Page 1

Optional DependsOn with CloudFormation: Metadata to the rescue

When working with AWS CloudFormation, sometimes it’s necessary to incorporate optional dependencies into your template. Recently, I encountered a situation where I had to build a single CloudFormation template to manage both a VPC and an application—tho...

Are you missing an AWS resource in Terraform? Try awscc provider!

There is nothing more frustrating than running into gaps in resource coverage when working with Infrastructure as Code tools like Terraform or CloudFormation. Not being able to use the latest features to solve a challenge is demotivating. Recently, I di...

Review: Amazon GuardDuty Malware Protection for S3

Imagine users uploading attachments directly to S3 to share them with other users. Or partners uploading data to your S3 bucket to trigger business processes that download directly from S3. What could go wrong? A file uploaded to S3 could be infected. M...

Deploying Self-Hosted Runners for GitHub Enterprise Server on AWS: A Guide to Efficient CI/CD

GitHub Actions is a continuous integration and continuous deployment (CI/CD) platform provided by GitHub. It allows you to automate your software development workflows by building, testing, and deploying code directly from your GitHub repository. Many c...

How to write unit tests when using the AWS JavaScript SDK v3?

Writing unit tests for code that interacts with the AWS JavaScript SDK v3 comes with two major benefits. Obviously, writing unit tests ensures you catch bugs early and therefore increase the quality of your code. Also, writing unit tests enables you to ...

Tidying up after failed Terraform tests

Automated tests are making their way into Infrastructure as Code projects. Recently, I’ve implemented tests with Terraform’s test framework which was released in October 2023. However, I ran into the issue that Terraform could not remove all AWS resourc...

How to monetize an API on AWS?

Did you develop an API and want to sell access? Here is how I combined Amazon’s API Gateway (REST APIs) and FastSpring, a payment and subscription platform, to monetize our API for malware scanning. Luckily, you can apply the pattern to any REST API. T...

Cleaning up AMIs

Costs are like fingernails. You have to cut them constantly. When working with AWS, cleaning up unused resources is crucial. Otherwise, you will end up with a steadily growing AWS bill and waste money. Do you build AMIs automatically, for example, with ...

How to reduce costs for GitHub Actions?

GitHub Actions is my favorite CI/CD solution. Over the past year, I gradually switched all projects from CodePipeline to GitHub Actions. To this day, I enjoy the smooth user experience. However, GitHub-hosted runners quickly become a big item on GitHub’...

KMS Key Policy Privilege Escalation

Encrypting data at rest is a widespread best practice on AWS. In 2019, Werner Vogels set the tone with his motivational slogan, “Dance like nobody’s watching. Encrypt like everyone is!”. AWS shipped the ability to encrypt data at rest for almost all its...