Saturday, December 17, 2022
Simply Deploy AWS IAM Identity Center Permission Sets with Ezpresso
With AWS IAM Identity Center, formerly known as AWS Single Sign-On, it became simpler to integrate identity providers such as Azure AD, JumpCloud etc across the whole AWS organization. Cloudformation support in turn enabled simpler and more consistent, declarative provisioning of Permission Sets in the Organization.
Sunday, February 21, 2021
Enable Security Hub in an AWS Organization
Background In November 2020 AWS announced that Security Hub now integrates with AWS Organizations. Unlike for many other AWS Organizations services integrations you will not find the ability to enable Security Hub on the Organizations page in the Master account.
Sunday, August 16, 2020
Use the Raspberry Pi 4 for AWS development - Part 1, Installation
Background With the advent of the Raspberry Pi 4, Pi’s are sufficiently powerful in terms of both CPU and memory for AWS development. Furthermore, AWS has recently made significant headway in the ARM space with the release of Graviton-based EC2 and support for ARM 64-bit (aarch64) with the following services:
Wednesday, August 5, 2020
Install & run AWS Glue 1.0 and PySpark on Ubuntu 20.04
Background It’s much faster to be able to develop and debug AWS Glue / PySpark scripts locally. The Developing and Testing ETL Scripts Locally Using the AWS Glue ETL Library instructions describe installation but are not complete.
Tuesday, November 12, 2019
Leveraging Serverless (SAM) with Cognito Authentication
Introduction Using Serverless combined with Cognito can be a great way to eliminate the real estate as well as development and operational footprint when it comes to authentication and authorisation stacks.
Monday, September 23, 2019
The case for Structured, Contextual Logs
Introduction If correctly composed, logs can be an extremely useful resource to tap into in the following use cases: Support end-users Derive business metrics (how many users used our service yesterday, over the last 7 days and in the past month?
Monday, August 26, 2019
6 Steps to DevOps
Introduction Why adopt DevOps? IT change can be painful and subject to long lead times in many organisations. The pain generally stems from treating change as exceptional rather than business-as-usual - often in the form of running a project to effect the change.
Monday, August 19, 2019
Why Serverless & DevOps makes a (big) difference
Background We have recently completed a Serverless & DevOps transformation project with one of our clients, CitizenMe. CitizenMe presently has more than 200.000 global end-users and has processed millions of transactions since inception.
Saturday, July 7, 2018
Moving to Cloud: the Landing Zone
In military terms a Landing Zone is an area where aircraft can land; in effect a base camp from where operations can extend. AWS has for the last year or two used the term Landing Zone to convey an infrastructure foundation and security baseline on which applications and services can “land”.
Tuesday, June 20, 2017
Securing Cross-Account AWS API Calls & CLI Access with MFA (Two-Factor) Authentication
AWS Cross-Account Roles are an excellent way of managing access to a target account (the account in which work is carried out) from other AWS accounts. Some scenarios to consider in this context include:
Wednesday, June 14, 2017
Creating a Core Network Foundation in AWS with SSH, VPN & NAT access
For both test and build purposes I often find myself reusing parts of past CloudFormation templates. Over time I’ve found that the foundation of the templates like VPC, subnets, routing tables etc remain roughly the same.
Friday, October 21, 2016
Need a good reason to switch to Cloudformation YAML now? Template size limits…
AWS CloudFormation size limits are well-documented in the User Guide. However, this does not make hitting any of the limits any less painful. I recently hit the template body size limit in request (–template-body) of 51200 bytes on one of my templates.
Wednesday, February 3, 2016
Securing AWS API Calls & CLI Access with MFA (Two-Factor) Authentication
One of the largest concerns of allowing AWS API calls to be made from the outside is issuing an API key and secret for developer and administrator PCs and laptops alike because they may be interceptable in one way or another.