• Incognito Authentication

    This got started when my colleaque came asking how to implement a simple shared password authentication for a web service that must be exposed to public but should be kept off from random browsers. In this context public could be understood as public internet or intranet of a company. My initial reaction was, this is an easy thing to do with ALB and Cognito. Unfortunately this combination wasn't supported at eu-north-1 -region. Ok, but there must be tons of examples how to add HTTP Basic Auth to ALB with Lambda ... but my googling produced no usable results.
  • Fast track from ClickOps to GitOps

    AWS Cloudformation recently launched a feature with a promise to generate templates and CDK applications from existing resources. This sounds almost too good to be true, or atleast there might be some small print to be aware of. Lets get some hands-on experience and find out what it is good for ...
  • Funding a Tech Debt Payback

    Late 2023 AWS announced extented support for EKS and RDS. Extented support allows you to continue running old versions and pay extra for the privilege of getting (limited) support beyond normal software life cycle. This is also an ideal opportunity for FinOps to create a business case of building those missing capabilities that got you into this situation.
  • Lessons in Cloudformation Fn::ForEach

    In our drama miniseries I'm going to learn some new lessons about Cloudformation Fn::ForEach loops. Not everything is as you would expect and some things can be only learned by trial and error ...
  • Multi-region filesystem for disaster recovery

    In this post I'm going to build a managed multi-region filesystem service from common household services available to anyone. You could use this for disaster recovery or expanding your service to multiple-regions, within certain constraints. But lets define first what disaster recovery is ...