Page 6

Security Iceberg: AWS Security Hub the right way

This is a warning about AWS Security Hub. Organizations that use AWS Security Hub to monitor and mitigate risks pay too much attention to the visible part of the AWS security iceberg, namely the findings. These organizations tend to overlook or underest...

Automate CloudFormation StackSets with CloudFormation

CloudFormation StackSets rollout CloudFormation stacks to all or some of your AWS accounts. Also, stack sets allow you to deploy stacks to multiple regions. Therefore, CloudFormation stack sets are a great way to deploy baseline configurations to multip...

Review: Aurora Serverless v2

I was excited when AWS announced Aurora Serverless at re:Invent 2017. Disappointment followed shortly after. Even after Aurora Serverless became a generally available service in August 2018, it missed important features like multi-AZ deployments and rea...

Launching cloudonaut talent

We launched our blog cloudonaut in 2015, and published more than 340 articles and started to record and publish a podcast episodes and videos since then. However, cloudonaut was always a side project for us. Because we would like to put more energy into...

Amazon Web Services in Action 3rd Edition: Early Access

About seven years ago, Michael and I started to write a book about Amazon Web Services. We were beginning our consulting business, and writing a book seemed like an excellent way to demonstrate our expertise. Our publisher Manning launched our book Amaz...

Application Authentication and Authorization on AWS

In this blog post, you will learn to implement authentication and authorization for your own HTTP(S)-based applications on AWS. Most applications offer some functionality only to authenticated clients. A client can be a human or a machine. Humans usuall...

How to create a security group allowing traffic from CloudFront only?

It is one of those problems for which there has been no satisfactory solution for years. How do you ensure that only CloudFront is granted access to an Elastic Load Balancer - CLB, ALB, or NLB? Without the ability to restrict incoming traffic, all of Cl...

Sanction Russia: Block traffic using CloudFront Geo Restriction

Russia attacked a sovereign state this week. Most states condemn the attack and impose sanctions. Among other things, sanctions are intended to mobilize the Russian population to rise up against their aristocrat Putin. As of today, cloudonaut is no long...

Enabling S3 Versioning is not a backup strategy

Here are three reasons why enabling S3 Versioning is not a backup strategy. Instead, you should consider AWS Backup for S3, which AWS released on February 18th, 2022. AWS Backup enables you to control and automate managing backups centrally. To do so, A...

AWS Security: Stephen Kuenzli and Andreas Wittig on IAM

Stephen Kuenzli and I lead several cloud migration projects. In this conversation, we shared our learnings focusing on AWS security and IAM (Identity and Access Management). The result is advice and inspiration that will help you in your daily work. Our...