC), allowing us to manage permissions via tags rather than complex IAM policies.

AWS Monthly (July '25): Kubernetes at the Edge of Sanity

Thu, 31 Jul 2025 20:13:00 +0300

July was a landmark month for the EKS (Elastic Kubernetes Service) crowd. AWS announced that EKS now supports 100,000-node clusters.

While 100k nodes might be overkill for most of us, the technical optimizations required to make the Kubernetes control plane stable at that scale benefit everyone. The scheduler is faster, and ETCD performance is more resilient.

But the real game-changer was EKS Auto Mode. This is the "No-Ops" evolution of Kubernetes. It removes the need to manage Node Groups or even Karpenter. AWS manages the worker plane entirely, selecting the best instance types based on pod requirements in real time.

AWS Monthly (May '25): The Death of the War Room

Sat, 31 May 2025 20:00:00 +0300

May brought CloudWatch Investigations, which have fundamentally changed someone's on-call rotation. Instead of manual log correlation, this service uses AI to perform Automated Root Cause Analysis (RCA).

When an alarm triggers, Investigations automatically traces the error. It correlates metric spikes with concurrent events, like a specific Git commit, a Terraform apply, or an RDS parameter change. Instead of a dashboard showing "500 Errors," you get a report saying: "The latency spike in Service A was caused by a configuration change in Service B that triggered a connection leak in RDS."

Automating AWS CloudWatch Log Group Tagging with Python and Boto3

Wed, 16 Apr 2025 08:01:03 +0300

Managing tags for AWS CloudWatch log groups is crucial for operational visibility, cost management, and effective resource organization. Tagging log groups manually can be cumbersome, especially when dealing with a large number of log groups. This article outlines a straightforward method to automate this task using Python and the AWS SDK for Python (Boto3).

Importance of Automating CloudWatch Log Group Tagging

Automation ensures:

Consistent tagging across your AWS resources.
Reduced manual effort and human errors.
Enhanced ability to track costs and usage accurately.

Prerequisites

Python 3 installed
AWS CLI configured with appropriate permissions
Boto3 (pip install boto3)
IAM permissions:
- logs:DescribeLogGroups
- logs:ListTagsLogGroup
- logs:TagLogGroup

Python Script for Tagging CloudWatch Log Groups

Below is a Python script that automatically applies specific tags to AWS CloudWatch log groups that currently have no tags.

Automating AWS ECR Tagging with Python and Boto3

Tue, 15 Apr 2025 09:03:02 +0300

Proper tagging of AWS resources is critical for efficient resource management, cost allocation, and auditing. If you have numerous AWS Elastic Container Registry (ECR) repositories, manual tagging can be tedious and error-prone. This article provides a simple and effective solution: automating the tagging of ECR repositories using Python and the AWS SDK for Python (Boto3).

Why Automate Tagging?

Automating tagging saves time, ensures consistency, and prevents costly mistakes. Tags help track resources related to specific projects, environments, or cost centers.

Automating ECR Image Cleanup with Bash

Fri, 11 Apr 2025 12:40:42 +0300

Managing container images in Amazon ECR (Elastic Container Registry) is crucial for keeping your registry clean and cost-effective. Over time, unused or deprecated images can accumulate, potentially leading to increased storage costs and operational overhead. One common scenario is removing images that follow a specific tagging pattern, in this case, any image tagged with versions following the “9.x.x” format, where x represents one or more digits.

This article introduces a Bash script designed to automate the cleanup of ECR images. The script provides two main modes, dry-run and apply, allowing you to simulate or execute deletions based on your needs.

Update ECR Repositories with Bash Script

Tue, 08 Apr 2025 10:05:29 +0300

Below is an example Bash script that uses the AWS CLI to retrieve all your Amazon ECR repositories and then sets the image tag mutability of each repository to MUTABLE. Before running the script, ensure you have the AWS CLI installed and configured with appropriate permissions.

#!/bin/bash
# This script fetches all Amazon ECR repositories and sets their image tag mutability to MUTABLE.
Fetch all repository names from ECR.
repositories=$(aws ecr describe-repositories –query “repositories[].repositoryName” –output text)



Why Automated Tests Are Essential in Your CI/CD Pipeline and Development Flow
Sun, 06 Apr 2025 06:44:11 +0300
Let’s talk about a scenario we’ve all been in: you’ve just wrapped up a shiny new feature, you’re excited to merge it in, and, boom, something breaks in production that you didn’t catch in your local environment. That’s the kind of horror story we want to avoid. This is exactly where automated tests come into play, especially within your continuous integration and continuous delivery (CI/CD) pipeline.
In the screenshot above, you can see an example GitHub Actions workflow running Playwright tests. We’re spinning up an EC2 instance, running end-to-end (E2E) tests, and then shutting down the instance. This workflow is a classic example of how automation can streamline your development cycle and keep your application stable. Let’s dive into why these tests are so important and how they fit into a healthy development flow.


AWS Monthly (April '25): Cooling the AI Heat
Mon, 31 Mar 2025 19:59:00 +0300
In April, AWS gave us a peek behind the curtain of their data center engineering. To handle the thermal output of the latest AI clusters, they unveiled Direct-to-Chip Liquid Cooling.
This is more than just a hardware curiosity. From a performance standpoint, liquid cooling allows for 3x higher compute density per rack. It ensures that custom silicon like Trainium and Inferentia can maintain peak clock speeds for long-running training jobs without the thermal throttling that often plagues air-cooled environments.


AWS Monthly (Mar '25): The Proximity Power Play
Mon, 31 Mar 2025 19:51:00 +0300
March was about the physical foundation of the cloud. AWS announced a $100 billion global investment, and for us, that translated into over 20 new Local Zones going live.
Technically, this brings "Single-Digit Millisecond Latency" to almost every major tech hub. If you are building AR/VR backends, industrial IoT, or sub-millisecond telemetry systems, the "distance to silicon" just got shorter. We are seeing a move away from "Central Regions" toward a more distributed "Edge-First" architecture.


Streamline Your AWS ECR Management with This Powerful Bash Script
Thu, 27 Mar 2025 06:32:10 +0300
Managing container repositories in AWS ECR (Elastic Container Registry) can quickly become a daunting task, especially as your infrastructure grows. In this article, we’ll take an in-depth look at a handy bash script designed to automate the application of lifecycle policies to your ECR repositories. This script not only simplifies repository management but also ensures that only the most recent images are retained, helping you save on storage costs and keep your registry tidy.


AWS Monthly (Jan '25): Shattering the 6MB Ceiling
Fri, 31 Jan 2025 08:36:00 +0300
We kicked off 2025 by addressing one of the oldest "bottleneck" complaints in the serverless community. For years, the 6MB payload limit for synchronous Lambda calls forced us into complex workarounds involving S3 pre-signed URLs or asynchronous patterns for anything remotely data-heavy.
In January, AWS officially bumped Lambda response streaming capabilities to 200 MB. Technically, this is a massive shift in how we handle data egress. By implementing the response-stream content type, your functions can now push massive payloads, high-res media, giant JSON blobs, or real-time AI transcriptions directly to the client. This drastically reduces Time to First Byte (TTFB) because the client starts receiving data as it’s generated, rather than waiting for the entire 200MB buffer to close.


