• S3 Data Loss Prevention with Encryption

    S3 server-side encryption can help you to tick the checkbox "☑ Yes, I have encrypted my data at rest" but it can also help in solving real-life challenges and prevent data leaks. Write-only S3 bucket is one such pattern you can implement with encryption, key management and multiple AWS accounts.
  • Breaking out from VPC to internet

    Did you notice you can front an internal ALB with Global Accelerator? And this allows you to gain internet access even if you have been denied modifying internet gateway and peering configurations!
  • EC2 Instance Connect vs. SSM Session Manager

    Access to EC2 instances isn't the most sexy topic in days of serverless-first -architectures but reality is there are still valid use-cases for terminal access to VMs. The Question is how to do it in a modern way and keep your dev, ops and sec -teams happy.
  • Pleased to meet you, hope you guess my name...

    Thanks to ALB integration with Cognito it is easier than ever to add solid user authentication for new and existing web applications. This is a demo how to do that with no servers using Lambda backend.
  • Thinking outside of the VPC

    IP failover may not sound too difficult at first, attach an elastic network interface (ENI) to your instance and if the server stops responding, detach and re-attach it to next instance with some Lambda -magic. But what if instances are in different AZs?