https://blog.kgol.xyz/en/Recent content on KGOL-BlogHugo -- gohugo.ioen©2025, All Rights ReservedSat, 25 Jan 2025 00:00:00 +0000https://blog.kgol.xyz/en/posts/homelab-av-scanner/Sat, 25 Jan 2025 00:00:00 +0000Sat, 25 Jan 2025 00:00:00 +0000https://blog.kgol.xyz/en/posts/homelab-av-scanner/I wanted a simple but reliable solution for malware scanning untrusted files that are downloaded to my NAS / Homelab. Important Context A few years ago I was building a file ingress solution for a client. This solution involved 3rd parties uploading files to this web platform and the platform needed to pass the files through a security scanner prior to being processed by downstream systems. As part of my testing of the file ingress system, the product chosen (not my choice) to perform the scans seemed to always give the “ALL CLEAR” to larger files (100+ MB).Kieran Goldsworthyfeatured imageSelfhostLinuxSecurityGarden Shedhttps://blog.kgol.xyz/en/posts/ansi-escape-sequences/Sat, 13 Jan 2024 00:00:00 +0000Sat, 13 Jan 2024 00:00:00 +0000https://blog.kgol.xyz/en/posts/ansi-escape-sequences/Introduction The terminal can be controlled in all sorts of fun ways using Control Sequences. This is not an enumeration of all options. The ones explored here are part of the Control Sequence Introducer (CSI) set. CSI starts with ESC[. (thus often called ’escape codes/sequences’) ESC can be written in a few different forms: (oct and hex being the most widely supported) \e Ctrl-Key: ^[ Octal: \033 Unicode: \u001b Hexadecimal: \x1B Decimal: 27 CSI escape sequences take the form of ESC[<param> <char>.Kieran Goldsworthyfeatured imageLinuxInteresting Bitshttps://blog.kgol.xyz/en/posts/launching-goldsworthy-creations/Thu, 05 Jan 2023 00:00:00 +0000Thu, 05 Jan 2023 00:00:00 +0000https://blog.kgol.xyz/en/posts/launching-goldsworthy-creations/Check it out > > > here < < < I’m proud to announce the release of my designer label / brand “Goldsworthy Creations”. I’ve been doing crochet for some time now and have recently started to design my own patterns, as a way of showcasing my designs I have created a website, check it out. This site was launched on Christmas Eve 2022; it allows me to present my works and link to where the patterns can be bought on ravelry.Kieran Goldsworthyfeatured imageInteresting Bitshttps://blog.kgol.xyz/en/posts/launching-hugo-creations/Thu, 05 Jan 2023 00:00:00 +0000Thu, 05 Jan 2023 00:00:00 +0000https://blog.kgol.xyz/en/posts/launching-hugo-creations/Check it out > > > here < < < I recently released a new website called “Goldsworthy Creations” to accompany my designer label (read about it’s announcement here). To build this website I used the static site generator hugo and my own custom theme called hugo creations, which I’m announcing here. When embarking on a new project, it is best practice to search around and see who else has faced the same problem and perhaps has already published a solution;Kieran Goldsworthyfeatured imageInteresting Bitshttps://blog.kgol.xyz/en/posts/gcp-cloudbuild-results/Fri, 29 Jul 2022 00:00:00 +0000Fri, 29 Jul 2022 00:00:00 +0000https://blog.kgol.xyz/en/posts/gcp-cloudbuild-results/Pass results directly from a Cloud Build pipeline without storing/retrieving an artifact Background The typical pattern for using a CI/CD pipeline is to provide some input (like a git repo), and the pipeline will perform a combination of commands such as API calls or software compilations. By the end, the pipeline may produce some ‘artifact’. This could be the compiled software binary, X-as-Code State, or a log file. Google Cloud Build is a managed ‘serverless’ CI/CD pipeline service allowing you to run pipelines without the need to maintain any infrastructure and only pay for the compute over the time the pipeline is running.Kieran Goldsworthyfeatured imageGCPCI/CDMan Pageshttps://blog.kgol.xyz/en/posts/tf-module-sechub-summarizer/Sat, 16 Apr 2022 17:00:00 +1100Sat, 16 Apr 2022 17:00:00 +1100https://blog.kgol.xyz/en/posts/tf-module-sechub-summarizer/This module can be found on Github and Terraform Registry Background AWS Security Hub is a pretty useful tool for discovering potential vulnerabilities in your infrastructure. Recently I was deploying a landing zone through Terraform that included Security Hub and came across an