MARD — Mariano Rodriguez Diaz on MARD — Mariano Rodríguez Díaz

Boring backups, in practice

Mon, 04 May 2026 00:00:00 +0000

This is a talk about backups. Not the impressive kind — the kind you actually run on a Tuesday at 03:00.

Why backups fail

Most backup failures aren’t technical. They’re organizational. Someone set up the job three years ago, it runs, no one checks it, and then the recovery drill reveals the retention window was set to seven days when you needed thirty.

The fix is boring: a runbook, a calendar reminder, and a person who is responsible for verifying that the restore works. Not a tool. Not automation. A person.

PCI DSS v4 — what actually changes for small teams

Sun, 12 Apr 2026 00:00:00 +0000

PCI DSS v4 is not a revolution. It is an evolution with a few sharp edges that catch small teams off guard.

What changed

The headline change is the shift from prescriptive controls to customized implementation. In v3.2.1, the standard told you exactly what to do. In v4, you can now argue that your implementation achieves the same intent through a different means — as long as you can demonstrate it.

On being one person in a serious industry

Fri, 20 Mar 2026 00:00:00 +0000

There is a specific pressure in a technical field to represent something larger than yourself. To speak as a practitioner, as a community, as a region. I resist this.

I’m one person. I have a day job. I have context that’s shaped by where I’ve worked, who I’ve worked with, and what’s gone wrong on my watch. That context is real and worth sharing. It is not universal.

Why I write under my own name

I could write as “the Covalynt blog” or “AWS UG Mixtli”. I don’t. The opinions here are mine. When I’m wrong — and I’ve been wrong — the correction should attach to me, not to a brand that would have to quietly update the post and hope no one noticed.

KMS key policies I keep getting wrong

Sun, 08 Feb 2026 00:00:00 +0000

I’ve written KMS key policies dozens of times. I still make the same three mistakes.

Mistake 1: forgetting the root principal

A KMS key policy that doesn’t include the root principal (arn:aws:iam::ACCOUNT_ID:root) can lock you out of the key. The root principal allows IAM policies to delegate key access — without it, only the key policy itself can grant access.

{
  "Sid": "Enable IAM User Permissions",
  "Effect": "Allow",
  "Principal": {
    "AWS": "arn:aws:iam::123456789012:root"
  },
  "Action": "kms:*",
  "Resource": "*"
}

This is not the same as giving root unlimited key access. It enables IAM delegation. Miss it once and you’ll never miss it again.

About

Mon, 01 Jan 0001 00:00:00 +0000

I’m Mariano. I was born and raised in Venezuela; I live in Puebla, Mexico. I migrated like a lot of people from my country migrated — not as a story, just as a fact.

I work as Engineering Manager at Covalynt, where we build cloud infrastructure for clients who can’t afford to be careless. I lead AWS User Group Mixtli — the local AWS community in Cholula, Puebla — and I write here on what I learn.

Talks

Mon, 01 Jan 0001 00:00:00 +0000