https://ofurotime.ca/knowledge-base/cloud/Recent content in Cloud on CENG Lab -- Ryo UedaHugoenMon, 08 Jun 2026 00:00:00 +0000https://ofurotime.ca/knowledge-base/cloud/iac-scanning-tools/Mon, 08 Jun 2026 00:00:00 +0000https://ofurotime.ca/knowledge-base/cloud/iac-scanning-tools/<h2 id="tool-overview" class="relative group">Tool Overview <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100"><a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#tool-overview" aria-label="Anchor">#</a></span></h2><table> <thead> <tr> <th>Tool</th> <th>Role</th> <th>What it catches</th> </tr> </thead> <tbody> <tr> <td><strong>Checkov</strong></td> <td>IaC security scanner</td> <td>Misconfigurations in Terraform, CloudFormation, K8s</td> </tr> <tr> <td><strong>TFLint</strong></td> <td>Terraform linter</td> <td>Invalid resource types, deprecated syntax, bad practices</td> </tr> <tr> <td><strong>Grype</strong></td> <td>Vulnerability scanner</td> <td>CVEs in container images, filesystems, SBOMs</td> </tr> <tr> <td><strong>pre-commit</strong></td> <td>Git hook framework</td> <td>Runs all of the above automatically on every commit</td> </tr> </tbody> </table> <pre tabindex="0"><code>git commit → pre-commit → TFLint + Checkov (local) ↓ CI pipeline → Checkov + TFLint + Grype (full gate) </code></pre><hr> <h2 id="1-checkov" class="relative group">1. Checkov <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100"><a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#1-checkov" aria-label="Anchor">#</a></span></h2><p>Static analysis tool for IaC security. 1,000+ built-in policies covering AWS, Azure, GCP, and Kubernetes. Maintained by Palo Alto Networks (acquired Bridgecrew) under Apache 2.0.</p>https://ofurotime.ca/knowledge-base/cloud/-labhugo-website/Sun, 07 Jun 2026 00:00:00 +0000https://ofurotime.ca/knowledge-base/cloud/-labhugo-website/<h2 id="overview" class="relative group">Overview <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100"><a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#overview" aria-label="Anchor">#</a></span></h2><p>This lab covers building a personal website from scratch using Hugo as a static site generator, the Congo theme for design, and AWS S3 + CloudFront for hosting and content delivery.</p> <p><strong>Tech Stack:</strong></p> <ul> <li>Hugo v0.162.0 (snap) on Ubuntu WSL2</li> <li>Theme: Congo (Tailwind CSS based)</li> <li>Hosting: AWS S3 + CloudFront</li> <li>Domain: ofurotime.ca</li> </ul> <hr> <h2 id="phase-1-environment-setup" class="relative group">Phase 1: Environment Setup <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100"><a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#phase-1-environment-setup" aria-label="Anchor">#</a></span></h2><h3 id="installing-hugo" class="relative group">Installing Hugo <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100"><a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#installing-hugo" aria-label="Anchor">#</a></span></h3><p>Ubuntu&rsquo;s <code>apt</code> package manager ships an outdated version of Hugo. To get the latest version, use <code>snap</code> instead:</p>https://ofurotime.ca/knowledge-base/cloud/aws-vpc-basics/Sat, 06 Jun 2026 00:00:00 +0000https://ofurotime.ca/knowledge-base/cloud/aws-vpc-basics/<h2 id="what-is-a-vpc" class="relative group">What is a VPC? <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100"><a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#what-is-a-vpc" aria-label="Anchor">#</a></span></h2><p>A Virtual Private Cloud (VPC) is a logically isolated network within AWS. It gives you full control over IP ranges, subnets, route tables, and gateways.</p> <h2 id="key-components" class="relative group">Key Components <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100"><a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#key-components" aria-label="Anchor">#</a></span></h2><h3 id="subnets" class="relative group">Subnets <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100"><a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#subnets" aria-label="Anchor">#</a></span></h3><ul> <li><strong>Public subnet</strong> — has a route to an Internet Gateway; hosts resources accessible from the internet</li> <li><strong>Private subnet</strong> — no direct internet route; hosts databases, backend services</li> </ul> <h3 id="internet-gateway-igw" class="relative group">Internet Gateway (IGW) <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100"><a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700" style="text-decoration-line: none !important;" href="#internet-gateway-igw" aria-label="Anchor">#</a></span></h3><p>Attached to a VPC to allow communication between resources in the VPC and the internet.</p>