Setting up DKIM for Google Workspace (Gmail) using Terraform and AWS Route 53
Wed, 02 Oct 2024 05:54:17 +0300
DKIM (DomainKeys Identified Mail) is a critical email authentication technique that helps prevent email spoofing. By using DKIM, you digitally sign your email headers with a private key, and the recipient verifies this signature using your public key, which is stored in the DNS records of your domain. Google Workspace (formerly G Suite) leverages DKIM to ensure the emails sent from your domain are verified as coming from you and not a spammer pretending to be you.


Automate AWS Site-to-Site VPN Monitoring
Tue, 01 Oct 2024 06:49:31 +0300
In today’s fast-paced, interconnected world, secure and reliable communication between on-premises environments and cloud infrastructures is crucial. For many businesses, AWS Site-to-Site VPN serves as the bridge that connects their data centers to AWS, enabling private, encrypted communication channels. But what happens when your VPN tunnel goes down? Without proper visibility or a notification system in place, downtime can easily go unnoticed, ultimately leading to service disruptions and unhappy customers.


Optimizing Docker Images: Tips for Reducing Image Size and Build Time
Fri, 27 Sep 2024 08:39:25 +0300
Hey, fellow Docker enthusiast! If you're here, you probably love Docker as much as I do, spinning up containers, packaging applications, and getting everything to run smoothly, no matter the environment. But let's be real for a second: sometimes, Docker images can balloon in size, making builds slow and containers heavier than they need to be. Not exactly what you want, right?
Well, you’re in luck! Today, we’re going to dive deep into optimizing Docker images. By the end of this, you'll know how to shrink those bulky images and speed up your build times without sacrificing performance. Let’s get into it!


Monitoring EC2 Disk Space with a Simple Bash Script and Slack Alerts
Sun, 22 Sep 2024 15:25:41 +0300
Introduction
In the cloud infrastructure landscape, monitoring the health and resources of EC2 instances is essential. One common challenge for system administrators is ensuring that disk space doesn’t run out, which can lead to performance degradation or service outages. While AWS provides robust monitoring tools like CloudWatch, they can incur additional costs and complexity, especially for smaller or less complex setups.
In this article, we’ll explore a simple and cost-effective solution using a Bash script that runs as a cron job on your EC2 instances. This script will check the disk usage on the instance, and if it exceeds a defined threshold, it will send an alert to a Slack channel. This method requires minimal setup, no external monitoring tools, and keeps costs low.


Securing Docker Containers: Best Practices for Container Security
Fri, 20 Sep 2024 15:19:47 +0300
When we talk about containerization, Docker is often the first tool that comes to mind. It's revolutionized how we develop, ship, and deploy applications. But with great power comes great responsibility, right? As much as Docker can streamline processes, security should always be top of mind. A vulnerable container can put your whole system at risk.
So, how do you secure your Docker containers? Let’s break it down with some best practices!


Mastering Dockerfile: Writing Efficient, Scalable Container Builds
Wed, 11 Sep 2024 08:04:25 +0300
Docker has revolutionized the way we develop, package, and ship applications. At the heart of this container magic is the Dockerfile, the blueprint for building Docker images. If you want to master Docker, you need to know how to write efficient and scalable Dockerfiles. Let's dive deep into the best practices for crafting a Dockerfile that ensures optimized, lean, and maintainable container images.
1. Start with the Right Base Image
Your choice of base image sets the foundation for your container. The smaller the base, the lighter your resulting image will be. You have two main strategies here:


Migrating a Git Repository from GitLab to GitHub with GPG-Signed Commits
Mon, 02 Sep 2024 05:34:58 +0300
Here’s a comprehensive guide on Migrating a Git Repository from GitLab to GitHub with GPG-Signed Commits:

Migrating a Git Repository from GitLab to GitHub with GPG-Signed Commits
Introduction
In today's DevOps-driven world, version control systems like Git are the backbone of software development. GitLab and GitHub are two of the most popular platforms for managing Git repositories. Developers and teams may choose to migrate their repositories from GitLab to GitHub for various reasons, including taking advantage of GitHub's extensive integrations, community, and feature set.


Accessing AWS Services in Private Subnets Without 0.0.0.0/0
Sat, 24 Aug 2024 14:56:44 +0300
When working with AWS (Amazon Web Services), securing your infrastructure is paramount. One of the most common security practices is to restrict access to your private subnets by avoiding the use of 0.0.0.0/0, which represents all IP addresses globally. While this enhances security, it can also present challenges when your applications and services need to interact with various AWS services. This article will guide you on how to securely access AWS services from private subnets without exposing your resources to the public internet.


Understanding AWS Regions, Availability Zones, and VPCs: A Comprehensive Guide
Wed, 21 Aug 2024 19:17:28 +0300
Introduction
In today's cloud computing landscape, Amazon Web Services (AWS) has established itself as a leader, offering a wide range of services to organizations of all sizes. Among its core features are AWS Regions, Availability Zones (AZs), and Virtual Private Clouds (VPCs), which form the foundation of the AWS infrastructure. Understanding these concepts is crucial for anyone looking to architect scalable, reliable, and secure cloud solutions.
In this comprehensive guide, we'll delve into the intricacies of AWS Regions, Availability Zones, and VPCs. Whether you're a cloud engineer, DevOps professional, or just starting out with AWS, this post will equip you with the knowledge you need to make informed decisions when designing your cloud architecture.


AWS Network Load Balancers with Header Modification Techniques
Mon, 10 Jun 2024 23:25:29 +0300
AWS Network Load Balancers (NLBs) are a powerful tool for distributing incoming application traffic across multiple targets, such as Amazon EC2 instances, in a single or multiple Availability Zones. They provide high throughput, low latency, and are designed to handle millions of requests per second while maintaining ultra-low latencies. However, one limitation of NLBs is the inability to modify HTTP headers directly. This article explores various techniques to work around this limitation, providing full examples to help you implement these solutions in your own AWS environment.


How to call multiple terraform modules in a single terragrunt file
Tue, 07 May 2024 20:15:35 +0300
in Terragrunt, you can call multiple Terraform modules from a single Terragrunt configuration file by using the terraform block in combination with child configurations. This is typically done by organizing your Terragrunt configuration into a hierarchy where each module is referenced in its own Terragrunt file, but managed centrally using a parent Terragrunt file.
Here's a basic outline of how you can structure this:
Create a Parent Terragrunt File: This file won't directly deploy any resources but will be used to configure common settings and orchestrate module deployment.
Create Child Terragrunt Files for Each Module: Each module will have its own Terragrunt configuration file that specifies the source of the Terraform module and any necessary inputs.

