• AWS re:Invent 2019, Part1

    ML/AI was definetely the topic of Andy Jassy's re:Invent Tuesday keynote. Another are of major investments was service proximity to customers and end-users. With that it was only natural there were also some new networking features to help building multi-region connectivity.
  • Scanning ECR images on push

    Or how to expand Cloudformation coverage with custom resources.
  • S3 Data Loss Prevention with Encryption

    S3 server-side encryption can help you to tick the checkbox "☑ Yes, I have encrypted my data at rest" but it can also help in solving real-life challenges and prevent data leaks. Write-only S3 bucket is one such pattern you can implement with encryption, key management and multiple AWS accounts.
  • Breaking out from VPC to internet

    Did you notice you can front an internal ALB with Global Accelerator? And this allows you to gain internet access even if you have been denied modifying internet gateway and peering configurations!
  • EC2 Instance Connect vs. SSM Session Manager

    Access to EC2 instances isn't the most sexy topic in days of serverless-first -architectures but reality is there are still valid use-cases for terminal access to VMs. The Question is how to do it in a modern way and keep your dev, ops and sec -teams happy.