issue regarding how Security Hub notifies the discovery of a new vulnerability. The current practice is to have an Eventbridge Rule that looks for Security Hub finding events and triggers an SNS.Kieran Goldsworthyfeatured imageAWSTerraformSecurityGarden Shedhttps://blog.kgol.xyz/en/posts/tf-module-container-inisights/Sat, 16 Apr 2022 16:00:00 +1100Sat, 16 Apr 2022 16:00:00 +1100https://blog.kgol.xyz/en/posts/tf-module-container-inisights/This module can be found on Github and Terraform Registry The Container Insights Terraform Module is used to deploy AWS’ Container Insights agent onto a Kubernetes Cluster (EKS Specifically). This allows for enabling deeper visibility into the operations of your K8 cluster via metrics and logs sent to AWS CloudWatch. The module connects to the Kubernetes cluster via the management endpoint to run a custom-written Helm Chart. This helm chart deploys the Container Insights Agent to the cluster as a DeamonSet and configures it to use IAM roles for service accounts, with an IAM Role this module also creates.Kieran Goldsworthyfeatured imageAWSTerraformObservabilityGarden Shedhttps://blog.kgol.xyz/en/posts/tf-module-tgw-routetable/Sat, 16 Apr 2022 15:00:00 +1100Sat, 16 Apr 2022 15:00:00 +1100https://blog.kgol.xyz/en/posts/tf-module-tgw-routetable/This module can be found on Github and Terraform Registry This module creates an AWS Route Table for Transit Gateway, and its associations and propagations. It is designed to be used in collaboration with the official TGW module by AWS [Github, TF Registry]. While the official TGW module does include some route table functionality, the advantage of this module is better support for cross-account attachments and easier implementation of multiple route tables for the same TGW, thus being able to implement multiple routing domains (More details here).Kieran Goldsworthyfeatured imageAWSTerraformNetworkingGarden Shedhttps://blog.kgol.xyz/en/posts/tgw-routing-domains/Wed, 30 Mar 2022 00:00:00 +0000Wed, 30 Mar 2022 00:00:00 +0000https://blog.kgol.xyz/en/posts/tgw-routing-domains/A more advanced routing architecture for AWS VPCs. TLDR: TGW can route traffic based on the source VPC as well as the destination IP. Before AWS introduced Transit Gateway, the only way to connect VPCs together was to use VPC peering. The main issue with this approach is that you need a VPC Peering between each pair of VPCs that you want to connect. To simplify large multi-VPC environments AWS released Transit Gateway, this allows for a hub-and-spoke model which allows for multiple VPCs to talk to each other with only a connection to a single hub.Kieran Goldsworthyfeatured imageAWSNetworkingMan Pageshttps://blog.kgol.xyz/en/posts/atf-thoughts/Sun, 20 Feb 2022 00:00:00 +0000Sun, 20 Feb 2022 00:00:00 +0000https://blog.kgol.xyz/en/posts/atf-thoughts/I’ve worked with AWS and Terraform for 3-4 years at this point and when AWS initially announced the Account Factory for Terraform (AFT) I didn’t take a too closer look because the company I worked for already had a solution to account generation that we would not be changing very soon (for many reasons). After I moved jobs I worked for a company that wanted to build AWS via terraform and were considering the account provisioning process, including using AFT.Kieran Goldsworthyfeatured imageAWSTerraformInteresting Bitshttps://blog.kgol.xyz/en/posts/s3-idea/Fri, 14 Jan 2022 00:00:00 +0000Fri, 14 Jan 2022 00:00:00 +0000https://blog.kgol.xyz/en/posts/s3-idea/Making the world a better place, one bucket at a time. S3 takes from a global namespace (actually, it’s the ARN that needs to be globally unique), which means anyone can create a bucket with any name (subject to a format) as long as that name has not been used by someone else. This actually creates a problem. Given the global namespace, short simple bucket names are already taken. For example, a bucket used to store logs can’t be called logs because someone else certainly already has it.Kieran Goldsworthyfeatured imageAWSSecurityInteresting Bitshttps://blog.kgol.xyz/en/posts/aws-in-china/Wed, 12 Jan 2022 00:00:00 +0000Wed, 12 Jan 2022 00:00:00 +0000https://blog.kgol.xyz/en/posts/aws-in-china/AWS has a ‘partition’ in Mainland China. It’s not like building in normal AWS, some services/features are missing or work in odd ways. Partitions AWS has a concept of ‘partitions’, these are basically separate instances of the AWS Cloud. You may have heard this term before when it comes to the different parts of the ARN e.g.