Page 1

KMS Key Policy Privilege Escalation

Encrypting data at rest is a widespread best practice on AWS. In 2019, Werner Vogels set the tone with his motivational slogan, “Dance like nobody’s watching. Encrypt like everyone is!”. AWS shipped the ability to encrypt data at rest for almost all its...

Read more

Connect GitHub Actions with AWS VPC

GitHub Actions is my preferred CI/CD solution. I’m using GitHub Actions to build and deploy applications on AWS. However, GitHub Actions does not have access to private subnets, which is required in the following scenarios: Execute database migrations ...

Read more

Protect Amazon Connect from viruses and malware by scanning attachments

Four years ago, we stumbled into Amazon Connect. In essence, Amazon Connect allows your users to reach your organization represented by agents via phone or chat. While chatting, Amazon Connect allows users and agents to upload attachments. For many year...

Read more

Worldwide availability of EC2 instance types

The promise sounds tempting; with AWS, you can roll out your infrastructure in 28 regions worldwide. Indeed, it is an eye-opening moment when rolling out the same infrastructure into multiple regions to serve users in different parts of the world. Howev...

Read more

How to monitor container workloads running on ECS and Fargate?

How do you monitor a container workload running on ECS (Elastic Container Service) and Fargate with on-board resources? Here are the prioritized aspects when it comes to monitoring containers on AWS. Event-driven monitoring with EventBridge Monitoring ...

Read more

Using DynamoDB Entity Store for cleaner TypeScript code

DynamoDB is a cloud-hosted NoSQL database from Amazon Web Services (AWS). DynamoDB is popular for two main reasons: It scales extremely effectively with little operational effort Since it is a serverless service it is also cheap, simple, and quick to r...

Read more

The Lambda monitoring blind spot

After a customer complained that a feature of marbot, our monitoring solution for AWS was not working as expected, I started debugging the issue. First, I checked the CloudWatch alarms we use to monitor all Lambda functions. All CloudWatch alarms were i...

Read more

A future-proof Terraform provider definition

When defining the version of a Terraform provider, do not use > or => conditions. You will run into troubles caused by breaking changes with the next major release. Instead, lock the major version of the Terraform provider by using a ~> conditi...

Read more

Migrating to AWS JavaScript SDK v3: Lessons Learned

There’s work coming your way! Node.js 16 reached end-of-life on September 11th, 2023. Also, the AWS Lambda runtime environment for Node.js 18 upgraded to v3 of the AWS SDK for JavaScript. So to upgrade Lambda functions from Node.js 16 to 18, you have to...

Read more

Self-hosted GitHub runners on AWS

GitHub Actions became my tool of choice for automating tasks around software development. To execute jobs, GitHub Actions relies on runners. By default, jobs run on GitHub-hosted runners. But there are good reasons to use self-hosted runners. Reducing ...

Read more