Cloud Engineering weeknotes, 11 February 2022

This week has again been all about certificates. With most AWS services having had their new certificates applied earlier in the week, we had turned our attention to the wildcard. Unfortunately, our supplier still has not provided the new certificate, so we developed a Plan B of using Let’s Encrypt to generate a temporary certificate. This has worked quite well, and has been passed to the relevant teams to use.

However, it’s temporary and we will need to keep working on this. In line with our automation policy, it is possible to use Let’s Encrypt to generate certificates automatically; but they are only valid for three months at a time and would still have to be applied manually. This is not an acceptable overhead, so we will explore other options. 

Although this has been a necessary distraction, some good progress has been made elsewhere. We almost have the first iteration of Backstage, which should be in production next week. It’s deliberately basic, with only the GitHub plugin so far, but any dev is free to add more. We gave a short demo of some of the features at our show & tell this week. 

We’ve restarted some work on account migrations. The API accounts have some applications in them that should be in better homes. We’ve started the process of migrating them, starting with the Development environment. Although we’ve migrated applications before, this is the first time we’ll have moved a serverless application, so it’s also a good learning opportunity. 

On Globalprotect, we have agreed with the relevant governance groups that we will use a different authentication method for “internal” applications. This is because it can’t process granular authentication data from our normal SSO provider. We have raised this as a feature request with Palo Alto Networks, so until then we will be using an alternative service that meets the same standards.

It was good to engage so productively with our governance, with the action being agreed within a day of asking. Governance doesn’t have to be a blocker to doing the right things, but rather it’s helped reassure that we’re doing the right thing in the right way!

+ posts

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.