Example Structure
Here’s an example directory structure:


Leveraging Git Hooks for Enforcing Commit Message Standards: A Guide for Cross-Platform Development Teams
Wed, 03 Apr 2024 14:33:40 +0300
In the world of software development, maintaining a clean and navigable commit history is not just a matter of neatness but a cornerstone of efficient teamwork and project management. Commit messages serve as a logbook or diary, providing insights into the why and what of each change. This importance grows in multi-developer projects where tracking changes and understanding their purpose can become complex.
This guide introduces Git hooks as a solution to enforce commit message standards, such as SemVer and Conventional Commits, across various operating systems. We'll explore how to implement these checks on Mac, Linux, and Windows, ensuring that your team's contributions are consistent, regardless of the development environment.


Simplifying SSL with Let's Encrypt and CLI.ini: A DevOps Guide
Mon, 25 Mar 2024 12:29:07 +0300
In the vast expanse of the internet, security is not just a luxury; it's a necessity. For web developers and system administrators, ensuring that web traffic is encrypted is a foundational aspect of protecting users' data. Enter Let's Encrypt, a free, automated, and open Certificate Authority (CA) that has revolutionized the way we secure websites. This guide aims to unravel the complexities of using Let's Encrypt, focusing on the power of the cli.ini configuration file, and providing a comprehensive introduction to securing your web servers with HTTPS.


TCP vs. UDP: Navigating the Protocols as Developers and DevOps
Tue, 05 Mar 2024 19:06:53 +0300
Today, we embark on a fascinating exploration of two cornerstone protocols of the internet: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). Understanding the nuances of TCP and UDP is crucial for developers and DevOps professionals alike, as it influences everything from application design to network troubleshooting. So, let's delve deep into the realms of TCP and UDP, shedding light on their differences, use cases, and what you need to know to harness their full potential.


AWS VPC IP Versions: IPv4 vs. IPv6
Sat, 03 Feb 2024 18:59:00 +0300
Hello, Cloud Pioneers! Today, we're embarking on an enlightening journey through the realms of AWS VPC, focusing on the intriguing comparison between IPv4 and IPv6. Whether you're orchestrating a sophisticated cloud architecture or keen on understanding the nuanced dance of internet protocols, you've come to the right place. So, buckle up as we unravel the mysteries of IPv4 and IPv6 within AWS VPC, serving you a platter of insights, examples, and detailed explanations.


AWS S3 CORS Settings: A Deep Dive
Fri, 05 Jan 2024 18:56:43 +0300
Hello, Cloud Enthusiasts! Today, we're diving into the world of AWS S3 CORS settings, a topic that, while it might seem daunting at first, is incredibly rewarding to understand. Whether you're a seasoned AWS veteran or just starting, mastering CORS settings in S3 can greatly enhance your web applications' functionality and security.
What is CORS?
Cross-Origin Resource Sharing (CORS) is a security feature that allows you to specify in what ways resources in your bucket can be accessed from a domain different from the one your application is hosted on. In the context of Amazon S3, it controls how files in your bucket are shared with other websites.


Importance of Regions and Availability Zones on AWS
Fri, 15 Dec 2023 19:12:11 +0300
Today, we're diving into a pivotal aspect of architecting robust, resilient, and efficient applications on Amazon Web Services (AWS): understanding and leveraging AWS Regions and Availability Zones (AZs). This post not only aims to elucidate these key concepts but also to guide you through best practices and practical examples using Terraform, a popular infrastructure-as-code tool. Whether you're a developer, a DevOps engineer, or a cloud architect, mastering these facets of AWS can significantly amplify your applications' performance and reliability.


The Power of Bash For Loops: Streamlining Your Scripting Tasks
Sat, 02 Dec 2023 17:30:03 +0300
In the world of scripting and automation, Bash stands out as a versatile and widely-used shell in Unix and Linux systems. Among its many features, the for loop is a fundamental construct that empowers users to automate repetitive tasks efficiently. In this blog post, we’ll delve into the intricacies of Bash for loops, exploring their syntax, usage, and practical applications. Whether you're a seasoned developer or a beginner, understanding for loops in Bash is a skill that will significantly enhance your scripting capabilities.


AWS VPC Design: Integrating Subnets, AZs, and Dual-Stack IP
Wed, 01 Nov 2023 19:31:04 +0300
Welcome, Cloud Architects and Network Savvy Professionals! Today, we embark on an insightful exploration of designing a Virtual Private Cloud (VPC) in AWS, meticulously weaving together subnets, availability zones (AZs), and the dual-stack configuration for IPv4 and IPv6. As organizations strive for robust, scalable, and future-proof network architectures, understanding these components' interplay is paramount. So, let's dive in and unravel the intricacies of AWS VPC design, ensuring you're equipped with the knowledge to architect your network with confidence and foresight.


7 Reasons to Consider Getting a Smartwatch
Tue, 31 Oct 2023 19:16:43 +0300
You have probably noticed a fair few people walking around with smartwatches. The trend might be causing you to scratch your head, trying to figure out what the fuss is all about.
There are multiple brands that are decently known for manufacturing smartwatches, though Apple (unsurprisingly) is probably at the top.
Whether it is curiosity or peer pressure, you might be thinking about getting a smartwatch for yourself as well. And if that is the case, there are quite a few reasons to justify your decision. Smartwatches offer more than meets the eye, and we will cover exactly that in this article.


How to Enable SSH on Ubuntu: A Step-by-Step Guide
Thu, 19 Oct 2023 18:15:00 +0300
Introduction
Secure Shell (SSH) is an essential tool for system administrators, developers, and IT professionals. It provides a secure way to access a remote server, making it an invaluable resource for managing systems remotely. For users of Ubuntu, one of the most popular Linux distributions, setting up SSH can greatly enhance the system's usability and security. This blog post will guide you through the process of enabling SSH on Ubuntu, ensuring a seamless and secure remote access experience.


Vim: Mastering the Essentials for Efficient Editing
Mon, 25 Sep 2023 17:53:44 +0300
Introduction
In the world of text editing, Vim stands out as a powerful, keyboard-centric editor that prioritizes efficiency and speed. Originating from the Unix environment, Vim (Vi Improved) is known for its versatility and the high level of productivity it offers once you get past its steep learning curve. In this article, we'll delve into the core Vim commands like copy, undo, redo, jumping between words, and more, which are essential for anyone looking to enhance their text editing skills. Designed for SEO optimization and readability, this guide aims to simplify Vim for beginners and intermediate users alike.


Understanding CAA DNS Records: What, Why, and How?
Mon, 25 Sep 2023 13:27:12 +0300
The digital world thrives on security and trust. One of the foundational aspects of this trust is the SSL/TLS certificate, the backbone of HTTPS. As the internet matures, so does the need for improving the certificate issuance process. Enter the CAA (Certificate Authority Authorization) DNS record.
What is a CAA DNS Record?
CAA, or Certificate Authority Authorization, is a type of DNS record that allows domain owners to specify which Certificate Authorities (CAs) are allowed to issue certificates for their domain. In essence, it gives domain owners a say in who can and cannot issue certificates for their domains.


