Show HN: We moved from AWS to Hetzner, saved 90%, kept ISO 27001 with Ansible

Earlier this year I led our migration off AWS to European cloud (Hetzner + OVHcloud), driven by cost (we cut 90%) and data sovereignty (GDPR + CLOUD Act concerns).

We rebuilt key AWS features ourselves using Terraform for VPS provisioning, and Ansible for everything from hardening (auditd, ufw, SSH policies) to rolling deployments (with Cloudflare integration). Our Prometheus + Alertmanager + Blackbox setup monitors infra, apps, and SSL expiry, with ISO 27001-aligned alerts. Loki + Grafana Agent handle logs to S3-compatible object storage.

The stack includes: • Ansible roles for PostgreSQL (with automated s3cmd backups + Prometheus metrics) • Hardening tasks (auditd rules, ufw, SSH lockdown, chrony for clock sync) • Rolling web app deploys with rollback + Cloudflare draining • Full monitoring with Prometheus, Alertmanager, Grafana Agent, Loki, and exporters • TLS automation via Certbot in Docker + Ansible

I wrote up the architecture, challenges, and lessons learned: https://medium.com/@accounts_73078/goodbye-aws-how-we-kept-i...

I’m happy to share insights, diagrams, or snippets if people are interested — or answer questions on pitfalls, compliance, or cost modeling.


Comments URL: https://news.ycombinator.com/item?id=44335920

Points: 53

# Comments: 21

https://medium.com/@accounts_73078/goodbye-aws-how-we-kept-iso-27001-slashed-costs-by-90-914ccb4b89fc

Vytvorené 16d | 21. 6. 2025, 11:10:07


Ak chcete pridať komentár, prihláste sa

Ostatné príspevky v tejto skupine

Show HN: Modernized File Manager and Program Manager from Windows 3.x

This is a fork of Windows File Manager combined with a from-scratch remake of Program Manager. Fast, lightweight, and suitable for daily driver use.


Comments URL:

7. 7. 2025, 4:50:09 | Hacker news
Show HN: A Language Server Implementation for SystemD Unit Files

A Language Server Protocol (LSP) implementation for systemd unit files, providing editing support with syntax highlighting, diagnostics, autocompletion, and documentation made with rust.


7. 7. 2025, 4:50:08 | Hacker news