Page 25

Encrypting sensitive data stored on S3

S3 comes with a bunch of features to encrypt your data at rest. Data at rest means inactive data stored physically on disk. Before we dive into encrypting data at rest, I want to highlight that there is also data in use and data in transit. If the data...

Restricting Access to EC2 Instances Based on Tags

The principle of least privilege is key when it comes to securing your infrastructure on AWS. For example, an engineer should only be able to control EC2 instances that are in scope for her day-to-day work. But how do you make sure an engineer is only a...

Analyzing CloudTrail with Athena

Which IAM users have been active within your AWS account within the last 30 days? Are all of the 999 IAM roles still in use, or can you remove some of them to clean up your infrastructure? Is it safe to remove the action s3:GetObject from the IAM policy...

Dead man's switch with CloudWatch

While writing this article, I’m traveling from Frankfurt to Stuttgart by high-speed train (ICE) with a top speed of 280 km/h. It is reassuring to know that a dead man’s switch stops the train immediately if the train driver becomes incapacitated, such a...

Rich Social Sharing with single page applications hosted on S3 and delivered via CloudFront

You undoubtedly heard about single page applications (SPA) written with frameworks like Angular or React. One of the benefits of this approach is the possibility to host the static files (HTML, js, CSS, etc.) on a simple storage solution like S3 and put...

Rapid CloudFormation: cfn-modules

Today, we release a new open source project to make your CloudFormation live easier. We promise rapid CloudFormation with cfn-modules. Our modules provide common building blocks to automate your infrastructure with plain CloudFormation templates. Why c...

EKS vs. ECS: orchestrating containers on AWS

AWS announced Kubernetes-as-a-Service at re:Invent in November 2017: Elastic Container Service for Kubernetes (EKS). Since yesterday, EKS is generally available. I discussed ECS vs. Kubernetes before EKS was a thing. Therefore, I’d like to take a second...

Cleaning up an S3 bucket with the help of Athena

Imagine your basement or attic would provide unlimited capacity for storing stuff. Sounds great? Maybe at first. But imagine how many stuff would pile up over the years if you were not forced to clean up your stuff because of limited storage space every...

Cloud adaption strategy: event-based data synchronization

Are you building an application for the cloud without the slightest dependency to an on-premises infrastructure? Lucky you, most of us are struggling with uniting an outdated on-premises infrastructure with the shiny cloud. I’d like to share a cloud ada...

Sharing data volumes between machines: EFS

Many legacy applications store state in files on disk. Therefore, using Amazon S3, an object store, is impossible by default. Using block storage might be an option, but it won’t allow access to files from multiple machines in parallel. Hence you need a...