Recent posts

Encrypting sensitive data stored on S3

S3 comes with a bunch of features to encrypt your data at rest. Data at rest means inactive data stored physically on disk. Before we dive into encrypting data at rest, I want to highlight that there is also data in use and data in transit. If the data is in memory, it is in use. If the data is on the network, it is in transit. If you transfer data to S3, it is TLS encrypted by default. This blog post will guide you through all ways to encrypt your S3 data at rest. Comparing optionsS3 offers a bunch of o...

Restricting Access to EC2 Instances Based on Tags

Restricting Access to EC2 Instances Based on Tags

The principle of least privilege is key when it comes to securing your infrastructure on AWS. For example, an engineer should only be able to control EC2 instances that are in scope for her day-to-day work. But how do you make sure an engineer is only a...

Analyzing CloudTrail with Athena

Analyzing CloudTrail with Athena

Which IAM users have been active within your AWS account within the last 30 days? Are all of the 999 IAM roles still in use, or can you remove some of them to clean up your infrastructure? Is it safe to remove the action s3:GetObject from the IAM policy...

Our book

Amazon Web Services in Action

Amazon Web Services in Action introduces you to computing, storing, and networking in the AWS cloud.

Customer Reviews:


Subscribe now and we'll keep you posted about new content on our blog.

We are raffling our book AWS in Action among all newsletter subscribers.

Newsletter RSS Feedly


To get started, we provide you with curated posts by topic.

About us


Andreas Wittig

Andreas is an Amazon Web Services (AWS) and DevOps enthusiast. His first cloud project was to build the infrastructure for an online banking platform on AWS. Andreas loves to teach no matter if virtual or face-to-face. He is the author of Amazon Web Services in Action, published by Manning.

Michael Wittig

Michael Wittig is author of Amazon Web Services in Action (Manning). He helps his clients to gain value from Amazon Web Services. As a software engineer he develops cloud-native real-time web applications. He has expertise in distributed system development and architecture, with experience in algorithmic trading and real-time analytics.

We are available for projects: Hire us!

More posts

Dead man's switch with CloudWatch

Dead man's switch with CloudWatch

While writing this article, I’m traveling from Frankfurt to Stuttgart by high-speed train (ICE) with a top speed of 280 km/h. It is reassuring to know that a dead man’s switch stops the train immediately if the train driver becomes incapacitated, such a...

Easy-going AWS CloudFormation: cfn-modules

Easy-going AWS CloudFormation: cfn-modules

Today, we release a new open source project to make your CloudFormation live easier. We promise easy-going CloudFormation with cfn-modules. Our modules provide common building blocks to automate your infrastructure with plain CloudFormation templates. ...

Rich Social Sharing with single page applications hosted on S3 and delivered via CloudFront

Rich Social Sharing with single page applications hosted on S3 and delivered via CloudFront

You undoubtedly heard about single page applications (SPA) written with frameworks like Angular or React. One of the benefits of this approach is the possibility to host the static files (HTML, js, CSS, etc.) on a simple storage solution like S3 and put...