• Scanning ECR images on push

    Or how to expand Cloudformation coverage with custom resources.
  • S3 Data Loss Prevention with Encryption

    S3 server-side encryption can help you to tick the checkbox "☑ Yes, I have encrypted my data at rest" but it can also help in solving real-life challenges and prevent data leaks. Write-only S3 bucket is one such pattern you can implement with encryption, key management and multiple AWS accounts.
  • Breaking out from VPC to internet

    Did you notice you can front an internal ALB with Global Accelerator? And this allows you to gain internet access even if you have been denied modifying internet gateway and peering configurations!
  • EC2 Instance Connect vs. SSM Session Manager

    Access to EC2 instances isn't the most sexy topic in days of serverless-first -architectures but reality is there are still valid use-cases for terminal access to VMs. The Question is how to do it in a modern way and keep your dev, ops and sec -teams happy.
  • Pleased to meet you, hope you guess my name...

    Thanks to ALB integration with Cognito it is easier than ever to add solid user authentication for new and existing web applications. This is a demo how to do that with no servers using Lambda backend.