Tips & How-To's
Getting Terraform to apply only when a change exists using Make
· β˜• 11 min read · ✍️ Sathyajith Bhat
TL;DR Applying some Bash knowhow on exit codes, you can cut down the time required for a Terraform apply if no changes are to be done. The Simple Plan and Apply Over the past couple of weeks, I’d been working on getting our alerts deployed with Terraform. The initial proof of concept was a very simple shell script with a lot of copy-paste to handle the many accounts, environments and regions that I work on.

Migrating my WordPress blogs to Hugo
· β˜• 6 min read · ✍️ Sathya
I started blogging with WordPress about 13 years ago. I had some free time since the joining date for my first job was about a month or so away. Armed with boredom, an Internet connection and an ample amount of free time, I started Sathya Says on hosting. Soon after, I came to know about domains, shared hosting and self-hosted WordPress and with my first ever salary, purchased, shared hosting and started writing about Linux experiences.

Securing your workloads on Azure
· β˜• 1 min read · ✍️ Sathya
I had the privilege of being able to talk about what you can do to improve your Azure account security and improve the security posture of your workloads running on Azure as part of Microsoft For Startups’ Highway to a 100 Unicorns - Scale Up Thursdays webinar series. You can catch the video on demand by registering over at The slides are available on SpeakerDeck as well on my Talks section.

Running Folding@Home on AWS with AWS CDK
· β˜• 3 min read · ✍️ Sathya
Folding@Home(aka FAH) is a distributed computing project. To quote from their website, FAH is a distributed computing project for simulating protein dynamics, including the process of protein folding and the movements of proteins implicated in a variety of diseases. Folding@Home involves you donating your spare computing power by running a small client on your computer. The client then contacts the Folding@Home Work Assignment server, gets some workunits and runs them, You can choose to have it run when only when your system is idle, or have it run all the time.

Setting up a secure Docker image scanning solution with Anchore and Drone CI
· β˜• 3 min read · ✍️ Sathya
A while back I had done a round up of a few container scanning solutions and had mentioned I wanted to take another look at Anchore. The past few days, I’ve been playing a bit with Anchore - this time, integrating it with Drone CI. Drone is a “Container-Native, Continuous Delivery Platform” built using Go. It makes use of a YAML file, .drone.yml to define and execute the pipeline. End Goal For this project, we will be integrating Drone and Anchore.

Scanning Docker Image for Vulnerabilities with Aqua MicroScanner
· β˜• 3 min read · ✍️ Sathya

Containers are slowly becoming the standardized units of deployment. As containers become more popular, they also become the focus targets for attacking the system via vulnerabilities present in the packages within the image. There are quite a few container vulnerability scanning solutions (example: Clair, Twistlock, now Prisma Cloud, Aqua – however most of them are either commercial or require an elaborate setup, which makes it difficult for individual developers to involve them as part of the container build process.

Convert newsletters to RSS feeds with Kill-The-Newsletter
· β˜• 1 min read · ✍️ Sathya

Long time, no write! Newsletters have become all the rage these days and I guess for good reason -Β  they’re curated, come in (usually) once a week and typically offer a respite from the deluge of news that comes in why typical RSS Feeds or via Twitter. Naturally I subscribed to few initially and then the list of newsletters increased - and now I am stuck with a newsletter bomb in my Inbox

Accessing Chef Databag Items from within attributes
· β˜• 1 min read · ✍️ Sathya
In Chef parlance, databags are global variables saved in JSON format and are stored and accessible on the Chef server. Given that these are indexed and can be searched up along with the fact that they can be encrypted make them ideal candidates to store secrets such as credentials/ssh keys. Chef provides an easy way to search and fetchΒ databag and databag items from within a recipe: For ex to fetch a databag called admins, it’s as easy as:

Of nginx’s mid cut off responses and proxy buffers
· β˜• 3 min read · ✍️ Sathya

Among the services I look after, the biggest and high-profile - is the user facing website. The website is your bog-standardΒ typical frontend(powered by Express/Angular) which fetches data via an API which is powered by the backend(built on Rails). Typical flow is that Express receives the request from the browser, makes a request to the backend which is thenΒ served using Rails API via nginx which acts as the reverse proxy.

Xenserver and adding/attaching a new storage to a VM
· β˜• 2 min read · ✍️ Sathya
I had an instance today where a local VM(which is provisioned by Xenserver) was running low on disk space and wanted to increase the disk space allocated to it. Last time when I did it by increasing the space from within Xen Manager, I failed miserably(the VM was configured with LVM and neither pvscan or lvscan was able to see the increased space). This time I tried a different approach: