Posts Tagged “amazon-web-services”
Cloud platform ran by Amazon. Also known as AWS.
-
Unveiling the Risks of sts:GetFederationToken, You Probably Don't Need It
02 May 2024
Let’s talk about sts:GetFederationToken and why we should disable it within our AWS Accounts. This call allows the creation of temporary access credentials that can be associated to any user identity. These credentials are difficult to revoke from the console, and cannot be revoked using the standard deny all credentials created before X time policy. It is much better to use standard built in identity providers like the OpenID Connect for CICD Operations or IAM Identity Center for federated user access. We’ll walk through how this call works, what it was originally intended for, and some threat detection.
-
Linting IAM Policies Automatically in Your Pipeline
16 February 2024
When writing IAM policies there are a lot of concerns that must be taken into
account. These JSON documents can be the cause of a lot of hurt when deploying
them. People often mess up formating, write overly broad permissions, and just
don’t get them perfect the first time. Sure you could use a dumb linter just
for JSON, but that doesn’t cover all the potential screw ups. So I want to
share a smarter linter I found and how we integrated into our deployment
pipeline.
-
Easy Access of Cloudformation Lambda Environment Variables.
11 September 2023
Sometimes you want to run your lambda function deployed as a cloudformation
stack locally for testing purposes but you don’t want to hard code any of the
underlying resources into your environment. These resources might be things
like DynamoDB tables, SNS topics or SQS urls. Their names aren’t hard coded,
and shouldn’t be hard coded otherwise you have a singleton stack. Sometimes
you’re just a bit too impatient to spin everything up using the SAM cli, and
don’t want to debug docker issues, so this helps.
-
Implementing a Table Create & View Update in Athena using AWS Lambda
01 February 2022
I have a DynamoDB table that is automatically exported as JSON to
compute some reports. I wanted to automate the table creation process
and load steps. Amazon Athena allows querying from raw files stored on
S3, which allows reporting when a full database would be too expensive
to run because it’s reports are only needed a low percentage of the time
or a full database is not required. It’s billed by the amount of data
scanned, which makes it relatively cheap for my use case.
-
Exporting the AWS ReInvent Calendar to iCal
23 November 2021
I went to AWS Reinvent this year, and I wanted my registered events to
show up on my personal calendar. I’m honestly surprised they didn’t
implement an iCal export for your registered events. So I took these
steps to get them.
-
Adding Search to My Static Blog Using AWS Lambda and SQLite
09 July 2021
I always wanted to have search on my site, but it’s statically hosted,
so I can’t have any dynamic content on it. I recently resolved that by
creating a little tiny lambda function on AWS that queries a SQLite
database hosted on S3. Here I’ll walk you through how I created the
back-end for it, and in some later posts I’ll include details on
calculating the cost.
-
Using a Bash Script to Generate Random Fake Data To Insert Into DynamoDB
30 March 2021
I’ve been studying for my developer associate certification on Amazon
Web Services. I’ve been practicing with the various streaming solutions
like SQS and Kinesis lately. I’ve wanted to branch into using DynamoDB
and capturing changes. To do that I needed to generate a lot of take
data.
