Amazon Web Services (AWS) provides two managed PostgreSQL options: Amazon Relational Database Service (Amazon RDS) for PostgreSQL and Amazon Aurora PostgreSQL.

With PostgreSQL, you can create users and roles with granular access permissions. Users, groups, and roles are the same thing in PostgreSQL, with the only difference being that users have permission to log in by default.

Vault Database Secrets Engine

PostgreSQL is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for the PostgreSQL database.

Enable the database secrets engine on the Vault server to start using postgresql-database-plugin.

$ vault secrets enable…

Amazon DocumentDB (with MongoDB compatibility) is a fully managed document database service that supports MongoDB 3.6 or 4.0 workloads.

With role-based access control, you can grant users one or more predefined roles (for example, read, readWrite, or dbOwner) that determine which operations they are authorized to perform on one or more databases.

Concepts

  • User A named entity that can authenticate and perform operations
  • Password — A secret word that authenticates the user
  • Role — A designation that authorizes a user to perform actions on one or more databases
  • Admin Database — A special database to authorize users against
  • Database (DB)

The Nomad Autoscaler is an autoscaling daemon for Nomad, architectured around plugins to allow for easy extensibility in terms of supported metrics sources, scaling targets and scaling algorithms.

Building

The Nomad Autoscaler can be easily run as a Nomad job with the APM, Target and Strategy plugins.

job "autoscaler" {
datacenters = ["eu-central-1a"]
group "autoscaler" {
count = 1
network {
port "http" {
to = 8080
}
}
task "autoscaler" {
driver = "docker"
config {
image = "hashicorp/nomad-autoscaler:0.3.0"
command = "nomad-autoscaler"
args = [
"agent",
"-config",
"${NOMAD_TASK_DIR}/config.hcl",
"-http-bind-address",
"0.0.0.0", …


Trivy is a simple and comprehensive open source tool from Aqua Security to scan container images for vulnerabilities in OS packages and language-specific dependencies.

Trivy Vulnerability Scanner joined the Aqua Security last year. Unlike other open source scanners, Trivy covers both OS packages and language-specific dependencies and is extremely easy to integrate into CI/CD pipelines.

Features

Detect comprehensive vulnerabilities

  • OS packages (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
  • Application dependencies (Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo)

Simple

  • Specify only an…


This implementation requires an adapter to scale your deployments on Azure Kubernetes Service (AKS) using the Horizontal Pod Autoscaler (HPA) with External Metrics from Azure Service Bus Queues.

Prerequisites

Create an Azure Container Registry

Azure Container Registry helps you to build, store, secure, scan, replicate, and manage container images and artifacts with a fully managed, geo-replicated instance of OCI distribution.

The below example uses az acr create to create an ACR named HelmACR in the QueueBasedScalingResourceGroup resource group with the Basic SKU.

az group create --name QueueBasedScalingResourceGroup --location eastus
az acr create --resource-group QueueBasedScalingResourceGroup --name…

Ferhat Vurucu

Senior DevOps Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store