So I've had the idea of this post for a while. Like "3 years ago" a while: CFN Layer Cake FTW!I first came across the idea of the CloudFormation Layer Cake from this AWS Advent blog post from 2012,
AWS documentation letting you down? Never fear, GitHub can help with that! Find CloudFormation examples quickly and easily.
TL;DR I made Effective IAM Actions, a small tool to expand wildcards "*"in IAM Policy Actions so that you can see explicitly what permissions are granted by a policy. It supports multiple statements in each policy, Allow and Deny
This was a nifty little trick I just learnt from my colleague James the other day that is definitely worth sharing more widely. While CloudFormation does not support SecureStrings for AWS::SSM::Parameters resources, you can can fudge it with
The main problem is this: By using tags for authorisation, you have a multitude of completely new - per-service - actions that can be used to compromise your security posture.
Recently I've been working with Step Functions in my day-to-day work, as well as in my personal projects, and I decided to write this post as a way of articulating the ins-and-outs of Step Functions I've learnt while using them.
Serverless soultions is can be incredibly cheap due to their event-based nature - if your system isn't working, you pay barely anything for it. But if you're not careful, serverless can still result in some nasty surprises when it comes to costs.
Reserved Instances (RIs) are a great way to save some money if you've got consistent AWS EC2 usage, without needing to make changes to your instances!
Subscribe to Rowan Udell
Subscribe today and get access to a private newsletter and new content every week!