Cloudonaut Teaser

Welcome to cloudonaut

Your launchpad for Amazon Web Services (AWS)

By Andreas & Michael Wittig. Since 2015, we published 381 articles, 85 podcast episodes, and 88 videos.

Start reading

Welcome to cloudonaut

Your launchpad for Amazon Web Services (AWS)

By Andreas & Michael Wittig.

Start reading
Cloudonaut Teaser

KMS Key Policy Privilege Escalation

Encrypting data at rest is a widespread best practice on AWS. In 2019, Werner Vogels set the tone with his motivational slogan, “Dance like nobody’s watching. Encrypt like everyone is!”. AWS shipped the ability to encrypt data at rest for almost all its...

Read on

Connect GitHub Actions with AWS VPC

GitHub Actions is my preferred CI/CD solution. I’m using GitHub Actions to build and deploy applications on AWS. However, GitHub Actions does not have access to private subnets, which is required in the following scenarios: Execute database migrations ...

Read on

Protect Amazon Connect from viruses and malware by scanning attachments

Four years ago, we stumbled into Amazon Connect. In essence, Amazon Connect allows your users to reach your organization represented by agents via phone or chat. While chatting, Amazon Connect allows users and agents to upload attachments. For many year...

Read on

Worldwide availability of EC2 instance types

The promise sounds tempting; with AWS, you can roll out your infrastructure in 28 regions worldwide. Indeed, it is an eye-opening moment when rolling out the same infrastructure into multiple regions to serve users in different parts of the world. Howev...

Read on

How to monitor container workloads running on ECS and Fargate?

How do you monitor a container workload running on ECS (Elastic Container Service) and Fargate with on-board resources? Here are the prioritized aspects when it comes to monitoring containers on AWS. Event-driven monitoring with EventBridge Monitoring ...

Read on

Using DynamoDB Entity Store for cleaner TypeScript code

DynamoDB is a cloud-hosted NoSQL database from Amazon Web Services (AWS). DynamoDB is popular for two main reasons: It scales extremely effectively with little operational effort Since it is a serverless service it is also cheap, simple, and quick to r...

Read on

The Lambda monitoring blind spot

After a customer complained that a feature of marbot, our monitoring solution for AWS was not working as expected, I started debugging the issue. First, I checked the CloudWatch alarms we use to monitor all Lambda functions. All CloudWatch alarms were i...

Read on

Updated CloudFormation vs Terraform in 2022

The most reliable way to automate creating, updating, and deleting your cloud resources is to describe the target state of your infrastructure and use a tool to apply it to the current state of your infrastructure (see Understanding Infrastructure as Co...

Read on

Updated Amazon ECR vs. Docker Hub vs. GitHub Container Registry

Have you worked with a Linux package manager like apt or yum before? A container registry is similar, but instead of packages, it distributes container images. A container registry is a crucial aspect of a containerized workflow and infrastructure. This...

Read on

Updated Managing application secrets: SSM Parameter Store vs. Secrets Manager

Many applications interact with external or internal systems like databases or REST APIs. When your application talks to another system, it usually authenticates with a secret, e.g., an API key, username + password, or a certificate. This leads to the q...

Read on

[cloudonaut podcast] Vol. 86 - Overwhelmed by Security Hub

[cloudonaut podcast] Vol. 85 - Losing trust in KMS

[cloudonaut podcast] Vol. 84 - Aurora Serverless is dead, long live Aurora Serverless!

[cloudonaut podcast] Vol. 83 - EC2 Instance Types + Amazon Connect malware scanning + S3 Object Lock

#086 Overwhelmed by Security Hub

Andreas and Michael are sharing their learning while building on AWS. This episode is about AWS Security Hub and how to get any value out of the predefined security controls. Besides that, Andreas and Michael celebrate their 9th company anniversary by g...

Start listening

#085 Losing trust in KMS

Start listening

Review: AWS Fault Injection Simulator (FIS) – Chaos as a Service?

AWS allows us to run applications distributed across EC2 instances and availability zones. By adding load balancers or message queues to the architecture, we can achieve fault tolerance or high availability. But how can we test that our system can survi...

Read on

Cheap, Durable, Fast. How to choose an EBS volume type?

Elastic Block Storage (EBS) provides solid state drives (SSD) and hard disk drives (HDD) for EC2 instances. The virtual machine accesses the persistent storage via the network. In December 2020, AWS announced another volume type called General Purpose S...

Read on

How to Become an AWS Certified Solutions Architect

In 2012, I created my first AWS account. Back then, I worked as a software engineer and was looking for a way to deploy an online trading platform. Two years later, I attended re:Invent — the yearly conference organized by AWS — in Las Vegas for the fir...

Read on
Andreas Wittig and Michael Wittig

Hej, Andreas & Michael here!

We launched the cloudonaut blog in 2015. Since then, we have published 381 articles, 85 podcast episodes, and 88 videos.

Besides sharing our learnings about all things AWS on cloudonaut, we're currently working on bucketAV, HyperEnv for GitHub Actions, and marbot.

To support our work on cloudonaut, please subscribe to our newsletter, podcast, or YouTube channel and share our content with your friends and coworkers.