Lets imagine the scenario, when attacker gains access to the production AWS account and can modify or remove RDS databases and snapshots, affecting business continuity. To mitigate such risks we should have disaster recovery solution is in place in the form of an RDS snapshot tool that runs on a daily basis in two accounts in parallel: the production account and the backup account. Production account: RDS snapshot tool creates encrypted snapshots of the RDS databases and recrypts them with a KMS key shared from the backup account....

The AWS Well-Architected Framework consists of five pillars that represent the key areas of focus for building and operating reliable, secure, efficient, and cost-effective systems in the cloud - Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization. By using AWS SSM for secure EC2 access we are matching Security pillar in several ways: Centralized access control through AWS Identity and Access Management (IAM) policies Encrypted communications - all data is encrypted in transit between the SSM client and the SSM service, and between the SSM service and the EC2 instance...

While trying to close my k8s knowledge gaps, I’ve followed titorual on how to create k8s operator with kubebuilder. After executing few magic commands, like kubebuilder init --domain tutorial.kubebuilder.io --repo tutorial.kubebuilder.io/project kubebuilder create api --group batch --version v1 --kind CronJob I’ve keen to know more - what are domain, group, kind, why they needed at all and can we omit them? There is some information on that topic in kubebuilder tutorial - Groups and Versions and Kinds, oh my!...