Clik here to view.
Advanced Learning for AWS
I posted a quick answer to a question on the AWS subreddit the other day that got a lot of imaginary internet points (aka. upvotes), so thought I'd spend a bit more time and share all the sources I use...
View ArticleClik here to view.
Understanding the AWS zone of trust
Spend enough time in the official AWS documentation you will probably come across the phrase zone of trust. Even though it doesn't feature prominently, it's an important concept that I wish was covered...
View ArticleAWS SAM HTTP API and CORS
So many acronyms in that title - I promise you they actually make sense!I was doing some local development against an AWS SAM-based API built with an AWS API Gateway HTTP APIs (not to be confused with...
View ArticleBig Bets Framework
This post is a bit different from my regular programming, so if you're only here for the AWS content, just skip this one. This post is more of a summary of prioritisation and decision making I heard on...
View ArticleSAM local invoke function logs with Python
I was shocked how hard it was to view my function's logs when using the sam local invoke command with a Python function.I just wanted to see my function's log output, like I would in the CloudWatch...
View ArticleClik here to view.
Get the most out of the AWS documentation
The AWS documentation gets a bit of a bad rap, and I don't think it's deserved. Periodically, people will come to places like r/aws and vent their frustrations about the official documentation, and the...
View ArticleBlock expensive AWS actions with SCPs
With the recent announcement of the AWS generative AI service Bedrock going GA, an old discussion was kicked-off internally at $dayjob about how developers can unintentionally rack up a big AWS bill,...
View ArticleClik here to view.
AWS IAM Policy Review 1
This question on re:Post shows a pretty sensible looking AWS IAM policy:{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:DescribeInstances", "Resource": "*", "Condition": {...
View ArticleAWS SAM policy templates
A feature I think everyone (including myself!) should use more is AWS Serverless Application Model (SAM) policy templates. This approach is a great example of "syntactic sugar" that characterises the...
View ArticleDeny all external principals assume role
This interesting policy question on re:Post about how you can prevent principals outside of an AWS organization from assuming a role in your organization. The asker originally requests an SCP to do...
View ArticleAWS managed polices: Lambda Basic Execution Role
The AWSLambdaBasicExecutionRole is an AWS managed policy, and one of the most common managed policies you should consider using, at least for quick development; it's the minimum amount of permissions...
View ArticleClik here to view.
External ID policy review
Granting 3rd parties access to your AWS resources via roles should always use external ID condition. If a vendor asks you to provision an IAM user with access + secret key in 2023, they're doing it...
View ArticleClik here to view.
CloudFront OAC for S3 policy
Setting up a CloudFront distribution in front of your S3 bucket that serves public assets is the recommended way to share your web resources globally.CloudFront distribution with S3 bucket originThis...
View ArticleClik here to view.
Passing the AWS Security Speciality in 2024 (SCS-C02)
Last week I passed the latest version of the AWS Security Speciality (SCS-C02). The Security Speciality certification assesses your knowledge of the various AWS security services, and the security...
View ArticleClik here to view.
Find deprecated Lambda runtimes in your environment
AWS Lambda is great. The minimal management overhead of the official runtimes means I spend so much less time worrying about OS-level patching and updates. Exploits like Heartbleed were fixed before I...
View Article
