<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Ganesh Boggarapu</title>
    <description>The latest articles on DEV Community by Ganesh Boggarapu (@ganeshbkrp).</description>
    <link>https://dev.to/ganeshbkrp</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F837068%2F08d41501-fd50-484b-ba80-4cae29ec526d.jpg</url>
      <title>DEV Community: Ganesh Boggarapu</title>
      <link>https://dev.to/ganeshbkrp</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/ganeshbkrp"/>
    <language>en</language>
    <item>
      <title>What are Distroless Images</title>
      <dc:creator>Ganesh Boggarapu</dc:creator>
      <pubDate>Fri, 10 Jul 2026 05:50:10 +0000</pubDate>
      <link>https://dev.to/ganeshbkrp/what-are-distroless-images-2kc1</link>
      <guid>https://dev.to/ganeshbkrp/what-are-distroless-images-2kc1</guid>
      <description>&lt;p&gt;Traditional container images are often large because they include many components such as operating system packages, system dependencies, runtime libraries, application binaries, package managers, and shells. These additional components increase the image size and expand the attack surface, potentially introducing security vulnerabilities.&lt;/p&gt;

&lt;p&gt;As image size increases, one of the primary benefits of containers—being lightweight and portable—is diminished. Larger images require more storage space, take longer to transfer across networks, and can increase deployment times.&lt;/p&gt;

&lt;p&gt;Distroless images address this problem by including only the components required to run the application, such as runtime libraries and application dependencies. They typically exclude unnecessary tools such as shells, package managers, and debugging utilities. By reducing the number of installed components, distroless images are smaller, have a reduced attack surface, and provide a more secure and efficient runtime environment.&lt;/p&gt;

</description>
      <category>docker</category>
      <category>devops</category>
      <category>sre</category>
      <category>containers</category>
    </item>
    <item>
      <title>How is Ansible different from Chef &amp; Puppet</title>
      <dc:creator>Ganesh Boggarapu</dc:creator>
      <pubDate>Tue, 23 Jun 2026 07:59:44 +0000</pubDate>
      <link>https://dev.to/ganeshbkrp/how-is-ansible-different-from-chef-puppet-3k8j</link>
      <guid>https://dev.to/ganeshbkrp/how-is-ansible-different-from-chef-puppet-3k8j</guid>
      <description>&lt;p&gt;Ansible is one of the widely used tools in DevOps automation for configuration management, especially when compared with Chef and Puppet. There are several reasons for its popularity.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Agentless approach&lt;/strong&gt;: One of Ansible’s key features is its agentless model, which avoids the overhead of installing and maintaining agents on managed systems. It is easy to get started with, and it typically uses SSH key-based authentication for Linux/Unix systems.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;YAML-based playbooks&lt;/strong&gt;: Ansible playbooks are written in YAML, which is human-friendly and does not require learning a new programming language. This lowers the learning curve for DevOps engineers and fits well with tools such as Kubernetes and Docker.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Disadvantages&lt;/strong&gt;: There are also some limitations when compared with Chef and Puppet.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Less declarative enforcement&lt;/strong&gt;: Unlike Puppet, Ansible is often more task-oriented than declarative. This gives users more control over execution flow, but it is less focused on continuous state enforcement.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;No continuous drift correction by default&lt;/strong&gt;: Ansible does not continuously monitor and reconcile system state on its own. If someone changes a server manually, Ansible will not correct that change until you run automation again.&lt;/p&gt;

</description>
      <category>automation</category>
      <category>devops</category>
      <category>infrastructure</category>
      <category>tooling</category>
    </item>
    <item>
      <title>What is an .env file and why is it so important?</title>
      <dc:creator>Ganesh Boggarapu</dc:creator>
      <pubDate>Fri, 12 Jun 2026 19:36:52 +0000</pubDate>
      <link>https://dev.to/ganeshbkrp/what-is-an-env-file-and-why-is-it-so-important-5h3d</link>
      <guid>https://dev.to/ganeshbkrp/what-is-an-env-file-and-why-is-it-so-important-5h3d</guid>
      <description>&lt;p&gt;The .env file has all the critical details which we generally do not pass in the source code like API keys, passwords, secrets, environment variables, tokens. It is extremely important that we make sure we do not push .env files to public repositories as there is a strong chance of credentials and API keys going into the wrong hands.&lt;/p&gt;

&lt;p&gt;Always add your .env files to your .gitignore file in to ensure they are kept safe. This will not let git push .env files to the github repository. The .env files will be kept in the .gitignore file whcih can be accessed by other teammates&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feplpxmy3ojbp4nciv5gk.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feplpxmy3ojbp4nciv5gk.png" alt=" " width="800" height="533"&gt;&lt;/a&gt;&lt;/p&gt;

