Gift Horse

July 11, 2021 · 0 min · Ben Francom

AWS EKS Kubernetes Fargate Ingress Controller ALB Certificate

Wow that title is a mouthful! It took me a little time to figure out how to setup the certificate on EKS/Fargate in AWS. I was following this tutorial from the docs. Be sure to click the “Fargate” part of the tuorial half-way down the page to curl in the 2048-ingress.yaml below. After delegating my subdomain to AWS, I then setup a cert in ACM, and modified the 2048-ingress....

February 8, 2020 · 1 min · Ben Francom

OpenBSD PF and OpenDNS

At home, I needed a way to prevent anything but OpenDNS from being used for DNS, and needed a rule that would do it in OpenBSD PF. Install and Configure First off, to setup an OpenDNS client on OpenBSD, install the ddclient package via pkg_add ddclient You should get an output like so: bzrtr# pkg_add ddclient quirks-3.183 signed on 2020-01-31T18:21:51Z quirks-3.124->3.183: ok ddclient-3.8.3p1:p5-Net-SSLeay-1.88: ok ddclient-3.8.3p1:p5-IO-Socket-SSL-2.066: ok ddclient-3.8.3p1:p5-Digest-SHA1-2.13p4: ok ddclient-3.8.3p1: ok Read shared items: ok The following new rcscripts were installed: /etc/rc....

January 31, 2020 · 2 min · Ben Francom

AWS Data Migration Service

I was just doing some testing of the AWS Data Migration Service (DMS), and it isn’t obvious when setting up endpoints that the public IP address of the replication instance is the one that traffic will always come from/to. At least in my testing, this was true. I use the amazing OpenBSD pf firewall for the home perimiter, and was able to verify with 2 different AWS accounts. Do the test by creating a target endpoint in DMS, and add your firewall IP as the destination...

January 30, 2020 · 1 min · Ben Francom

AWS IP Range Automation

AWS provides a list of their IP ranges for you to use when configuring whitelists, firewalls, and other things. The list is available in JSON from: To get it automated into your pipelines, or scripts, you can use curl and jq in this manner: curl | jq . This will give you all the IP’s, regions, and info. To get more specific like the us-east-1 region and the AMAZON service, just add some more filters:...

January 30, 2020 · 1 min · Ben Francom