Know The Best Practice First

Security

Deploying Agentic AI with MCP and A2A Capability on Amazon EKS

Deploying Agentic AI with MCP and A2A Capability on Amazon EKS

AWS AWS Managed Services

In-Short

CaveatWisdom

Caveat: You’ve built intelligent agents with MCP tools (Post 1) that communicate autonomously via A2A (Post 2). But deploying them without proper orchestration creates disasters: exposed credentials in containers, inability to handle load spikes when 500 RFQs hit simultaneously, no isolation between agents and MCP tools leading to security breaches, and operational nightmares with manual scaling. Ad-hoc deployments work in development but create security vulnerabilities and scalability bottlenecks in production.

Read More →
Best Practices in Implementing Security Groups for Web Application on AWS

Best Practices in Implementing Security Groups for Web Application on AWS

AWS Networking

In-Short

CaveatWisdom

Caveat: Its easy to assign source as large VPC wide CIDR range (ex: 10.0.0.0/16) in Security Groups for private instances and avoid painful debugging of data flow however we are opening our systems to a plethora of security vulnerabilities. For example, a compromised system in the network can affect all other systems in the network.

Wisdom:

  1. Create and maintain separate private subnets for each tier of the application.
  2. Only allow the required traffic for instances, you can do this easily by assigning “Previous Tier Security Group” as the source (from where the traffic is allowed) in the in-bound rule of the “Present tier’s Security Group”.
  3. Keep Web Servers as private and always front them with a managed External Elastic Load Balancer.
  4. Access the servers through Session Manager in the System Manager Server.

In-Detail

Read More →
‘Security Of the Pipeline’ and ‘Security In the Pipeline’ with AWS DevOps Tools By Design

‘Security Of the Pipeline’ and ‘Security In the Pipeline’ with AWS DevOps Tools By Design

AWS DevOps

There are many great tools out there for building CI/CD pipelines on AWS Cloud, for the sake of simplicity I am limiting my discussion to AWS native tools.

In-Short

CaveatWisdom

Caveat: Achieving Speed, Scale and Agility is important for any business however it should not be at the expense of Security.

Wisdom: Security should be implemented by design in a CI/CD pipeline and not as an afterthought.

Security Of the CI/CD Pipeline: It is about defining who can access the pipeline and what they can do. It is also about hardening the build servers and deployment conditions.

Read More →