Protecting your Instance Metadata

AWS has released a new version of the metadata service that will better secure instance metadata against attackers. In this post, I will discuss the risk of hackers gaining access to the instance metadata service and how the latest update mitigates the risk.

7 Reasons Your Cloud Migration Will Fail

I have been on the ground in many different phases of cloud migrations and have witnessed the many perils associated. In this post, I will talk about the different issues I have experienced first hand with customers going through a cloud migration.

Building a Cloud Agnostic Serverless Web Application

Many people are moving to utilizing Function as a Service (FaaS) offerings to deploy their applications to the cloud. How do we take advantage of the benefits of FaaS while mitigating the risks associated with vendor lockin? What if we want to deploy across multiple cloud providers? In this post, I will be discussing how to isolate your vendor dependencies in a boundary layer when writing serverless applications.

Hosting a Static Website in AWS with S3 and CloudFront

Using a combination of S3 and CloudFront, hosting a static website in AWS is simple and very affordable. In this post, I discuss the architecture of such a solution and the reference implementation I have created to get you started.

Further Decomposing the Capital One Incident

Previously I discussed how to prevent a security incident similar to the one that occurred at Capital One earlier this year. In this post,I will expound further on what went wrong there from a data protection perspective and make recommendations on how to protect your data hosted in S3.

Lessons Learned from the Capital One Data Breach

This week a massive data breach at Capital One was announced. In this case, an internal actor was able to presumably use insider information to gain access to data stored in S3. In this article I will examine this data breach and provide best practices to prevent this from happening to your organization.

CDK vs CloudFormation vs Terraform

CDK, CloudFormation, and Terraform are frameworks for managing cloud infrastructure using code. In this post, we will look at these options, compare and contrast them, and discuss what types of organizations should use take which approach.

Utilizing AWS Private Marketplace to Approve Marketplace Products

AWS Marketplace empowers users to get quickly started using many products and services in AWS. However, proper governance should be put into place to approve said products. In this post, we will discuss using AWS Private Marketplace as an integral step in an approval process.

Branch builds with CodePipeline

Modern, best of breed, continuous integration tools allow developers to define their delivery pipeline as code and store it in the repository alongside the application source code. Doing so allows you to manage your pipeline much like you would your application source code. In this post, we will go over how to accomplish this using AWS CodeCommit, AWS Lambda, AWS CodePipeline, and AWS CloudFormation. This approach will also enable branch-based builds for CodePipeline, a large gap in the CodePipeline feature set currently.

EBS Volume Backup and Replication

Easily automate the backup of EBS Snapshots with AWS Data Lifecycle Manager and replicate to another region.