| 💥 Explanation | ✅ Recommended Actions and Considerations | |
|---|---|---|
| Network Latency | Cross-region traffic, DNS resolution delays, or congestion can add unpredictable delays. | Deploy services closer together. Use CDNs, PrivateLink, VPC endpoints. |
| Tail Latency Spikes | Outlier delays (95th/99th percentile) can trigger timeouts, causing retries that amplify load — as seen during Prime Day 2018. | Measure tail latency. Set realistic timeouts. Use circuit breakers to cut retry storms. |
| Remote ≠ Local | Remote calls involve network hops, serialization — always |
yashodhah
/ gist:6f832d311536cf6d35649588b73b349f
Last active
March 30, 2025 07:31
when_the_network_fails_what_we_can_do.md
| 💥 Explanation | ✅ Recommended Actions and Considerations | |
|---|---|---|
| Request/Response Hangs | You send a request but get no response at all. Did the request arrive, was it processed, or was the response lost along the way? Resources get stuck waiting. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| services: | |
| postgres: | |
| image: postgres | |
| container_name: postgres | |
| environment: | |
| POSTGRES_USER: admin | |
| POSTGRES_PASSWORD: admin | |
| POSTGRES_DB: local | |
| ports: | |
| - "5432:5432" |
We can make this file beautiful and searchable if this error is corrected: Unclosed quoted field in line 7.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ZT Principal,Description,Examples | |
| Verify and authenticate,"Continuously verifying identities and authentication status throughout a session, ideally on each request","AWS APIGW/ALB Authentication, AWS SSO, Cognito, IAM" | |
| Authorization,"In addition to the authenticated identity, authorization policies should consider additional contexts, such as device health and posture, behavior patterns, resource classification, and network factors","IAM policies,Resource-based policies" | |
| Least privilege,Granting principals the minimum level of access required to perform their actions,"IAM Roles and Policies" | |
| Micro-segmentation,Breaking up security perimeters into small zones to maintain separate access for separate parts of the network,"VPC subnets,NACL,Security Groups" | |
| Continuous monitoring and analytics,"Importance of visibility into user behavior, network traffic, and system activities to identify anomalies and potential security events","VPC flow logs" | |
| Automation and orchestration,"Streamlining security processes, reduci |
yashodhah
/ start-role-session.sh
Created
September 14, 2023 15:08
— forked from sybeck2k/start-role-session.sh
A script to rapidly test IAM policies
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # MIT No Attribution | |
| # Copyright 2023 Roberto Migli | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy of this | |
| # software and associated documentation files (the "Software"), to deal in the Software | |
| # without restriction, including without limitation the rights to use, copy, modify, | |
| # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to |