Page 8

How I use AWS Security Hub

AWS Security Hub provides a centralized and org-wide overview of how well you are doing in terms of security. Security Hub follows two strategies to collect the needed information: First, Security Hub runs checks based on security standards. Second, Sec...

AWS Architecture Pattern for Scheduled & Serverless Batch Processing

Scheduled batch jobs are the heart of many business processes implemented by enterprise applications. Reports are generated daily, databases are optimized over the weekend, and business logic is executed nightly. The importance of batch jobs satisfies a...

Real-world CodePipeline CI/CD examples

AWS CodePipeline helps us to orchestrate CI/CD pipelines. To implement real-world pipelines, CodePipeline calls additional AWS services to do the work. E.g., CodeBuild to run arbitrary scripts, CloudFormation to create or update stacks, or CodeDeploy to...

Serving content only to logged-in users with CloudFront Signed Cookies

This blog can be accessed by anyone with access to the free Internet. It’s a public website. But many websites offer a members-only area. You have to log in to get access to parts of the website. In this blog post, I demonstrate how CloudFront can be us...

Running containers on spot infrastructure

Running workloads on spot infrastructure is significantly cheaper. You can reduce your bill by 50% or more. Keep in mind that spot workloads can be terminated at any time. If you are lucky, you will be noticed 2 minutes upfront to shut down gracefully. ...

Review: AWS Fault Injection Simulator (FIS) – Chaos as a Service?

AWS allows us to run applications distributed across EC2 instances and availability zones. By adding load balancers or message queues to the architecture, we can achieve fault tolerance or high availability. But how can we test that our system can survi...

Programming your CDN: CloudFront and Lambda@Edge

Minimizing the load time of your websites and applications is essential for two reasons. First, search engines rank websites based on page load times. Second, users are impatient and might cancel loading your application to jump to a competitor instead....

Defining IAM Policies with Terraform safely

Are you still defining IAM policies using heredoc syntax (<<EOF ... EOF) or jsonencode()? You can do better! As a result, terraform validate can tell you about typos before you apply them, and you get better auto-complete support from your IDE. Re...

Managing application secrets: SSM Parameter Store vs. Secrets Manager

Many applications interact with external or internal systems like databases or REST APIs. When your application talks to another system, it usually authenticates with a secret, e.g., an API key, username + password, or a certificate. This leads to the q...

What Architects Need to Know About Networking on AWS

As an architect, you may not have thought too much about the network management before. At least that’s how it used to be for me. But since I’ve been designing architectures for AWS, network structure has become much more important to me. With Amazon V...