About Art of Infra
Art of Infra is an independent publication and creative playground for people who care about how tech shapes their world. Whether you're self-hosting at home, wrestling with AWS & Cloud, or looking for a guide for your favourite network infra partner, you're in the right place. Our mission is to help people build, defend, and explore technology. No fluff, no corporate nonsense - just honest and creative infrastructure for the rest of us.
About this Guide/ Page
This page is your central reference point for key topics we're building around at Art of Infra. Think of it as the control panel for our content - a living, breathing index of guides, tools, experiments, and resources that reflect our mission to break down the walls around complex tech and make infrastructure approachable, creative, and fun.
It’s constantly updated as we publish new pieces or update older ones. If you see a [TBA], that means something good is brewing, it’s already on the content calendar and will be released soon. We’re building a library of real, no-BS infrastructure content, and this is where you’ll find it all in one place.
Bookmark it. Check back often. Explore creativity. You’re among friends here.
Supporting Us
If you’d like to support what I’m building here, the best way is to read the blog, follow along, and share posts with others who might find them useful. Your attention and curiosity mean more than anything, that’s what keeps this going.
If you’d like to go a step further (strictly optional, but always appreciated), you can support Art of Infra and my work through tips or donations. It helps cover the time, tools, and caffeine that go into keeping this site alive and full of useful content. There are a few ways to do that:
- KoFi
- Crypto
- Subscribing to the blog.
AWS - Networking & Content Delivery
What is AWS Networking?
This section contains details on the suite of services and tools designed to help you manage your cloud resources' communication, connectivity, and security. Key components include Virtual Private Cloud (VPC), subnets, routing tables, and security groups.
These services enable you to create isolated networks, control traffic flow, and establish secure connections between resources.
- Understanding AWS VPCs
- Configuring Security Groups and NACLs [TBA]
- Designing Subnets for Scalability and Security [TBA]
What is AWS Content Delivery?
This section focuses on the distribution of data, applications, and content to end users with low latency and high transfer speeds. The key service used in most CDN efforts in AWS is Amazon CloudFront, a global content delivery network (CDN) that caches content at edge locations worldwide, ensuring fast and secure delivery to users.
- How AWS CloudFront Works & It's Use Cases [TBA]
- Best Practices for Security Content Delivery on AWS [TBA]
AWS Networking Services
AWS VPC (Virtual Private Cloud)
Amazon VPC enables you to create isolated networks within AWS. It's the foundation of AWS networking, allowing you to define IP address ranges, subnets, and routing rules for your resources.
- VPC Peering vs Transit Gateway
- Internet & NAT Gateways [TBA]
- Routing Tables [TBA]
- IPAM - Overview and Setup
AWS Direct Connect (DX)
AWS Direct Connect provides a dedicated, private connection between your on-premises environment and AWS. It's ideal for applications requiring consistent, high-bandwidth connectivity.
- Setting up AWS Direct Connect for Enterprise Workloads [TBA]
- How to Combine Direct Connect with VPN for Hybrid Cloud Solutions [TBA, VPN over DX)
AWS Load Balancing
Elastic Load Balancing automatically distributes incoming application/ network traffic across multiple targets, such as EC2 instances or containers, to improve application availability and fault tolerance.
- Setting up an ELB in AWS [TBA]
- ALB vs Gateway Load Balancing vs Network Load Balancer [TBA]
- Utilising ELB with Auto-Scaling Groups [TBA]
- AWS Load Balanacer Controllers and Kubernetes [TBA]
AWS Transit Gateway (TGW)
AWS Transit Gateway simplifies network management by acting as a central hub for connecting VPCs, on-premises networks, and other AWS services.
- VPC Peering vs Transit Gateway
- BGP and AWS
- AWS Transit Gateway Use Cases and Setup Guide [TBA]
- Optimising Network Traffic with Transit Gateway Routing Policies [TBA]
- Segregating Domains in AWS Using Transit Gateway (Security/ Inspection VPC etc) [TBA]
- Transit Gateway Routing and Propagation
- VIFs [TBA]
AWS WAF, AWS Shield, Network Firewall [TBA AREAS]
AWS Content Delivery
AWS CloudFront
Amazon CloudFront accelerates the delivery of static and dynamic web content by caching it at edge locations near end users.
