Tag aws

Running containers on spot infrastructure

Running workloads on spot infrastructure is significantly cheaper. You can reduce your bill by 50% or more. Keep in mind that spot workloads can be terminated at any time. If you are lucky, you will be noticed 2 minutes upfront to shut down gracefully. ...

Read more

Review: AWS Fault Injection Simulator (FIS) – Chaos as a Service?

AWS allows us to run applications distributed across EC2 instances and availability zones. By adding load balancers or message queues to the architecture, we can achieve fault tolerance or high availability. But how can we test that our system can survi...

Read more

Programming your CDN: CloudFront and Lambda@Edge

Minimizing the load time of your websites and applications is essential for two reasons. First, search engines rank websites based on page load times. Second, users are impatient and might cancel loading your application to jump to a competitor instead....

Read more

Defining IAM Policies with Terraform safely

Are you still defining IAM policies using heredoc syntax (<<EOF ... EOF) or jsonencode()? You can do better! As a result, terraform validate can tell you about typos before you apply them, and you get better auto-complete support from your IDE. Re...

Read more

Managing application secrets: SSM Parameter Store vs. Secrets Manager

Many applications interact with external or internal systems like databases or REST APIs. When your application talks to another system, it usually authenticates with a secret, e.g., an API key, username + password, or a certificate. This leads to the q...

Read more

What Architects Need to Know About Networking on AWS

As an architect, you may not have thought too much about the network management before. At least that’s how it used to be for me. But since I’ve been designing architectures for AWS, network structure has become much more important to me. With Amazon V...

Read more

Cognito Under the Hood

Have you ever implemented a user database and authentication layer yourself? There are many things to get right: Hashing and salting passwords, multi-factor authentication, brute force attacks, and many more. That’s why I recommend using a production-re...

Read more

DNSSEC with Route 53: Protecting the core of the Internet

The Internet relies on DNS. This makes it all the more important to do everything possible to protect the global DNS infrastructure from attacks. Andreas explains how DNSSEC protects from DNS spoofing. During the demo you will learn how to enable DNSSEC...

Read more

Parental Leave

This is the last thing on my checklist before I leave for nine months. Until January 2022, I take on the joys and responsibilities of child care. Having children in GermanyMy wife and I have two children who are three years and nine months old. In Germ...

Read more

A Deep Dive into AWS CloudTrail

Who made changes to sensitive parts of your cloud infrastructure? Capture audit logs with AWS CloudTrail. Learn how to analyze the audit logs with the help of CloudWatch Logs Insights or Athena. On top of that, we discuss how to rollout CloudTrail to al...

Read more