Tuesday, May 9, 2023

Decode JWTs in bash

Today, it is once again time for one of those "let's document it" blog posts. Lately, I looked into one of the IBM Cloud security features, trusted profiles based on compute resources. I described how to turn your container into a trusted identity. For developing code locally, I needed to copy over files from the Kubernetes pods to my local machine, then decode JWT access tokens, all using the command line. Here is what I did.

Thursday, April 20, 2023

Blast from the past: Procfile for Python cloud apps

One of my first cloud apps

Recently, I tried out a feature of IBM Cloud Code Engine: Deploying my app directly from source code. It was a simple app, but it failed. I was stunned and investigated the problem. To my surprise, I could have known it because it was something from the past: A Procfile was needed.

Thursday, March 30, 2023

IBM Cloud and Terraform: How to use a REST API

I am a regular user of the IBM Cloud provider plugin for Terraform. I use Terraform with the command line on my local machine or with IBM Cloud Schematics as managed service. Often, I am testing and evaluating new features. Sometimes, I face the situation where not all necessary functionality is available in Terraform. But luckily, often there exists already an API function. In this blog post I am going to show how to use a REST API with everything else done in Terraform.

Friday, March 24, 2023

Analyze your IBM Cloud access management setup

ER diagram for cloud security data
Recently, I looked into how to analyze the access management setup of my IBM Cloud account. I wanted to better understand what kind of access policies exist, what service instances are covered by rules and policies, etc. In the past, I have shared with you how to get insights into IBM Cloud account privileges or how to improve security by identifying inactive identities. This time, I looked across the existing APIs to obtain identity and access management (IAM) and resource data. I retrieved, then analyzed that security data. With these insights, it is possible to improve security for your IBM Cloud account and its resources.