All posts

52 posts · Page 3 of 3

Cloudflare Access — ZTNA fundamentals in 30 minutes

2025-02-27

Cloudflare Cloudflare One Cloudflare Access ZTNA

Replacing VPN for internal apps with Cloudflare Access: anatomy, login flow, 5-step setup (application, IdP, policy, Tunnel, test), policy evaluation order, and troubleshooting....

KhaVan
14 min read
3,350 words

The four-layer mental model — Client, Identity, Policy, Resource

2025-02-08

Cloudflare Cloudflare One Zero Trust Architecture

A framework for reasoning about every Cloudflare One feature: every request traverses four layers producing signals, and policy yields one of five outcomes. Rollout and debugging....

KhaVan
14 min read
3,372 words

SASE, SSE, Zero Trust, ZTNA: getting the terminology right

2025-01-31

Cloudflare Cloudflare One SASE SSE

Four terms routinely conflated in RFPs, design docs, and vendor marketing. Their scope, when Gartner/Forrester defined them, how to use each correctly, and a decision tree....

KhaVan
13 min read
2,954 words

What is Cloudflare One, and why SASE matters

2025-01-23

Cloudflare Cloudflare One SASE Zero Trust

A practical overview of Cloudflare One: SASE, SSE, Zero Trust, the six main product groups, how it compares to Zscaler and Netskope, and the mental model to have before deployment....

KhaVan
22 min read
5,222 words

AWS IAM Access Key rotation: Lambda + Secrets Manager

2025-01-19

AWS IAM Security Automation Secrets Manager

An AWS-native solution for rotating, disabling, and deleting IAM access keys on policy — the multi-account architecture, trade-offs, and what operating it actually takes....

KhaVan
10 min read
2,519 words

Hello, Things Worth Sharing

2025-01-12

News

Useful ideas, lessons, and discoveries worth sharing — the English edition....

KhaVan
2 min read
352 words

Workload Identity Federation AWS to GCP: keyless auth

2025-01-08

Cloud Security AWS GCP Identity Federation

Workload Identity Federation deep dive: why Service Account Keys are anti-pattern, AWS STS → Google STS exchange, attribute mapping, impersonation, threat model, Terraform....

KhaVan
16 min read
4,166 words

Syntax highlighting with Shiki on Astro, dual theme

2024-12-27

Developers

Two themes, one build, no flash — the one config snippet you need for Shiki with a light/dark Astro blog....

KhaVan
1 min read

Running CSPM across a dozen AWS Landing Zones

2024-12-24

Cloud Security AWS CSPM Prowler

How I built an in-house CSPM engine scanning many AWS Landing Zones in parallel with Prowler, storing findings in D1 and artifacts in R2, into one Security Operations dashboard....

KhaVan
9 min read
2,582 words

Moving a static blog from Cloudflare Pages to Workers Assets

2024-12-12

Developers Workers Cloudflare

Why the switch made sense, the practical trade-offs, and a handful of small configuration details that would have saved debugging time up front....

KhaVan
8 min read
1,999 words

Notes from three months of rolling out Zero Trust

2024-12-08

Security Zero Trust Cloudflare

What actually worked, what didn't live up to expectation, and the operational lessons from rolling out Cloudflare Zero Trust across an organisation of thousands....

KhaVan
13 min read
2,968 words

Five lessons on D1 schema design, learned the hard way

2024-11-27

Database D1 Cloudflare Developers

Composite primary keys, when FTS is still worth it, why intuition is a bad guide for indexing, and why row counts at the edge matter more than they look....

KhaVan
9 min read
2,850 words