Build Secure GitHub Self-Hosted Runners on Amazon EC2 with Terraform

September 2, 2025September 8, 2025 ~ sourav kundu ~ 1 Comment

GitHub, in addition to being an excellent version control system, offers workflow automation capabilities (Actions) that enable testing, building, and deploying code based on triggers such as code commits, pull requests, or scheduled events. These workflows run on runners, which are virtual or physical machines that execute these workflow steps.While GitHub offers free hosted runners … Continue reading Build Secure GitHub Self-Hosted Runners on Amazon EC2 with Terraform

Configure DNSSEC for Amazon Route 53 hosted zone using Terraform

April 17, 2025April 16, 2025 ~ sourav kundu ~ Leave a comment

DNSSEC (Domain Name System Security Extensions) is a security protocol that adds cryptographic signatures to DNS records. This ensures that users are connecting to legitimate websites rather than malicious ones. It also helps prevent attacks like DNS spoofing or cache poisoning by verifying the authenticity and integrity of DNS responses. Amazon Route 53 is a … Continue reading Configure DNSSEC for Amazon Route 53 hosted zone using Terraform

Attach AWS WAF to load balancer using Terraform and GitHub Actions

April 6, 2025April 9, 2025 ~ sourav kundu ~ 2 Comments

Public-facing load balancers are vulnerable to attacks, including DDoS, SQL injection, cross-site scripting (XSS), and bot attacks. These attacks can degrade the load balancer's performance, rendering it unavailable to legitimate users and negatively impacting business operations. AWS Web Application Firewall (WAF) is a service designed to protect resources like load balancers, Amazon CloudFront distributions, API … Continue reading Attach AWS WAF to load balancer using Terraform and GitHub Actions

Automate Terraform Testing with Azure DevOps Pipelines

January 22, 2025January 22, 2025 ~ sourav kundu ~ 2 Comments

HashiCorp introduced the Terraform testing framework with version 1.06 of Terraform. This note captures my experience learning and adding test cases to an existing Terraform configuration using Azure DevOps Pipelines. Along with my notes, you'll also find references to helpful guides and YouTube videos. By the end of this note, I want you to feel … Continue reading Automate Terraform Testing with Azure DevOps Pipelines

Automate Terraform Modules README Generation with terraform-docs and GitHub Actions

January 10, 2025 ~ sourav kundu ~ 1 Comment

Terraform modules are essential building blocks for reusing Terraform configurations. For a Terraform module to be successful, ease of use and discoverability are key. Since creating a Terraform module also goes through a development and maintenance cycle, storing that in a GitHub repository is convenient. By doing so, Organizations improve collaboration, increase transparency, and enhance … Continue reading Automate Terraform Modules README Generation with terraform-docs and GitHub Actions

Install and configure CloudWatch Logs agent on Amazon EC2 instance for Windows using user data

July 16, 2024October 21, 2024 ~ sourav kundu ~ 3 Comments

Amazon CloudWatch is a monitoring and observability service that Amazon Web Services (AWS) provides. It monitors log files, collects and tracks metrics, sets alarms, and triggers actions to help AWS users ensure the health and performance of their applications and infrastructure resources. CloudWatch integrates with various AWS services, such as Amazon EC2, to provide comprehensive … Continue reading Install and configure CloudWatch Logs agent on Amazon EC2 instance for Windows using user data

Access AWS Secrets Manager secret from Amazon EC2 instance using Python

November 27, 2023November 27, 2023 ~ sourav kundu ~ Leave a comment

Per AWS-Docs, AWS Secrets Manager is a service to manage, retrieve, and rotate database credentials, application credentials, OAuth tokens, API keys, and other secrets throughout their lifecycles. Many AWS services store and use secrets in Secrets Manager. In this note, I demonstrate how to access the AWS Secrets Manager secret value using Python from an … Continue reading Access AWS Secrets Manager secret from Amazon EC2 instance using Python

Add an application load balancer to Amazon EC2 using Terraform

July 30, 2022March 25, 2025 ~ sourav kundu ~ 9 Comments

A highly available application has a higher chance of attracting customers because they are assured of consistency in service. Load balancing is a cost-effective way to increase an application's availability. In this note, I describe the steps to add an application load balancer to three Amazon EC2 instances hosted in three public subnets in different … Continue reading Add an application load balancer to Amazon EC2 using Terraform

Strengthen security posture with Terraform and AWS IAM to manage AWS cloud resources

Is Terraform using an AWS IAM administrator user credential to manage AWS resources?

September 26, 2021March 13, 2023 ~ sourav kundu ~ Leave a comment

Terraform uses AWS IAM user credentials to manage resources in the AWS cloud. It does so by utilizing the secret key and access key of the IAM user. Hence, Terraform's ability to manage (create/update/delete) resources depend on the permission associated with the AWS IAM user. When I started working with Terraform to manage resources in … Continue reading Strengthen security posture with Terraform and AWS IAM to manage AWS cloud resources

Terraform remote state file as a data source to support a layered IAC approach

September 14, 2021March 13, 2023 ~ sourav kundu ~ 1 Comment

A few months back, I came across an interesting concept of deploying infrastructure in a layered fashion, and I wish I had the URL saved to refer to it again. Nevertheless, the gist of the idea was that you could build an application product environment by deploying layer after layer of infrastructure. A layer of … Continue reading Terraform remote state file as a data source to support a layered IAC approach