</description>
      <category>devops</category>
      <category>git</category>
    </item>
    <item>
      <title>Basics of AWS IAM: How to setup a Cloud Trail in your organization?</title>
      <dc:creator>Ganesh Boggarapu</dc:creator>
      <pubDate>Tue, 14 Jun 2022 20:18:34 +0000</pubDate>
      <link>https://dev.to/aws-builders/basics-of-aws-iam-how-to-setup-a-cloud-watch-trail-in-your-organization-4jok</link>
      <guid>https://dev.to/aws-builders/basics-of-aws-iam-how-to-setup-a-cloud-watch-trail-in-your-organization-4jok</guid>
      <description>&lt;p&gt;In this blog post, I am going to show you how to create a simple CloudTrail in AWS.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Cloud Trail&lt;/strong&gt;: Cloud Trail is a service in AWS that logs in the activity of an event in an account. The logging can be done by anyone user/service/role and it generally logs management and data events. &lt;/p&gt;

&lt;p&gt;Cloud Trail is activated by default and can store the latest 90 days events. If you want to log the trail in an S3 bucket then we need to create a trail.&lt;/p&gt;

&lt;p&gt;Except for global services like STS, IAM and Cloud front the cloud trail is regional.&lt;/p&gt;

&lt;p&gt;Now let us see a simple way to create a Cloud Trail.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Login to you AWS account and search for "Cloud Trail" in the search Tab.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://res.cloudinary.com/practicaldev/image/fetch/s--VHqZIchW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/f8fcvb3pd8bj90f7fhii.png" class="article-body-image-wrapper"&gt;&lt;img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VHqZIchW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/f8fcvb3pd8bj90f7fhii.png" alt="Image description" width="880" height="216"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;2) Click on the 3 bars at the Top left corner and select trails. Then click on the new trail and enter the name of the trail you wish you give. There is an option to select "Enable for all accounts in my organization" use this if you wish you log the events across your organization in a single place. This can be done only if you create this trail in your management account.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://res.cloudinary.com/practicaldev/image/fetch/s--OV60UEoc--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pdws7oa0bf5drssqyt38.png" class="article-body-image-wrapper"&gt;&lt;img src="https://res.cloudinary.com/practicaldev/image/fetch/s--OV60UEoc--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pdws7oa0bf5drssqyt38.png" alt="Image description" width="880" height="473"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;3) I have chosen to untick both the log file SSE KMS Encryption and log file validation. Click Next.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://res.cloudinary.com/practicaldev/image/fetch/s--j-2EN2Or--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/bc96nsijkhsqwoh6xcn3.png" class="article-body-image-wrapper"&gt;&lt;img src="https://res.cloudinary.com/practicaldev/image/fetch/s--j-2EN2Or--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/bc96nsijkhsqwoh6xcn3.png" alt="Image description" width="880" height="584"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;4) I have left everything as default as I only want to log Management events. &lt;/p&gt;

&lt;p&gt;&lt;a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Er3s9L1Z--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/57bltmrk8t0d57o90qdi.png" class="article-body-image-wrapper"&gt;&lt;img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Er3s9L1Z--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/57bltmrk8t0d57o90qdi.png" alt="Image description" width="880" height="559"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;5) Verify all the details mentioned in the next step and click create trail. &lt;/p&gt;

&lt;p&gt;&lt;a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Ueyw1amS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/x33ifhgh2aezjyiy6y9f.png" class="article-body-image-wrapper"&gt;&lt;img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Ueyw1amS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/x33ifhgh2aezjyiy6y9f.png" alt="Image description" width="880" height="207"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Give a few minutes for the cloud trail to collect logs on the activity done inside the AWS account. &lt;/p&gt;

&lt;p&gt;6) Click on the S3 bucket to see the cloud trail logs that are generated in the account.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://res.cloudinary.com/practicaldev/image/fetch/s--6jgSmnIN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/tdd9koua0usmboefe4wm.png" class="article-body-image-wrapper"&gt;&lt;img src="https://res.cloudinary.com/practicaldev/image/fetch/s--6jgSmnIN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/tdd9koua0usmboefe4wm.png" alt="Image description" width="880" height="415"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;7) Over time logs get created in the S3 bucket and you can see the contents when you open them. Below is an example of the same.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://res.cloudinary.com/practicaldev/image/fetch/s--3Rbw06mG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/cichcswj7mnwp5fx9c68.png" class="article-body-image-wrapper"&gt;&lt;img src="https://res.cloudinary.com/practicaldev/image/fetch/s--3Rbw06mG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/cichcswj7mnwp5fx9c68.png" alt="Image description" width="880" height="209"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This blog post was originally published on &lt;a href="https://www.ganeshboggarapu.com/how-to-setup-a-cloud-trail/"&gt;https://www.ganeshboggarapu.com/how-to-setup-a-cloud-trail/&lt;/a&gt;&lt;/p&gt;

