Brainboard.co

📌 How to easily create an IaC pipeline that checks the security and cost of your infrastructure, ask specific team(s) for review and wait for an approval before deployment? ✅ In our CI/CD designer, you can easily orchestrate the steps of your deployment and federate all involved people in ONE platform. 👉 You visually create your CI/CD, configure the steps and trigger it (manually, schedule it or through the API). #cloud #multicloud #security #data #engineering #aws #azure #gcp #devops #sre #cicd #pipelines

How to build a GenAI infrastructure in AWS using Bedrock with Terraform? ✅ This is a complete architecture available in Brainboard.co templates catalog that allows you to: - Create the API gateway to handle all the incoming traffic, with stages, deployments and resources - Serverless components with Lambda to trigger specific actions like notification, data processing... - S3 storage - SQS queue and components - OpenSearch 👉 It could be deployed as it is or used as a good starting point and adapt it to your own configuration (with your networking, authentication, storage...). Reach out to Brainboard team if help is needed. #cloud #multicloud #rbac #security #data #engineering #aws #azure #gcp #devops #sre

📌 What happened in the tech space recently? 1/ AWS announced that OpenSearch, the fork of the ElasticSearch, is joining Linux foundation just few weeks after Elastic announced that Elasticsearch and Kibana are Open Source again 🤷🏼♂️ Reference: https://lnkd.in/dAgkKND4 2/ IBM acquired Kubecost, Kubernetes cost monitoring and optimization. IBM is investing a lot in the DevOps space, first by acquiring Hashicorp acquisition and now Kubecost. Who is next? Reference: https://lnkd.in/eMyVP7SH #cloud #multicloud #costoptimization #security #data #engineering #aws #azure #gcp #devops #sre

📌 How to regularly and continuously check that the Terraform code of your infrastructure is secure, deployable and no drift happened? ✅ In Brainboard.co you can schedule a workflow to run whenever you want to check if the infrastructure is still in the best state or not. For example, set it to run every week day in the morning and notifies you in case any issue occurs to your architecture. 🛡️ Not only the build and deployment are easy, but also lifecycle is monitored for best and complete management of your cloud infrastructure. 👉 Build great things here: https://app.brainboard.co #cloud #multicloud #rbac #security #data #engineering #aws #azure #gcp #devops #sre

🛡️ Why it is important to separate shared services from the application workload in Terraform? ✅ Application stack and shared services have both separate lifecycle when managed through Terraform. You may update the application to include cost-optimization, security and policies, so it should NOT impact the shared services that are used by other applications. 📌 Building strong dependencies may lead to an increased blast radius and involving more people/teams even for small changes, that's why it's important to decouple the application workload deployment from the shared services in Terraform and use data object to cross-reference resources in read-only mode when needed. 👉 Brainboard can help you build this strong isolation while still having a big picture of your cloud infrastructure: https://app.brainboard.co #cloud #multicloud #rbac #security #data #engineering #aws #azure #gcp #devops #sre

🛡️ How to build AWS 3-tier architecture using Terraform? ✅ One of the most common use cases for applications is the 3-tier architecture where you have the front end (web facing) components, Application runners and the database. 📌 This reference architecture allows you to create a 3-tier web application with its DNS zones, firewall, load balancers and a database. - Web layer: This is the user facing part, with its subnets and configuration right behind the firewall. - Application components: This layers hosts the VMs used as the application engine. - Database layer: This layer is dedicated to the database with replication and its own subnet. You don't need to manually setup everything, clone and use it. You can also replace some components with your Terraform modules if you want. 👉 It's up to you now to build great things here: https://app.brainboard.co #cloud #multicloud #rbac #security #data #engineering #aws #azure #gcp #devops #sre

🛡️ Your git repository is one click away with easy and secure connection. ✅ When you build your cloud infrastructure with IaC (Infrastructure as Code) you probably need to keep the Terraform code generated in your git repository (for deployment, as a backup, rollback, traceability...). 📌 Just connect your git repository to Brainboard and do pull requests from any architecture to push its Terraform code into your private repos. Our philosophy is: batteries included but swappable, so you can either use the native versioning system & CI/CD of Brainboard and/or use your own git. You can control your data and how/where it is stored. 👉 It's up to you now to build great things here: https://app.brainboard.co #cloud #multicloud #rbac #security #data #engineering #aws #azure #gcp #devops #sre

🛡️ How to build Azure vWAN architecture with Terraform. ✅ When your company grows, the infrastructure needed to handle internal IT connectivity increases as well and get even complex. Having a design-first approach in this case is mandatory. 📌 This architecture allows you to easily build and deploy the vWAN infrastructrue with Terraform: - Deployment across two regions. - All components are depicted: Firewall, virtual hub, peering... - You easily understand the link between the resources, so that you can maintain any changes smoothly. You can add/change/remove any components that are redundant or not needed + you can analyze its security posture before deployment. 👉 It's up to you now to build great things here: https://app.brainboard.co #cloud #multicloud #rbac #security #data #engineering #aws #azure #gcp #devops #sre

🛡️ Do you know what Azure AKS security means? And how many components are involved? ✅ Here are the components that you need to secure before you move to production: - Build: Static analysis of image builds before they are promoted down the pipeline. - Registry: Assessing the vulnerability state of the image in the Registry detects drift and also catches images that didn't come from your build environment. - Cluster: API server and access to it. By default, it uses a public IP and a fully qualified domain name (FQDN). You can limit access to the API server either by endpoint using authorized IP ranges or create a fully private cluster. You can use Kubernetes role-based access control (Kubernetes RBAC) and Azure RBAC to limit access to control access to the API. - Node: The nodes are just VMs with all what it means. These are important areas: 1/ Node authorization 2/ Node deployment 3/ Node storage - Hostile multitenant workloads: Currently, Kubernetes environments aren't safe for hostile multitenant usage. Extra security features, like Pod Security Policies or Kubernetes RBAC for nodes, efficiently block exploits. For true security when running hostile multitenant workloads, only trust a hypervisor. The security domain for Kubernetes becomes the entire cluster, not an individual node. Adding to that: - Compute isolation - Network security - Azure network security groups - Kubernetes network policy - Application Security - Kubernetes Secrets 📌 Building and managing AKS is usually not an easy task. We aim to help you visually build it and manage it to better control dependencies, track connection between components and be proactive in terms of security. It's up to you now to build great things here: https://app.brainboard.co #cloud #multicloud #rbac #security #data #engineering #aws #azure #gcp #devops #sre

📌 Best practice of the day: Keep your cloud infrastructure the smallest possible to: - Reduce the blast radius - Reduce Terraform refreshing the state, even if Terraform introducing "recently" the "--light" flag of the plan - Manage resources that are supposed to live together in the same lifecycle - Easy of maintenance Helping everyone to spend a good weekend 😍