Mastering AWS VPC: An Introduction to Virtual Private Cloud Routing
Sun, 13 Aug 2023 12:03:24 +0300
The world of cloud computing has never been more accessible or diverse. As organizations migrate to the cloud, AWS (Amazon Web Services) stands out as a go-to solution, especially its VPC (Virtual Private Cloud) service. In this introduction, we delve deep into AWS VPC routing, demystifying its core concepts and how they contribute to an optimized, secure cloud environment.
What is AWS VPC?
At its core, AWS VPC is a customizable, isolated section of the Amazon Web Services cloud where users can launch AWS resources within a virtual network. Think of it as your private chunk of the AWS cloud, where you control IP address ranges, subnets, route tables, and network gateways.


Understanding the New AWS Public IPv4 Address Charge and Public IP Insights
Sun, 30 Jul 2023 18:57:40 +0300
Hello everyone,
I wanted to share some important updates from Amazon Web Services (AWS) that could impact how you use their services. AWS has announced a new charge for public IPv4 addresses, effective from February 1, 2024. This change will see a charge of $0.005 per IP per hour for all public IPv4 addresses, whether they are attached to a service or not.
Why the New Charge?
IPv4 addresses are becoming an increasingly scarce resource. Over the past five years, the cost to acquire a single public IPv4 address has risen by more than 300%. This new charge reflects AWS's own costs and is intended to encourage users to be more frugal with their use of public IPv4 addresses. It's also a nudge towards accelerating the adoption of IPv6 as a modernization and conservation measure.


Docker Multi-Stage Builds: An In-depth Guide
Sat, 29 Jul 2023 09:09:39 +0300
Introduction
Docker has revolutionized the way we develop, package, and deploy applications. It provides a consistent environment for applications to run, from development to production, reducing the "it works on my machine" problem. One of the most powerful features Docker has introduced is multi-stage builds. This feature helps us create lean, efficient containers without the usual hassle. In this blog post, we will delve into Docker multi-stage builds, their benefits, and best practices. We will also provide an example Dockerfile to illustrate the concept.


Mastering Docker Run Command: A Comprehensive Guide
Sat, 29 Jul 2023 09:02:20 +0300
The use of Docker in contemporary software development is widespread, and for good reason. Docker helps developers build lightweight and portable software containers that simplify application deployment. One of the most powerful commands in Docker's command-line interface (CLI) is the docker run command. However, its vast number of options can make it a bit daunting for beginners.
In this blog post, we will demystify the docker run command and explain how to leverage its capabilities to run Docker containers effectively. Let's get started!


MySQL 8: Understanding and Fixing Error 1819
Fri, 14 Jul 2023 15:25:56 +0300
As a beginner in MySQL, you might encounter an error message that reads "ERROR 1819 (HY000): Your password does not satisfy the current policy requirements." This error is not a bug, but a built-in security feature of MySQL that ensures users set strong passwords. This tutorial will guide you through understanding this error and how to fix it.
What Triggers the Error?
When setting up a password for the MySQL root user, you may be prompted to enable the VALIDATE PASSWORD component. If enabled, this component checks the strength of the password you provide. If your password is considered weak, you'll encounter the error 1819.


Ctrl+C and Ctrl+V party with GitHub Clone Helper!
Sat, 24 Jun 2023 23:53:09 +0300
Hello, fellow keyboard warriors and terminal whisperers! 🤓
Ever find yourself lost in the infinite sea of repositories on GitHub, and you’ve to clone a bunch of them? Now, we all know how it goes: copy the clone URL, open your terminal, type ‘git clone’, paste the URL, and hit Enter. Sounds easy, right? But what about the 50th time? The 100th? The 1000th?! Man, even the thought of it makes my fingers cramp! 😵‍💫


Unveiling the Mystery: Decoding IP Address Retrieval in Linux
Thu, 11 May 2023 12:10:57 +0300
Understanding how to retrieve an IP address in Linux can be a bit tricky, especially for beginners. The good news? It's not as complicated as it seems! We're here to simplify it for you. Let's dive in.
Getting Started
In a nutshell, an IP address is a unique identifier for your machine on a network. It's like your computer's postal address. In Linux, there are several ways to find this address, and two popular commands for doing this are ifconfig and ip.


The AWS Well-Architected Framework: A Key to Cloud Success
Wed, 26 Apr 2023 00:42:29 +0300
Why It's Important, Why You Need It, and Its Key Role in Your Cloud Journey
The cloud has revolutionized the way businesses operate, and Amazon Web Services (AWS) has consistently led the charge in cloud computing. To help businesses build and maintain reliable, efficient, and secure applications in the cloud, AWS has introduced the Well-Architected Framework. In this blog post, we'll explore the importance of this framework, why you need to use it, and the key role it plays in your cloud journey.


Telnet Movies - A Nostalgic Look at the Dawn of Internet Movie Streaming
Mon, 24 Apr 2023 22:07:02 +0300
Long before Netflix, Hulu, and Amazon Prime Video transformed the way we consume content, there was a fascinating, lesser-known method for watching movies online: Telnet movies. These text-based movies, transmitted over the Telnet protocol, were a stepping stone in the evolution of internet streaming. In this blog post, we will delve into the history of Telnet movies, their inventor, motivation behind the concept, and the first forum post or email related to them.


Secure Your Media Files by Removing Metadata with AWS Lambda
Thu, 20 Apr 2023 15:36:52 +0300
In today's digital world, images and videos often contain metadata that reveals a surprising amount of information about the media file. This metadata, such as EXIF data in images, can include sensitive details like location, device information, and more. To protect user privacy and enhance security, businesses in various industries can benefit from removing this metadata from media files. In this blog post, we'll walk you through a simple AWS Lambda script that automatically removes metadata from uploaded images and videos in S3 buckets.


CORS in Nginx: Configuration Guide for Enhanced Security
Wed, 19 Apr 2023 21:21:10 +0300
Cross-Origin Resource Sharing (CORS) is a crucial mechanism for enabling secure communication between web servers and browsers. By providing a way for web applications to request resources from different domains, CORS helps overcome the limitations of the Same-Origin Policy (SOP), which restricts web applications from accessing data on a different domain than the one serving the application.
In this blog post, we'll explore the importance of CORS, how it works, and how to configure it in Nginx for different scenarios. We'll also delve into key CORS concepts, such as allow-origin, allow-methods, allow-headers, and expose-headers.


List your S3 bucket objects easily with S3 Directory Listing
Tue, 18 Apr 2023 15:35:21 +0300
Are you tired of the boring, plain S3 bucket directory listing? Do you wish there was a way to make it more user-friendly and appealing? Well, look no further! Introducing S3-Directory-Listing, a simple and easy-to-use JS script and HTML combo that will turn your S3 bucket directory listing into a fancy, modern-looking file and folder listing with a nice UI and search functionality.
First things first, let's talk about usage. To use S3-Directory-Listing, all you need to do is clone the repository or copy the contents of dark-mode.css, s3.js and index.html to your S3 bucket. Then, update the bucketName variable in app.js with your bucket's name, and configure your S3 bucket settings. Access the index.html file in your browser, and voilà! You now have a fancy S3 directory listing. It's that simple!