“arn:partition:service:region:account-id:resource-id” There are currently 3 partitions: aws The normal aws cloud aws-us-gov AKA GovCloud aws-cn Mainland China These different partitions have limited overlap and connectivity.Kieran Goldsworthyfeatured imageAWSNetworkingInteresting Bitshttps://blog.kgol.xyz/en/posts/terragrunt-default-tags/Sat, 21 Aug 2021 00:00:00 +0000Sat, 21 Aug 2021 00:00:00 +0000https://blog.kgol.xyz/en/posts/terragrunt-default-tags/An approach to adding tags to all resources deployed by terragrunt This page describes a method to adding a set of default tags to all resources that can be tagged in an AWS account (other terraform providers may be compatible) More specifically, all resources deployed by terraform / terragrunt in a git repository. Setup First I should mention how I have set up the various terragrunt and terraform code, modules and repositories.Kieran Goldsworthyfeatured imageAWSTerraformTerragruntMan Pageshttps://blog.kgol.xyz/en/posts/powershell-encoding-gotcha/Sat, 19 Dec 2020 00:00:00 +0000Sat, 19 Dec 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/powershell-encoding-gotcha/Not all outputs are created equal Command Line commands often print there results right back to the command line. It might be more desirable to save that output to a file either for easier searching, manipulation or to simple save the result. The common approach is to ‘redirect’ the STDOUT (usually prints to the command line) to a file. 1 command > output_file This works quite well in bash and other linux shells but on Windows Powershell there is a big gotcha.Kieran Goldsworthyfeatured imagePowerShellInteresting Bitshttps://blog.kgol.xyz/en/posts/aws-resource-policies/Sun, 27 Sep 2020 00:00:00 +0000Sun, 27 Sep 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/aws-resource-policies/The other side of AWS IAM Permissions IAM Policies This article will not be an in-depth look at IAM Policies, but it’s a good idea to go over the general basics. An IAM Policy is in the form of a JSON Object with the most important part being the statements. Each Policy Statement defines a set of actions, whether the action should be explicitly Allowed or Denied, and under which conditions the statement should apply.Kieran Goldsworthyfeatured imageAWSIAMSecurityMan Pageshttps://blog.kgol.xyz/en/posts/aws-iam-permissions-boundaries/Sat, 26 Sep 2020 00:00:00 +0000Sat, 26 Sep 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/aws-iam-permissions-boundaries/How to use this lesser known feature of AWS IAM A competent understanding of IAM Polices and how they affect the permissions of any User/Role they are attached to is important to understand Permission Boundaries. Introducing Permissions Boundaries Boundaries are applied to Users and Roles and they act as the upper-limit (like a Boundary… funny that) to the User/Role, regardless of what might be granted by the attached IAM Policies.Kieran Goldsworthyfeatured imageAWSIAMSecurityMan Pageshttps://blog.kgol.xyz/en/posts/python-mutli-replace/Tue, 18 Feb 2020 00:00:00 +0000Tue, 18 Feb 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/python-mutli-replace/Module for multiple runs of the .replace string method Do you need to replace a substring with another one multiple times on the same string? Do you do that frequently and which there was a nicer way to write it? This module might be for you Basic Usage It takes in a string, and 2 lists. Each item in the first list will be replaced by the corresponding item in the second list.Kieran Goldsworthyfeatured imagePythonGarden Shedhttps://blog.kgol.xyz/en/posts/automatic-clipboard-typer/Mon, 17 Feb 2020 00:00:00 +0000Mon, 17 Feb 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/automatic-clipboard-typer/For when Copy & Paste just won’t cut it This script is designed to simulate keyboard key presses in order to type out (rather then paste) the current clipboard. The inspiration for this script came from a need to paste into fields that cannot normally be pasted into, e.g. an RDP session, particularly