Page 2

Serving content only to logged-in users with CloudFront Signed Cookies

This blog can be accessed by anyone with access to the free Internet. It’s a public website. But many websites offer a members-only area. You have to log in to get access to parts of the website. In this blog post, I demonstrate how CloudFront can be us...

Running containers on spot infrastructure

Running workloads on spot infrastructure is significantly cheaper. You can reduce your bill by 50% or more. Keep in mind that spot workloads can be terminated at any time. If you are lucky, you will be noticed 2 minutes upfront to shut down gracefully. ...

Review: AWS Fault Injection Simulator (FIS) – Chaos as a Service?

AWS allows us to run applications distributed across EC2 instances and availability zones. By adding load balancers or message queues to the architecture, we can achieve fault tolerance or high availability. But how can we test that our system can survi...

Programming your CDN: CloudFront and Lambda@Edge

Minimizing the load time of your websites and applications is essential for two reasons. First, search engines rank websites based on page load times. Second, users are impatient and might cancel loading your application to jump to a competitor instead....

Defining IAM Policies with Terraform safely

Are you still defining IAM policies using heredoc syntax (<<EOF ... EOF) or jsonencode()? You can do better! As a result, terraform validate can tell you about typos before you apply them, and you get better auto-complete support from your IDE. Re...

Managing application secrets: SSM Parameter Store vs. Secrets Manager

Many applications interact with external or internal systems like databases or REST APIs. When your application talks to another system, it usually authenticates with a secret, e.g., an API key, username + password, or a certificate. This leads to the q...

What Architects Need to Know About Networking on AWS

As an architect, you may not have thought too much about the network management before. At least that’s how it used to be for me. But since I’ve been designing architectures for AWS, network structure has become much more important to me. With Amazon V...

Cognito Under the Hood

Have you ever implemented a user database and authentication layer yourself? There are many things to get right: Hashing and salting passwords, multi-factor authentication, brute force attacks, and many more. That’s why I recommend using a production-re...

DNSSEC with Route 53: Protecting the core of the Internet

The Internet relies on DNS. This makes it all the more important to do everything possible to protect the global DNS infrastructure from attacks. Andreas explains how DNSSEC protects from DNS spoofing. During the demo you will learn how to enable DNSSEC...

Parental Leave

This is the last thing on my checklist before I leave for nine months. Until January 2022, I take on the joys and responsibilities of child care. Having children in GermanyMy wife and I have two children who are three years and nine months old. In Germ...