Keeping Composer Packages Up-to-Date with Composer Guardian: Why It's Essential
Sat, 15 Apr 2023 19:09:12 +0300
As a PHP developer, chances are you're already familiar with Composer, the dependency manager for PHP. It's an essential tool for managing packages, streamlining updates, and ensuring that your projects run smoothly. One crucial aspect of using Composer is keeping your packages up-to-date. In this blog post, we will discuss the importance of keeping your Composer packages current and how Composer Guardian, an open-source script, can help you achieve that.
Why Keep Composer Packages Up-to-Date?


What is Carrier Gateway on AWS?
Fri, 24 Feb 2023 20:19:15 +0300
Amazon Web Services (AWS) offers many services to provide a seamless and secure cloud computing experience to its users. One of these services is Carrier Gateway, which is designed to provide a simplified and centralized solution for connecting customer networks to AWS.
In this article, we will discuss the concept of Carrier Gateway on AWS and its benefits in detail.
What is Carrier Gateway on AWS?
Carrier Gateway is a service that enables AWS customers to establish a direct and private connection between their on-premises data center or network and their Virtual Private Cloud (VPC) on AWS. It allows users to extend their network topology to AWS, thus providing a secure and high-bandwidth connection between their on-premises infrastructure and AWS.


Creating SSH Keys for Secure Access to AWS EC2 Instances with Terraform
Wed, 15 Feb 2023 09:11:24 +0300
When working with cloud infrastructure, security is of utmost importance. One critical aspect of security is controlling access to cloud resources, and this is particularly important when working with AWS EC2 instances. SSH keys are one way to secure access to EC2 instances, and with Terraform, it is straightforward to create and manage these keys.
SSH keys are used for secure access to an EC2 instance, and they consist of two parts - a public key and a private key. The public key is uploaded to the EC2 instance, and the private key is used to authenticate with the instance. The private key should be kept secure and not shared with anyone else.


What is an Egress only internet gateways in AWS?
Tue, 31 Jan 2023 06:48:25 +0300
Amazon Web Services (AWS) is one of the leading cloud computing platforms, providing a variety of infrastructure services to businesses of all sizes. One of the essential components of AWS is Virtual Private Cloud (VPC), which allows users to isolate their resources in a logically isolated virtual network. Within a VPC, an Egress-Only Internet Gateway is an essential component that enables outbound traffic from the VPC to the Internet.
An Egress-Only Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that provides a secure way for outbound-only Internet traffic from instances in a VPC to flow to the Internet. It operates as a stateful gateway, which means that it keeps track of the network connections initiated from instances in the VPC, and it automatically allows the corresponding return traffic to flow back into the VPC.


What is an Internet Gateway in AWS?
Wed, 11 Jan 2023 14:50:24 +0300
Amazon Web Services (AWS) Internet Gateway is a horizontally scalable, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It, therefore, acts as a bridge between your VPC and the Internet.
An Internet Gateway is not automatically created when you create a VPC. Instead, you must create and attach an Internet Gateway to your VPC before your instances in the VPC can communicate with the Internet. Once an Internet Gateway is attached to a VPC, you can then route Internet traffic to your instances.


What are Route Tables on AWS VPC?
Tue, 03 Jan 2023 09:03:38 +0300
Route tables in Amazon Web Services (AWS) are used to determine how traffic is directed within a Virtual Private Cloud (VPC). They contain a set of rules, known as routes, that specify which network traffic is directed to which network interface.
Each subnet in a VPC must be associated with a route table, which controls the traffic for that subnet. A subnet can only be associated with one route table at a time, but a route table can be associated with multiple subnets. This allows you to have different routing rules for different subnets within a VPC.


What is Subnet on AWS VPC?
Sat, 10 Dec 2022 09:05:25 +0300
Amazon Web Services (AWS) Virtual Private Cloud (VPC) is a cloud computing service that allows users to create and manage their own virtual network in the cloud. This allows users to have complete control over their network and resources, including the ability to customize subnetting for their VPC.
Subnets in AWS VPC are used to divide a VPC into multiple logical networks. This allows users to isolate resources and control access to those resources. Subnets can be either public or private, with public subnets having access to the internet and private subnets not having access to the internet.


What is AWS VPC?
Wed, 07 Dec 2022 05:56:09 +0300
What is AWS VPC?
Amazon Web Services (AWS) Virtual Private Cloud (VPC) is a service that allows users to create and manage their own virtual private network (VPN) in the AWS cloud. This allows users to have complete control over their own network environment, including the ability to select their own IP address range, create subnets, and configure route tables and network gateways.
One of the main benefits of using VPC is the ability to securely connect to the internet and to other AWS services. With VPC, users can create a public-facing subnet for their web servers, and a private-facing subnet for their databases. This allows for better security and isolation of sensitive data.


Prevent nginx from caching DNS for proxy
Mon, 22 Aug 2022 12:17:44 +0300
Hello everyone,

If you are using nginx as a proxy and/or reverse proxy, the nginx is caching the DNS information and if you are using AWS Application Load Balancer behind the nginx, and nginx sometimes needs to restart and/or DNS flushing to send a request to the AWS Application Load Balancer because AWS is always giving a CNAME and changing the Load Balancer IP address frequently. 
There is no option to flush DNS on nginx, the only option is to restart the nginx and you can't solve the problems with restart always : ) You can use the nginx config below to fix this DNS Caching problem.


Scaling PHP Applications on AWS
Wed, 10 Aug 2022 05:18:09 +0300
You can understand the running highly available, performant, and secure PHP applications on AWS.
Amazon Route 53 routes end-user requests resolving Domain Name Service (DNS).
Amazon CloudFront caches content and accelerates delivery, leveraging global points of presence. CloudFront also handles SSL ending, integrating with Amazon Certificate Manager, which automatically creates and renews SSL certificates at no cost.
AWS Web Application Firewall integration with CloudFront and Application Load Balancer mitigates OWASP's top 10 application vulnerabilities.
The Application Load Balancer routes HTTP/S requests to EC2 instances running on private subnets.
An Amazon Linux 2 AMI contains the PHP and other needed binaries, such as the AWS SDK for PHP.
The Amazon CloudWatch Agent installed on the Amazon Linux 2 AMI streams application logs, additional host-level metrics, and custom business metrics.
Amazon EC2 Auto Scaling manages the instance launch based on metrics such as CPU and memory. It uses Amazon Graviton instances for cost optimization.
Using Systems Manager Session Manager, connect to EC2
instances with web-based sessions on the AWS Console. There is no need for key pairs of SSH ports to be open.
Database credentials are securely stored on AWS Secrets Manager. Using the AWS SDK for PHP, the application code retrieves the credentials stored on Secrets Manager though
an IAM Role.
Application code is safely stored on AWS CodeCommit using the familiar Git command line interface (CLI).
AWS CodePipeline implements continuous integration and continuous deployment (CI/CD), orchestrating code deployment using an AWS CodeDeploy hook that triggers
when new EC2 instances are launched.
Amazon ElastiCache for Redis caches session data.
Amazon Aurora Multi-AZ enables high availability. The application connects via DNS endpoint that handles failover automatically in case of failure. The Aurora reader endpoint handles read operations, offloading the Aurora writer instance load.
Amazon Elastic File System (Amazon EFS) stores and
shares web content with the Auto Scaling group.


