Digest #144: Elasticsearch Goes Open Source, Infor’s $2M Savings, Lidl’s Cloud Strategy and Scaling Postgres
SQL injection vulnerabilities, Meta’s privacy-aware infrastructure, and strategies for optimizing MySQL. Plus, learn about Terraform security, serverless web scraping, and cutting-edge DevOps tools.
Welcome to this week’s edition of the DevOps Bulletin!
This week, we dive into Elasticsearch's open-source revival, how Infor slashed $2 million with effective FinOps strategies, and why Lidl’s cloud shift is making waves in Europe. Plus, explore Meta's approach to privacy at scale, strategies for managing migrations across thousands of microservices, and more.
Newsworthy Stories
MySQL performance
Insights and strategies from the author of "High Performance MySQL" on optimizing your MySQL instances for maximum efficiency.
Tutorials of the week
Zero-Downtime Deployment with OpenTofu: Achieve seamless user experiences with zero-downtime deployments using instance refresh, blue-green deployments, and canary releases.
Like Heroku, but You Own It: Turn your VPS into a personal serverless platform with Dokku, a Heroku-like PaaS that you control.
Mind the Terraform Modules: Ensure Terraform module version integrity with tools like Terrahash, and keep your infrastructure in check.
IAM Federation in Multi-Account AWS Organizations: Streamline IAM federation across multi-account AWS setups with a robust design that balances CI/CD automation and local access via AWS SSO.
Building a Serverless Web Scraper with Amazon Q: Set up a serverless web scraping infrastructure using Terraform, Python Lambda functions, and DynamoDB for efficient and scalable data processing.
How to Secure Terraform Code with Trivy: Learn how to secure your AWS Terraform configuration by checking for known security issues using Trivy.
Projects of the week
Highlighting cool DevOps projects to keep an eye on:
ChartDB is a web-based database diagramming editor. Instantly visualize your database schema with a single "Smart Query."
Apeman is an open-source AWS attack path management tool.
Boxxy is a tool for boxing up misbehaving Linux applications and forcing them to put their files and directories in the right place, without symlinks!
RunCVM is an experimental open-source Docker container runtime, for launching standard container workloads - as well as Systemd, Docker, and even OpenWrt - in VMs using 'docker run`
AWS Mine is a honey token system for AWS. You can create AWS access keys that can be placed in various places to tempt bad guys.
Samwise is a CLI to accompany you on your Terraform module journey and share your burden of module dependency updates, just as one brave Hobbit helped Frodo carry his :)