20 Mar 2023 |
VanOfHoogen#3554 | by some time, I have a month. | 21:03:00 |
ace@machine | AWS Architect would be worth while | 21:12:58 |
ace@machine | Don’t skip the Cloud Practitioner though.
AWS is more less like data structures. These so many services each with their own little variance and spin. The cloud practitioner will get you familiar with lay of the land, basic infra they have and their billing. Architect will then put you in a position to be able to solution whatever you want using their services
A lot of folks lose their ass due to discrete costs in billing, you’ll accidentally be liquidating if not paying attention to your billing fees and resources in use | 21:13:01 |
ace@machine | * Don’t skip the Cloud Practitioner though.
AWS is more less like data structures. These so many services each with their own little variance and spin. The cloud practitioner will get you familiar with lay of the land, basic infra they have, their billing, the fundamental services and what role they play. Architect will then put you in a position to be able to solution whatever you want using their services
A lot of folks lose their ass due to discrete costs in billing, you’ll accidentally be liquidating if not paying attention to your billing fees and resources in use | 21:14:27 |
ace@machine | You think you want OKTA btw but have fun | 21:15:23 |
ace@machine | I had to rile out OKTA PKCE2 on applications and lemme tell you, was pure pain due to how lacking their documentation was | 21:15:58 |
VanOfHoogen#3554 | T_T I am just one man infrastructure army | 21:16:12 |
ace@machine | OKTA is basically AD for web applications though | 21:16:15 |
ace@machine | Whatever you do, role with some sort of SSO solution, you’ll be happy you did | 21:16:47 |
VanOfHoogen#3554 | there are a few choices, but little time | 21:16:48 |
VanOfHoogen#3554 | single sign on is legit magic | 21:17:17 |
ace@machine | Na | 21:17:34 |
ace@machine | It’s a central location is all | 21:17:42 |
ace@machine | You have a “auth server” who you can think of as like the Oracle. Any application you have, must consult with the Oracle when logging in. The Oracle validates if the application is apart of the whitelist, it acknowledges that, and then the application submits the credentials for verification. Once verified, the Oracle will proceed to provide a “seal of approval” that is then used to auth a user for a specific application | 21:19:41 |
ace@machine | Think of it like a hub n spoke. The hub is the auth server and the spokes are the individual applications that you whitelist | 21:20:05 |
ace@machine | From there, you just register a user into the hub and any registered application must go through auth flow in order to auth and validate a client AND a user | 21:21:10 |
ace@machine | You’ll want a key vault solution if you don’t have one already. I personally have seen Hashicorp Keyvault used a ton. AWS and I think Azure has a vault system but that’s what I’ve seen used most in my exp is Keyvault | 21:23:41 |
ace@machine | Iirc OKTA has a SAML SSO solution | 21:26:00 |
ace@machine | There’s also free self hosted versions of this stuff you can use, if you don’t have the budget for paid services and are confident in your skills and network security | 21:27:30 |
VanOfHoogen#3554 | ace@machine its ok, I get it. I have a few knowledge pieces to acquire and demonstrate prior modifying the stack. | 21:27:48 |
ace@machine | Monitoring and surveillance is king btw | 21:28:22 |
ace@machine | Get real comfy with how you can pull information about your system from various points in the stack | 21:29:01 |
VanOfHoogen#3554 | do you recommend prometheus as the all knowing seer? | 21:36:45 |
VanOfHoogen#3554 | I do like prometheus, but it feels like it presents a steep barrier to entry knowledge wise | 21:37:45 |
ace@machine | Never heard of it, sozz | 21:40:47 |
| daveads joined the room. | 21:58:47 |
intothewildskat#6339 | I have been doing this shit for more than a year. And stuff that I think would help someone excel at this job in addition to being proficient with IaC tools would include - understanding ideas of service discovery, service mesh, etc (tools like consul) - experience with a cloud provider (AWS, etc) - good understanding of container orcestrater - secret management - Ability to program (at the very lest proficiency with python and Go) - Extremely good understanding of networking and OS concepts | 22:09:02 |
intothewildskat#6339 | Then again my experience is limited in this area. So take this with a grain of salt | 22:14:53 |
bayindirh#7884 | Take a look at it and its alternatives (Grafana, et. al). Some of them merged with others, so the landscape may have changed a bit.
I’m not a cloud operator. I manage OpenStack installations and bare metal hardware directly. So I can’t comment on big providers. I directly play with heavy iron. | 22:16:32 |
bayindirh#7884 | Corollary: if your monitoring system is waking you up at 3am, and can’t wait till morning; you’re doing something wrong. | 22:21:48 |