https://elijahu.me/portfolio/tags/security/Infrastructure & Cloud Engineering portfolio by Elijah Udom (elijahu) — AWS, Kubernetes, eBPF Security, AI/ML Infrastructure, and Platform Engineering projects.Hugo -- gohugo.ioenWed, 17 Dec 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/kodekloud-days-9-12/Wed, 17 Dec 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/kodekloud-days-9-12/“Every K8s node is a Linux host. Every database that won’t start has a reason in the logs. Every ’no route to host’ is a firewall issue until proven otherwise.” Context: This series is a deliberate return to Linux fundamentals before going deeper into kernel-level work — CentOS, MariaDB, SELinux, Ansible. The stuff that runs silently under every K8s cluster and eBPF probe. Owning it isn’t optional. Four problems this week: a MariaDB instance that wouldn’t start due to a corrupted data directory, a backup automation task requiring passwordless SSH, a Tomcat WAR deployment with a custom port, and a two-layer port conflict that required both evicting a rogue Sendmail process and adding an iptables rule before Apache was reachable.https://elijahu.me/portfolio/projects/kodekloud-days-5-8/Tue, 16 Dec 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/kodekloud-days-5-8/“Before going deeper into kernel-level work, I went back to Linux fundamentals. This is what runs under every K8s cluster and eBPF probe — owning it isn’t optional.” This series is a deliberate return to Linux fundamentals before going deeper into kernel-level work — CentOS, SELinux, Ansible, SSH. The stuff that runs silently under every K8s cluster and eBPF probe. Owning it isn’t optional. Four problems this week: SELinux configuration on a RHEL-based system, cron job automation, passwordless SSH across multiple servers, and Ansible version management for global availability.https://elijahu.me/portfolio/projects/kodekloud-days-1-4/Mon, 15 Dec 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/kodekloud-days-1-4/“Before going deeper into kernel-level work, I went back to Linux fundamentals. This is what runs under every K8s cluster and eBPF probe — owning it isn’t optional.” This series is a deliberate return to Linux fundamentals before going deeper into kernel-level work — CentOS, user management, SSH hardening, permissions. The stuff that runs silently under every K8s cluster and eBPF probe. Owning it isn’t optional. Four problems this week: non-interactive user creation, temporary account expiry, disabling root SSH across multiple servers, and file permission management.https://elijahu.me/portfolio/projects/hardened-web-server/Sat, 03 May 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/hardened-web-server/“Default configs aren’t secure. They’re defaults — built for compatibility, not production. Running SSL Labs against a stock Nginx install and getting a B or F isn’t a surprise. It’s the expected result.” This is a full hardening walkthrough for a LEMP stack on Ubuntu 22.04 — Nginx TLS configuration, PHP-FPM lockdown, MySQL least-privilege setup, firewall, Fail2Ban, and what the actual path to A+ on SSL Labs looks like. Not the happy path.https://elijahu.me/portfolio/projects/cicd-container-orch/Fri, 11 Apr 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/cicd-container-orch/“A deployment pipeline that requires a human in the loop for every push isn’t a pipeline — it’s a bottleneck with extra steps.” This is a full walkthrough of taking a Flask application from local development to production on AWS using Docker, ECR, ECS, and GitHub Actions — with secrets handled properly from the start, not bolted on as an afterthought. Pipeline flow: local development → GitHub Actions → ECR → ECShttps://elijahu.me/portfolio/projects/aws-security-auditor/Thu, 06 Mar 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/aws-security-auditor/“Manually checking security groups across multiple AWS accounts is how breaches happen. You miss things. You always miss things.” Manual security group reviews feel fine at one account. At ten, you’re genuinely flying blind — too many rules, too much context to hold in your head, no audit trail. I built this CLI tool to close that gap. This is the breakdown: what I built, the failure modes I hit, and what the production version actually looks like.https://elijahu.me/portfolio/projects/orchestration-guide/Sat, 01 Mar 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/orchestration-guide/“Manual deployments are technical debt with compound interest. Every time you run kubectl apply by hand you’re borrowing against future reliability.” This is a full breakdown of a push-to-deploy GitOps pipeline on Kubernetes — Flask webhook orchestration server, isolated test namespace with resource quotas, RBAC scoped to minimum permissions, network policy isolation between test and production, and blue-green deployment with automated rollback. Built because the manual process was unsustainable, documented because the failure modes are worth knowing.https://elijahu.me/portfolio/projects/nginx/Tue, 28 Jan 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/nginx/“403 errors on a freshly configured Nginx server are almost never about the file. They’re about the path to the file.” This is a configuration and troubleshooting reference for running Nginx on Ubuntu 22.04 on AWS EC2 — covering the full setup, the security group configuration that catches people out, and the complete 403 debugging chain. Written from a real configuration session where the permission issues took longer than they should have.