- Integrating CloudFront with S3 for Static Website Hosting [TBA]
- Configure CloudFront Functions for Custom Content Delivery Logic [TBA]
AWS Global Accelerator
AWS Global Accelerator improves the availability and performance of your applications by directing traffic to optimal AWS endpoints based on health and geography.
- When to use AWS Global Accelerator vs CloudFront [TBA]
- Configure Global Accelerator for Multi-Region Applications [TBA]
Fault Finding in AWS Networking
- Cloud Map [TBA]
- Trace etc [TBA]
- CloudWatch Metrics [TBA]
- VPC Reachability Analyser [TBA]
Best Practices for AWS Networking & Content Delivery
- Plan Your Network Architecture: Use a well-structured VPC design with appropriate subnetting and routing rules.
- Leverage Content Delivery Tools: Use CloudFront for caching and Route 53 for DNS management to improve application performance.
- Secure Your Resources: Implement security groups, NACLs, and encryption to protect data in transit and at rest.
- Monitor and Optimise: Use CloudWatch and VPC Flow Logs to monitor traffic and identify areas for optimisation.
- Test for Resilience: Regularly perform failover testing for ELB and Global Accelerator configurations to ensure high availability.
AWS - Security
What is AWS Security?
AWS Security encompasses services, features, and practices designed to ensure the confidentiality, integrity, and availability of your systems and data in the cloud. From identity management to encryption and compliance, AWS provides the tools you need to build secure applications and meet regulatory requirements.
- ELI5 - [AWS Shared Responsibility Model Explained] [TBA]
- [How to Implement Multi-Factor Authentication (MFA) in AWS] [TBA]
- [Understanding AWS Compliance Programs: A Beginner's Guide] [TBA]
AWS Security Services
AWS IAM (Identity and Access Management)
IAM allows you to securely manage access to AWS services and resources. You can create and manage users, groups, and roles, and define fine-grained permissions for them.
- [Best Practices for AWS IAM Policies] [TBA]
- [How to Use IAM Roles for Cross-Account Access] [TBA]
- [IAM vs. Resource Policies: Key Differences] [TBA]
AWS KMS (Key Management Service
KMS enables you to create and manage encryption keys used to protect your data. It integrates with other AWS services to provide seamless encryption and decryption.
- [Setting Up AWS KMS for Data Encryption] [TBA]
- [How to Rotate Keys in AWS KMS] [TBA]
- [Encrypting S3 Buckets with KMS: Step-by-Step Guide] [TBA]
AWS CloudTrail
CloudTrail provides detailed logging of API calls and activity in your AWS account, enabling you to monitor and audit actions for security and compliance purposes.
- [Getting Started with AWS CloudTrail Logging] [TBA]
- [How to Analyse CloudTrail Logs for Security Insights] [TBA]
- [Using CloudTrail with Amazon S3 for Long-Term Log Storage] [TBA]
AWS GuardDuty
GuardDuty is an intelligent threat detection service that continuously monitors your AWS environment for malicious activity and unauthorised behavior.
- [Configuring Amazon GuardDuty for Threat Detection] [TBA]
- [GuardDuty vs. AWS Security Hub: When to Use Each] [TBA]
- [Responding to GuardDuty Findings: Best Practices] [TBA]
AWS Security Hub
Security Hub provides a centralised view of your security posture across AWS accounts and services. It aggregates findings from various AWS security tools and compliance checks.
- [Integrating AWS Security Hub with GuardDuty and Inspector] [TBA]
- [How to Automate Compliance Checks in AWS Security Hub] [TBA]
- [Using Security Hub for Multi-Account Security Management] [TBA]
Best Practices for AWS Security
- Adopt the AWS Shared Responsibility Model: Understand which aspects of security AWS manages and which you are responsible for implementing.
- Use Identity Federation: Leverage federated authentication to simplify user access management.
- Implement Multi-Factor Authentication (MFA): Require MFA for all user accounts, especially for root and admin users.
- Encrypt Everything: Use KMS to encrypt data at rest and AWS Certificate Manager (ACM) for data in transit.
- Monitor Activity: Enable CloudTrail and GuardDuty to track and analyse activity in your AWS environment.
- Conduct Regular Security Assessments: Use AWS Trusted Advisor and third-party tools to identify and address security vulnerabilities.
- Apply Least Privilege Principle: Grant the minimum permissions necessary for users and applications to perform their tasks.
- Automate Security Responses: Use AWS Config, Lambda, and Security Hub to automate compliance checks and remediation actions.