</description>
      <category>aws</category>
      <category>cloudtrail</category>
      <category>cloud</category>
      <category>awsiam</category>
    </item>
    <item>
      <title>Basics of AWS IAM: Users, Groups, Policies</title>
      <dc:creator>Ganesh Boggarapu</dc:creator>
      <pubDate>Sat, 04 Jun 2022 12:22:38 +0000</pubDate>
      <link>https://dev.to/aws-builders/basics-of-aws-iam-users-groups-policies-55lj</link>
      <guid>https://dev.to/aws-builders/basics-of-aws-iam-users-groups-policies-55lj</guid>
      <description>&lt;p&gt;This Blogpost is a simple primer or refresher on the basics of IAM like users, groups and policies. &lt;/p&gt;

&lt;p&gt;IAM is a tool inside AWS that helps in managing all the aspects of your architecture related to identities, policies, etc. &lt;/p&gt;

&lt;p&gt;Let us begin with &lt;strong&gt;IAM Policies&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;IAM Policies&lt;/strong&gt;: A policy is an object in AWS that when associated with an identity or resource defines its permissions. &lt;/p&gt;

&lt;p&gt;For Eg: When a user Sam is Assigned an IAM policy he may get many new powers(permissions) and limitations as well. He may have access to many services and resources inside AWS at the same time his access can be limited at how he can use them.&lt;/p&gt;

&lt;p&gt;There are two types of IAM policies:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Inline Policies&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Managed Policies&lt;/strong&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;strong&gt;Inline Policies&lt;/strong&gt; are used only when special or exceptional permissions need to be applied. If a permission or policy needs to be applied only to a particular user/group then we assign an inline policy to it either at the time of creation of the identity or after its creation.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Managed Policies&lt;/strong&gt; are of two types:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;AWS Managed Policies&lt;/strong&gt;: Managed by AWS &lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Customer policies&lt;/strong&gt; : Managed by customers&lt;/li&gt;
&lt;/ol&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;When a policy is to be applied to a large no. of users or identities applying policies to each individual becomes difficult so we apply Managed policies.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Managed policies are reusable in the sense once they are created they can be applied to any user or group but when it comes to inline policies it is user/group-specific and it cannot be used elsewhere.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Another important aspect when it comes to applying policies is the order of precedence.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Explicit Deny&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Explicit Allow&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Deny&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Explicit Deny&amp;gt;&amp;gt;Explicit Allow&amp;gt;&amp;gt;Deny&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;If a particular policy explicitly denies a user access to a resource that takes precedence over anything else where the user is explicitly allowed.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;If there is no mention of explicit allow or deny AWS by default denies access to the resource.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;IAM Users&lt;/strong&gt;:- They are an identity used for anything requiring long-term AWS access. Eg:- Humans, Applications, or Service Accounts. &lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;There can be 5000 IAM users per account. If you need more users then you can send an email to the AWS support to increase the no. of users.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;An IAM user can be a part of 10 groups.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;IAM Groups&lt;/strong&gt;: IAM groups are containers for users.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;There can be 300 groups per account. A resource policy cannot grant access to a group.&lt;/li&gt;
&lt;li&gt;There is no default group as such with all users in one group. You can add all users in an A/C to one IAM group. There is no nesting of groups allowed in AWS.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;IAM Roles&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A role is an identity assumed for a small period of time.&lt;/li&gt;
&lt;li&gt;IAM role is used when the identity(user/application) has multiple entities.&lt;/li&gt;
&lt;li&gt;IAM role represents a level of access inside the AWS account.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;There are two parts of an IAM Role&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Trust Policy&lt;/strong&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Permission Policy&lt;/strong&gt; &lt;/p&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;strong&gt;Trust Policy&lt;/strong&gt;: This decided which identities assume a particular role.&lt;br&gt;
If an identity is allowed to assume roles by the IAM then it gives them temporary security credentials.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;These credentials are time limited. So everytime the temporary credentials are used, the access is checked against this permission policy.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;We use IAM roles when external on-premise accounts try to access the AWS resources. They assume a role that gives temporary credentials to access these resources. &lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aws</category>
      <category>iam</category>
      <category>cloud</category>
      <category>beginners</category>
    </item>
  </channel>
</rss>
