AWS Organizations + Cloudformation
AWS Organizations has been available since late 2016 but got the Cloudformation support just recently. Until now you had to write your own custom resources to manage accounts and organizations in Cloudformation, that then made you responsible of maintaining attached code and lambda functions. With the announced Cloudformation support, it is now possible to create, and to some extent manage, organizations tree, policies and AWS accounts in Cloudformation stacks without extra hassle.
Closer look at AWS data transfer cost
Please raise your hand (virtually) if you think AWS data transfer cost is difficult to allocate for applications or resources generating it, because data transfer can not be tagged. I was part of that group too, until recently. If that got you interested, here is another post in series of an old dog learning (not so) new tricks …
How to create a VPC (and delete it)
AWS VPC is something you must have before you can start building services on AWS. In theory you can do some serverless applications using Lambda, S3 and DynamoDB, and be deployed without a VPC but pretty soon you will want to deploy other things that must go into a VPC.
How to disconnect an instance from VPC
How to disconnect or isolate an instance from VPC ? Typically you have the opposite problem. How to get 2 services talking each other and figure out what is blocking the connectivity. But what if you need to disconnect compromised instance from VPC and terminate all established connections !?!
Routing to correct Network Firewall endpoint
Deployment models for AWS Network Firewall, and part 2 covering the latest VPC routing options, explains in details how AWS Network Firewall can be deployed in different routing configurations. While these are typically one time tasks, I thought it would make sense to create a Cloudformation template for this because the setup has many components that are easy to misconfigure but difficult to debug.