My thoughts and ideas

Most of our resources at AWS aren’t publicly accessible via the Internet. Instead we placed them in a separate VPC to isolate them from any malicious access by an attacker or even accidental access by ourselves.

However from time to time we do want to access the resources directly:

  • During local development it may save us an enormous amount of time not having to build complex tunneling solutions within our application.
  • Certain systems should never be exposed via the public Internet but should only be reachable for dedicated and authenticated users.

My first approach was to use AWS’s internal VPN solution which turned out to be both complex to setup as well as pretty expensive to use.

So while looking for alternatives my colleague Lukas pointed me towards WireGuard which turned out to be exactly what I was looking for.

In this posting I will describe how to setup a WireGuard VPN at AWS completely from scratch, using Terraform as infrastructure as code framework.

Read more

The time of binders full of invoices and other documents is over. At least for me.

Almost all of my personal home office is paperless these days. However almost everything still arrives on paper. This article tells you how I deal with it.

Read more

We’re in the middle of migrating a lot of our infrastructure components to AWS. One thing that took me a while to wrap my head around is how to setup a VPC (Virtual Private Cloud) at AWS in a way that all our outgoing traffic is routed via a fixed IP address. In this article I will demonstrate how this can be done, using Terraform to setup all required resources at AWS.

Read more

As we create more and more new service and require more and more infrastructure resources to support those services, we have started to use Terraform to manage our infrastructure.

In this article, I would like to give an overview of how we structure our Terraform setup.

It’s designed to build up a common vocabulary and understanding of why we do things the way we do them and provide a little bit of background information how and why we made the decisions that lead to the current setup.

As we’re using AWS to deploy our cloud infrastructure, most of the examples will relate to AWS but in principle should be provider-agnostic and can apply to other providers as well.

Read more

A few days ago I stumbled upon a discussion on Twitter of whether or not a local development environment should be kept identical to the production environment:

The original assumption in the tweet is by itself interesting: Did we actually have that rule? Keep the development environment identical to the production environment? Did it ever work?

From my personal close to 20 year experience in software engineering I never had the situation where a development environment actually mirrored the production environment. And I would even go as far as to say: That’s a good thing!

Let’s dive into why I think that is.

Read more

In May I had the honor of having been invited as opening keynote speaker to the DevDays 2019 in Vilnius.

Luckily I also had the chance to see a lot of other great talks that made me curious about new technologies, showed me things I hadn’t thought about before and made me appreciate a few things I always took for granted.

In this post I would like to highlight a few of my favorites:

Read more

I’ve had the opportunity to be invited as speaker to several software engineering conferences during the last couple of years.

Interestingly, when talking about this to friends and colleagues a typical reaction when they hear this is: “Oh, I’ve always wanted to do that as well but I’m simply not good enough” or similar comments.

As I had the same doubts before actually doing it I’d like to lay out a few thoughts about speaking on conferences and why you are most likely good enough, no matter what you may think.

Read more