when asked for the windows password or resetting one. Usage: Copy the text you want to paste to the clipboard.Kieran Goldsworthyfeatured imagePythonWindowsGarden Shedhttps://blog.kgol.xyz/en/posts/installing-and-configuring-confluence-data-center-on-aws/Sun, 16 Feb 2020 00:00:00 +0000Sun, 16 Feb 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/installing-and-configuring-confluence-data-center-on-aws/Or at least how I did it Disclaimer This is my experience and steps I performed, YMMV. Some of these steps might not be required for your environment and some other steps might be. Some of the values might be different for you, where I think that might be the case they will appear as variables like so: ${VARIABLE}. This guide is to help you, not tell you want to do, so I take no responsibility if you screw up.Kieran Goldsworthyfeatured imageAtlassianConfluenceAWSJavaMan Pageshttps://blog.kgol.xyz/en/posts/installing-and-configuring-jira-data-center-on-aws/Sun, 16 Feb 2020 00:00:00 +0000Sun, 16 Feb 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/installing-and-configuring-jira-data-center-on-aws/Or at least how I did it Disclaimer This is my experience and steps I performed, YMMV. Some of these steps might not be required for your environment and some other steps might be. Some of the values might be different for you, where I think that might be the case they will appear as variables like so: ${VARIABLE}. This guide is to help you, not tell you want to do, so I take no responsibility if you screw up.Kieran Goldsworthyfeatured imageAtlassianJiraAWSJavaMan Pageshttps://blog.kgol.xyz/en/posts/configure-multiple-nics-and-ips-on-linux/Wed, 05 Feb 2020 00:00:00 +0000Wed, 05 Feb 2020 00:00:00 +0000https://blog.kgol.xyz/en/posts/configure-multiple-nics-and-ips-on-linux/IPv4 is running out, get ’em while they’re hot! If you are in business of building and configuring Linux servers, there will come a day where you need to configure a server with multiple Network Interface Cards and/or multiple IP Address. I had just such a task. Before we go on, the rest of this article is going to focus on Ethernet Network Interfaces of Red Hat Enterprise Linux 7.5 servers running on AWS EC2.Kieran Goldsworthyfeatured imageLinuxBashMan Pageshttps://blog.kgol.xyz/en/posts/interesting-bits-2/Fri, 10 Jan 2020 00:00:00 +1100Fri, 10 Jan 2020 00:00:00 +1100https://blog.kgol.xyz/en/posts/interesting-bits-2/GCP Console Bugs 1 Google Cloud Platform (GCP) has a service called storage which can be useful for hosting static websites. Simply create a ‘bucket’ with the name of your domain (e.g. example1.com) and update your DNS for that domain to be a CNAME pointing to ‘c.storage.googleapis.com’. Navigating to your domain will then server the index.html file at that path in th bucket. I stumbled across a bug almost right way however.Kieran Goldsworthyfeatured imageGCPInteresting Bitshttps://blog.kgol.xyz/en/posts/interesting-bits-1/Wed, 22 May 2019 18:47:28 +1000Wed, 22 May 2019 18:47:28 +1000https://blog.kgol.xyz/en/posts/interesting-bits-1/Misspelled characters, Unexpected AWS achievements 1 One of my favourite characters is the lowercase Greek letter ‘L’ called ’lambda’. I don’t know why I like it, perhaps it was after I played Half-Life; or perhaps it was when it was used for eigenvalue when I was learning linear algebra. Either way, I do use the symbol every now and then. But alas there is no \(\lambda\) symbol on the keyboard, hence to use it I would need to copy it from either the web or from a built in feature of Microsoft Windows called ‘Character Map’.Kieran Goldsworthyfeatured imageWindowsAWSCloudformationInteresting Bitshttps://blog.kgol.xyz/en/posts/first-post/Sat, 11 May 2019 12:26:33 +1000Sat, 11 May 2019 12:26:33 +1000https://blog.kgol.xyz/en/posts/first-post/Initial Blog Overview This is the first of (hopefully) many blog posts. There are a number of different topics I want to write about, including: The Interesting Bits: This series will cover interesting findings around software and development. It could be a little known feature or a bug. It could be a process that I didn’t know about. Whatever it is, you might already know about it but when I learnt of it, I thought it was interesting.Kieran Goldsworthyfeatured imageMetadata