Create an S3 Bucket and Set a Policy via CLI
Sun, 17 Jul 2022 12:09:37 +0300
I really like to use CLI commands and it's my daily routine. Today, I'll tell to you "How do you create an S3 Bucket on AWS" and "Put an S3 Bucket Policy" via CLI. Let's start...
The first thing, you should set your AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY. It means you should run aws configure the command before. If you do this, you can continue.
Check the S3 Buckets First
First of all, we need to make sure which buckets we have. When I run the aws s3 ls command, it will return the existing buckets.


Issue a Let's Encrypt SSL with the AWS Route53
Sat, 16 Jul 2022 04:47:34 +0300
Hello,

In this article, I want to tell you how you can issue a Let's Encrypt SSL with the AWS Route53 service. Let's start to learn.
What is Let's Encrypt?
Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security encryption at no charge. It means, you can get a FREE SSL certificate for your project/app and it the SSL certificate will be valid for 90 days. You need to make some automation to renew automatically.


Automate Let's Encrypt SSL on AWS Application Load Balancer
Sat, 02 Jul 2022 18:09:07 +0300
Most of the time, we don't need anything except AWS Certificate Manager (ACM) but in some cases, if you are hosting your customer's domain with ALB and you don't have a chance to get an SSL certificate from your customer, you should do some workaround. In this article, we will issue a Let's Encrypt SSL on AWS Application Load Balancer and automatize it!
When you request an SSL certificate from Let's Encrypt, the LE has some verification methods such as web-challenge, route53, etc. In this scenario, I decided to use web-challenge because domains' DNS management is not on me. I just host the application and need to issue an SSL.


Deploy a website to S3 and CloudFront with Bitbucket Pipelines
Thu, 23 Jun 2022 11:44:00 +0300
Bitbucket is an Atlassian product and Git-based code store and CI/CD optimized tools for collaboration teams using with Jira. When you change your code and keep a revisions and history in Bitbucket, you also need to some automation for deployment. 

CI/CD is for every automation and it means Continuous Integration and Continues Delivery. In this article, we will use CI and CD in the same time.

I'm skipping "How to use Bitbucket?" and I'll introduce to you about Bitbucket pipelines for continues deployment to the AWS S3 which is using CloudFront for the distribution to all over the world. 


Protect your AWS Account with specified IPs
Thu, 16 Jun 2022 13:18:15 +0300
Security is always important and the first thing before doing something in the cloud. I'm using the IP restriction policy for more than 5 years and I want to share this trick with you. There are two different ways to do it.

You should get a Static IP from your ISP and/or also you can also want to use your VPN IP address.
What is the IP Policy benefit?
The answer is simple. Nobody can access your resources in the cloud if they are not using the specified IPs.


Differences between AWS CLI v1 and v2
Thu, 09 Jun 2022 23:35:00 +0300
Sometimes, aws-cli doesn't run your cli commands if you are using v1. If your aws cli is v1, I should recommend updating. In this article, you'll learn in which conditions you should use an AWS CLI v2.

AWS CLI v1 is written in Python language and for v1, you should install Python first but if you are using v2, it comes embedded and a Python interpreter is not needed
Auto Prompt feature is amazing! The AWS CLI v2 can prompt you for commands, parameters, and resources when you run an aws command.


SSL CA Problem on CentOS7 Docker and Solution
Tue, 08 Mar 2022 08:19:26 +0300
When I'm playing with CentOS7 docker image on MacBookPro M1, it looks like it doesn't connect to the servers which require HTTPS connection. 

For example, when I run yum -y update the command it returns curl: (77) Problem with the SSL CA cert (path? access rights?). Hmm, it looks like an OS Bug because my ca-certificates are okay.

I tried to send a GET command via curl and it looks like doesn't work.


What do I have?
Tue, 20 Jul 2021 15:02:36 +0300
First of all, hello from sunny Izmir. Today is Tuesday but I feel like off-day. I know, I need to write technical articles for the community that is working with passionate people. It's on the way, I promise... The title is "Cloud: Using NAT on Private Subnets". The article is comparing serverless NAT service and self-managed ec2 NAT service. Anyway, let's start...

For Work: Apple MacBookPro M1 with 16GiG memory and a 256GB SSD. OS: Always latest. For now macOS Big Sur Version 11.4


For Personal: Dell XPS 13 with 4K Touch Screen resolution. It has 8 GiG memory and a 256 GB NVMe disk on it. OS Info: Manjaro Linux with KDE up-to-date.



For Other Purposes: Intel® NUC Kit NUC8i7HVK. It's really amazing hardware on it. You can see details on the product page. It has 32 GiG memory with 2 x 512 GB RAID 0 NVMe disk. Windows 10 Enterprise and I are really fell in love with it.


Since 2017, I'm using Samsung UE28E590, 4K 4ms monitor. It's not a pivot and I used Dell P2719H 27" 5ms FHD as a pivot for my SSH sessions but that monitor owner is my previous company and I give back when I decided to leave.


My company gives me an Apple Magic Mouse 2 and Apple Wireless Keyboard and now I'm using them and I'm okay with that.



My Internet provider is turk.net and turk.net is a really amazing provider with cost-effective plans. I'm using VDSL2 internet technology at home (WFH) and I'm getting 100mbps download and 8mbps upload speed. I can configure this monster to connect via IPSec VPN to AWS Cloud and/or Google Cloud Platform. I'm also testing some services and using them if I need. Device is Juniper SRX-110HA v2. Oldies but goldies...
I'm using Xiaomi 4A Router with 5GHz mode. Just my TV directly cable connected to my local network. Other mobile devices connecting via Wi-Fi.
I'm using Samsung UE50RU7400UXTK (2019). It's 50" and it's fair enough for me. Mostly I'm watching YouTube and listening on Spotify. The platform is Tizen and OS is also running on the latest version. The AirPlay2 feature is really a life saver for me. I'm connecting on MBP with few clicks.
Now I'm planning to use pivot monitor again for my CLIOps and SSH sessions.
It's Dell P2418D with 2K resolution.
Next week, I'm ordering these amazing kit and I'm switching Apple Magic Mouse 2 and Apple Keyboard set. 




I'm officially AWS Community Builder!
Sat, 15 May 2021 09:20:41 +0300
Every day I'm using AWS because I'm really open to educating myself and AWS helps me in this way. I'm automating the routine tasks for departments like client team, back-end team, sometimes data team, etc., and most of the time, needs are specific for that organization. So, you should build on your own and/or with your team and improve your product and/or tool knowledge when you are on the way. 


