TechOps Examples
Hey — It's Govardhana MK 👋
Welcome to another technical edition.
Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.
Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities and articles.
Top engineers at Anthropic and OpenAI say AI now writes 100% of their code.
If you're not using AI, you're spending 40 hours doing what they do in 4.
These 100+ Claude Code hacks fix that and help you ship 10x faster.
Sign up for The Code and get:
100+ Claude Code hacks used by top engineers — free
The Code newsletter — learn the latest AI tools, tips, and skills to code faster with AI in 5 minutes a day
🛠 TOOL OF THE DAY
Kluctl - Unifies complex Kubernetes deployments into a single declarative framework.
Integrates with Helm and Kustomize.
Supports diffs and dry runs.
Facilitates GitOps workflows.
🧠 USE CASE
Understanding AWS Security Groups
AWS Security Groups (SGs) are stateful firewalls controlling inbound and outbound traffic at the instance level. Security Groups attach directly to EC2 instances, RDS, ALB, Lambda (in VPC), etc.

By default:
All inbound traffic is blocked. You must explicitly allow it.
All outbound traffic is allowed. Unless you restrict it.
Since SGs are stateful, if an inbound request is allowed, the response is automatically allowed (you don’t need an outbound rule for responses)

Every rule in a Security Group has the following technical parameters:
Field | Description |
|---|---|
Protocol Eg Value: TCP, UDP, ICMP, All | Defines the network protocol |
Port Range Eg Value: 22 (SSH), 80 (HTTP), 443 (HTTPS) | Specific port(s) to allow |
Source/Destination Eg Value: | The IP, CIDR, or another SG allowed to communicate |
Description Eg Value: Allow SSH from Office | (Optional) Useful for tracking |
Security Groups can reference other Security Groups instead of IPs. This is critical when working with multiple tiers (Load Balancer → App Server → Database)
Use Case: ALB to Web Server
Instead of exposing your Web Server to
0.0.0.0/0, allow only traffic from the ALB’s SG.This way, only traffic from the ALB is allowed.
Why? If the ALB’s IP changes, the rule still works because it references an SG dynamically.

Debugging Security Group Issues
1. Check Security Group Rules
aws ec2 describe-security-groups --group-ids sg-12345678Look for missing rules if traffic isn’t working.
2. Check if the Instance is Associated with the Right SG
aws ec2 describe-instances --query 'Reservations[].Instances[].SecurityGroups'An instance can have multiple Security Groups, ensure the right one is attached.
3. Use VPC Flow Logs to Detect Blocked Traffic
If traffic never reaches your instance → Wrong Security Group rule.
If the request reaches but gets no response → Application issue.
Things to Remember:
✅ Use Security Groups, not static IPs in rules.
✅ Avoid “allow all” rules (0.0.0.0/0) unless necessary.
✅ Don’t allow 0.0.0.0/0 inbound for SSH or databases.
✅ Use IAM roles for permissions, not security groups alone.
✅ Regularly audit SGs to remove unused or overly permissive rules.
✅ Only allow necessary ports (e.g., SSH from a trusted IP, HTTP from the internet).
My 2 cents:
Security Groups are not just allow/deny rules. They’re dynamic, stateful, and critical for AWS security.
So keep them tight, specific, and regularly reviewed.
I run a DevOps and Cloud consulting agency and have helped 17+ businesses, including Stanford, Hearst Corporation, CloudTruth, and more.
When your business needs my services, book a free 1:1 business consultation.
Looking to promote your company, product, service, or event to 40,000+ Cloud Native Professionals? Let's work together.


