Infrastructure-as-Code

This is part of the series Startup that Failed . Infrastructure as Code: Why It’s Non-Negotiable Start with this rule: If you’re touching AWS console to create resources, you’re doing it wrong. Every resource goes through Terraform. IAM roles, security groups, RDS instances, S3 buckets, EKS clusters - everything. No exceptions. This isn’t about following best practices. It’s about three concrete problems: 1. Reproducibility. You will need to rebuild your infrastructure. Whether it’s disaster recovery, creating new environments, or (in my case) rebranding, you’ll need to recreate everything. With Terraform, it’s terraform apply. Without it, you’re clicking through AWS console trying to remember what you configured six months ago. ...

This is a no-fuss summarization of what I’ve learned from running my own startup and failing hard at it. The good, the bad, and the brutally honest. It’s a series of short essays where I dissect every mistake, every win, and every “what the hell was I thinking?” moment. If you’re thinking about a side project, already knee-deep in one, or just enjoy watching someone learn expensive lessons so you don’t have to - then this series of essays is for you. ...

This essay covers what makes COS worth considering: root filesystem immutability, automatic updates, and how to use it with regional managed instances for scaling. I’ll also cover startup scripts and practical considerations for engineering teams. A Brief Overview of Container-Optimized OS Container-Optimized OS is a lightweight, secure operating system image designed by Google specifically for running containers on GCP. Based on the open-source Chromium OS project, COS is tailored to offer a minimal footprint, reducing potential attack surfaces and simplifying maintenance. It comes pre-installed with essential tools like Docker and containerd, enabling teams to deploy containers out of the box without additional setup. ...

Building a Health-Data Platform I have had the opportunity to work on several complex and challenging projects. One such project was a health-data platform designed as a modular monolith with a plethora of complex requirements to fulfill. As a health-data platform, ensuring the security and compliance of our users’ sensitive information was paramount. To that end, we made it a priority to align with both HIPAA and SOC-2 standards. Compliance and Security Measures for a Health-Data Platform SOC-2 Compliance For SOC-2 compliance, we implemented various strict controls to guarantee the safety of our user’s data. This included implementing multi-factor authentication, such as FIDO tokens, for added security. We also conducted regular security assessments and backups to ensure that any data would be protected in the event of a security breach. Additionally, we employed SOC-2-compliant cloud providers to host and store sensitive data. A Governance, Risk management, and Compliance (GRC) program was established and reviewed regularly to maintain SOC-2 compliance. ...

From Theory to Practice It is recommended that readers familiarize themselves with the principles outlined in the article Modular Monoliths - Simplified before delving into the practical example provided in this follow-up piece. This article will explore a specific implementation of a modular monolith architecture, utilizing a clear separation of handlers, services, and repository layers. The accompanying GitHub Repository serves as a reference and starting point, providing a boilerplate structure that can be easily adapted to suit the specific needs of your project. ...