Deploy HA nginx to AWS ECS with Geolocation Routing via Terraform
Wed, 12 May 2021 12:56:20 +0300
Today, I want to refactor the Deploy nginx docker to AWS ECS with Terraform Automation project from a single region to multi-region support. This time, I pushed all of Terraform source code to my GitLab account. 

Now, the updated project is creating all infrastructure in Ireland and N.Virginia region.
Now, we have a geo-location-based route policy which is provided via Route53.
What geo-location-based route policy means?
In this project, When you get a request from the North America continent, the visitors' request will be handle by North Virginia's infrastructure.

If you get a request from Europe continent, this time the request will be handle by Ireland's infrastructure.

The default region is also set and handle by Ireland's infrastructure.


Deploy nginx docker to AWS ECS with Terraform Automation
Tue, 11 May 2021 07:40:23 +0300
Last night, I want to play with AWS ECS Service. I wrote a terraform code to deploy everything at the same time. The terraform is creating all of the resources for run ECS in different VPC and isolated from your other resources.

I used nginx:alpine docker image for this project but if you need, you can modify or change the terraform and implement it for your needs.
What is AWS ECS?
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service. Customers use ECS to run their most sensitive and mission-critical applications because of its security, reliability, and scalability.


How to Install Node Exporter on Linux Server
Mon, 10 May 2021 09:18:09 +0300
Node Exporter is a Prometheus exporter for server level and OS level metrics with configurable metric collectors. It helps us in measuring various server resources such as RAM, disk space, and CPU utilization. Node exporter is a good solution to collect all the Linux server-related metrics and statistics for monitoring.
Before Start
Prometheus Server
After node exporter installation, you should send your metrics to the Prometheus server.
Sudo Privileges
You should access your server via SSH with root or your ssh login user should have root privileges with sudo.
Node Exporter Installation Steps


FortiClient Problem on M1 MacBookPro Problem Solution
Wed, 05 May 2021 06:36:38 +0300
I need to connect VPN via FortiClient to do my work and access some resources securely. When I started to work for my company in March 2021, they gave me an M1 MacBookPro. M1 MacBookPro is different than the others because it comes with a new CPU architecture. Previously, Apple was using an Intel-based CPU but now, they decided to run macOS with an ARM-based CPU and Apple called M1 for now.

A lot of software not compatible with ARM. Sometimes I'm having some issues like "This component is not compatible with your CPU".

When I connected to VPN via FortiClient v6.4.3.1325, it looks like connected but my internet speed is getting too slow. Normally, I have 100MB/sec internet speed. I asked my colleagues about "are you having any issues with VPN and/or VPN speed?" and that they said "NO!" They are using a little bit older MacBookPro than mine with an Intel-based CPU and I thought it's a normal situation because Intel-based versions are okay and stable.


Connect your AWS to GCP with Terraform via IPSec Site-to-Site VPN
Tue, 04 May 2021 20:49:25 +0300
Today, I wrote another IaaC (infrastructure as a code) for my needs. You can create a secure VPN connection (IPsec) between Amazon Web Services (AWS) and Google Cloud Platform (GCP).
What can this do?
Creating a Customer Gateway on AWS. Creating a Virtual Private Gateway on AWS. Creating a Site-to-Site VPN Connection on AWS. Creating a Security Group for VPN connection access on AWS. Creating an External IP address for VPN connection on GCP. Creating a Managing the firewall rule for VPN connection on GCP. Creating a Route rule on GCP.


Google Cloud Platform Automation with Terraform Easily
Fri, 30 Apr 2021 08:51:51 +0300
Once upon a time, when I was learning Google Cloud Platform, I just want to automate my workflow and deployments with terraform and, I wrote this IaaC (Infrastructure as a Code) to manage my infrastructure easily and fastly.
What can this do?
Creating a secure load balancer with SSL and turns the HTTP requests to HTTPS with 301 redirection code.
Creating an Instance Template and set everything about network, subnet, startup script.
Creating an Instance Group and manage them. If your instance group CPU is more or less than a value, the instance group manager will automatically scale up or scale down the VMs.
VM instances are running with private IP and, project-wide SSH access is not allowed on default. Managing the firewall rule for load balancer health check.


How to secure your Amazon Web Services account
Sat, 24 Apr 2021 14:27:03 +0300
Security first because security is so important! When you create an Amazon Web Services account, that account called a root. Root level account has got full access to all resources running in the cloud environment and I totally recommended don't use your root account to manage the resources.
What should you do to keep your AWS Account secure?
 Set Multi Factor Authentication for root account Maybe you heard 2 Step Authentication or 2 Factor Authentication previously. In the Amazon ecosystem, we called this extra security layer an MFA. The root user for this account does not have Multi-factor authentication (MFA) enabled. Enable MFA to improve security for this account.


Install UGREEN USB Ethernet Adapter on macOS
Sun, 18 Apr 2021 14:39:34 +0300
In 2019, I need to connect my Dell XPS13 to my Juniper SRX-110 via ethernet cable but on my Dell, it doesn't have any ethernet port on it. I decided to buy UGREEN USB Ethernet Adapter from Amazon.

The ethernet adapter is driver-free and it works on Windows and Linux perfectly. Today, I need to connect my Apple MacBookPro Silicon to the internet via the same USB adapter but macOS doesn't like this. I know, MacOS needs a driver and some kernel limitations for some additional hardware. 

Kext files are essential drivers for macOS "Kext" stands for Kernel Extension; kext files "extend" Mac OS X's kernel, the core part of the operating system, by providing additional code to be loaded when your computer boots.

I need to disable System Integrity settings without kext. I booted my Mac on recovery mode and I jumped to Terminal and run the command below.


Redirect 301 HTTPS on App Engine with nginx on Google Cloud Platform
Thu, 15 Apr 2021 07:06:42 +0300
I started to play with App Engine on Google Cloud Platform these days. I'm using a flexible environment with a custom runtime to run PHP in Docker. App Engine serving the content via HTTP and HTTPS as well. I checked the disable HTTP or redirect the HTTP traffic easily to HTTPS via Web UI but unfortunately, it's not possible right now. Yes, you heard right, the basic feature is not supporting!

I check the document for (https://cloud.google.com/appengine/docs/standard/php7/application-security) I tried to set a 301 redirect via app.yaml file. Here is what I tried:


Set two different Target Groups on AWS Load Balancer with Terraform
Mon, 05 Apr 2021 11:18:19 +0300
Last week, I wrote an infrastructure as a code via Terraform. In my case, I need to forward the traffic from AWS Application Load Balancer public interface to two different target groups. The hashicorp language (HCL) not a hard language but the document is missing a lot of subjects and also there are some points in terraform are undocumented.

I've Google it before the make sure but I've seen there is a lot of questions and issues about the "Use more than one target group on AWS with terraform" subject.

I read the suggested solutions but they do not help me. After that, I decided to use "aws_lb_listener" as a resource. Finally, I found a solution to my case for my own. You can see details below:



Extend your ec2 Linux disk without reboot on Amazon Web Services
Mon, 08 Feb 2021 15:08:26 +0300
For some reason, you have to extend your ec2 Linux server with our reboot and securely. In this port, you will learn how you can extend your ec2 Linux disk on aws.

In this example, you will see extend the disk size from 80GiB to 120GiB.
Step 1: Modify Volume

Login to your AWS Console and find your ec2's volume (disk). Here is the tip; in the left pane, there is an Elastic Block Store > Volumes. Right-click to your volume and then select the "Modify Volume" option. It looks like the below image. Choose your right size and click the Modify button.


Create a New Grant User on AWS RDS (MariaDB)
Sat, 30 Jan 2021 23:01:56 +0300
Today, I've played with AWS RDS with MariaDB. In the normally, AWS is created just one user for access AWS RDS. Here is the steps for create a new grant user on AWS RDS with MariaDB.
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'YOUR-MYSQL-USERNAME'@'CLIENT-IP-OR-DNS-NAME' IDENTIFIED BY 'CLEAR-TEST-PASSWORD' WITH GRANT OPTION;
Query OK, 0 rows affected (0.009 sec)



Amazon S3 CORS Settings with CloudFront on Amazon Web Services
Tue, 29 Sep 2020 08:27:16 +0300
If you are serving static content directly Amazon S3 via CloudFront (CDN) you should probably get an error about fonts, images or other static contents to deliver for your users. Actually, it’s not complicated. You can fix this issue on your Amazon S3 Bucket CORS settings.
What is Amazon S3 CORS?
Cross Origin Resource Sharing (aka CORS). The CORS specification gives you the ability to build web applications that make requests to domains other than the one which supplied the primary content.


Take your GitLab backup everyday if it works in Docker
Wed, 16 Sep 2020 15:27:44 +0300
I'm using GitLab in docker (because I love containerization) and I'm really okay with that because I can move the GitLab environment everywhere if I need and I can feel more elastic when I'm using docker.

GitLab backups are really so important because you are keeping all of the source code and maybe wiki maybe more than all of the source code and backup is the first thing if you have a service running at a critical level.



Find large files in CentOS, ubuntu and MacOS easily
Sat, 18 Jul 2020 13:08:30 +0300
Sometimes, maybe everybody needs to check large files in the system. There some useful commands which I'm using often. Find the big files in Linux easily.

Here is the first pattern:
find /home/ercan/ -type f -size +100000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
If file size more than 250 MB in the system:
sudo find /home/ercan/ -type f -size +250000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
Here is the results:


Fix "Error: rpmdb open failed" on CentOS or Amazon Linux 2
Mon, 20 Apr 2020 11:49:37 +0300
Yesterday, I have started to test some services on running Amazon Linux 2 powered by Amazon Web Services cloud. For some reason, my package manager yum is broken and when I started to update my yum database, I've got an error about rpmdb open failed. You can see my error below. If you are running on Centos7 or another Linux distro using the package manager as yum, you can also continue to read.


Error: No space left on the device when starting/stopping services only
Sun, 01 Mar 2020 07:46:00 +0300
I'm using Amazon SSM Agent for connecting to EC2 instance via securely. Amazon SSM Agent is also able to connect to the EC2 instance console via aws.amazon.com web console. So, this is my preferred way.

About a few days ago, when I tried to connect to EC2 via Amazon SSM Agent it doesn't respond and after that, I decided to connect via a regular way, yes with SSH.

Of course, first of all, I want to restart Amazon SSM Agent and I see this:


Juniper SRX110H-VA VDSL2 Configuration Step by Step
Sun, 09 Feb 2020 06:48:00 +0300
I was talking on the phone with Kenan Bilgic last night and I told him to "I want to get a Juniper SRX-110H-VA". After this, Kenan told me, "I've already got a Juniper SRX-110H-VA, and just send me to your address, I can ship it for you."
I'm using TurkNet as an internet provider and they are really cheap and fast internet provider in my neighborhood. My connection type is VDSL2 and I need to make a VPN connection through Amazon Web Services (AWS).


Enable Logrotation for Docker Containers
Fri, 29 Nov 2019 17:17:00 +0300
When you install and use Docker on your system, the container running in the docker can generate a large number of logs while you are not aware of the background.
Although the Docker service normally supports logrotate, this support comes off by default. If one day your disk ends suddenly, then you will know exactly what I mean. : )
If you are installing the docker service for the first time in a server and running the container for the first time, you can follow the steps below.


Download specific file extension via wget easily on terminal
Fri, 22 Nov 2019 16:37:00 +0300
Sometimes, there may be files with more than one extension in a directory or folder. For example, .jpg, .png, .gif, .mp3, .mp4 etc. You want to download only gif files specifically from that source, but don't know how to do this? Don't be afraid, you're right.

wget is small software with a GNU license (i.e. free), by default on Linux and macOS operating systems.

The other day, I wanted to download the same .mp4 and .webm videos in an ftp directory, but I would either download the .mp4 ones or .webm files. Because of the size of 100 .mp4 files is 10 GB, 100 .webm files with the same content are only 6 GB. I decided to download the .webm files as I wanted to allocate much less disk space.

For this, I ran the following command and started watching the screen.


Find the exact size of certain files in Linux via terminal
Fri, 15 Nov 2019 19:00:00 +0300
One day, there may be a lot of files in more than one extension in the macOS, Linux or server you use, and you may be wondering about the size of these files or just want to see the size of the files with the corresponding extension for a specific study.
The other day, the server I was working on had both * .webm and * .mp4 file extensions, and I had to upgrade the server's disk, or I would delete those with the same .mp4 extension from the same videos.


Disable SELinux on CentOS 7 or CentOS 8
Fri, 08 Nov 2019 19:00:00 +0300
This tutorial shows you how you can disable SELinux (Security-Enhanced Linux) on your CentOS server. The CentOS version should be 7 or 8. The version does not matter.
What is SELinux?
SELinux is a security mechanism directly controlling by the kernel. It allows administrators and users more control over access controls on access based SELinux policies.
SELinux has three different modes of operation. Here they are:
Enforcing: Allows access based on SELinux policies and the policy rules.
Permissive: SELinux only logs actions that would have been denied if running in enforcing mode. 
Disabled: No messages logged and there is no more SELinux policy enabled on the server. Most of the time disabled mode is using web control panels like cPanel and/or Plesk.
Prerequisites
Only the root user or a user with sudo privileges can update SELinux mode.


Hello Blog!
Sun, 03 Nov 2019 22:24:00 +0300
I don't know how many times I set up a blog to myself to take notes or share some technical information about Linux servers and some Linux software such as nginx, phpMyAdmin, MySQL, PHP-FPM, etc but I never success about writing a blog post regularly.
My blog address contains my first name and my last name. So, you know my name I guess : )
I'm working at Masomo as a Linux System Administrator but mostly doing DevOps things with an awesome team.