Blog where I try to explain my thoughts and learnings about AWS and DevOps in a human friendly way!
Recent Posts
Cloudfront: Adding HTTP security headers with Response Headers Policies
Another day, another blog post about adding security headers to Cloudfront HTTP responses. Actually, it’s my third post about this topic, which is the same as the number of AWS services that can be used to modify Cloudfront headers. As of today we have: Lambda@Edge, Cloudfront Functions, and the newly introduced Response Headers Policies
Again, ability to easily add HTTP headers to Cloudfront was very commonly requested feature: https://t.co/BGzCyi8LtU headers without needing to use lambda@edge would be great
read more
Limit Access to AWS Regions With IAM and SCP
By default AWS gives you access to all AWS regions. However, it’s a very rare case that you might need to launch resources across all AWS regions in one account. In fact, I think is usually best to have one account per AWS region when possible. As some of the services are global (like IAM roles) by using one account per AWS region you can be sure that naming of IAM roles doesn’t clash and you won’t accidentally use an IAM role written for us-west-1 for your application in us-east-1 for example.
read more
RDS Multi AZ vs Read Replica
Hi, in this post I’m going to go back to a fundamental AWS service - RDS. Specifically, I’ll focus on two ways to ensure resilience of your RDS database: RDS Multi AZ and RDS Read replica.
Looking into AWS RDS console, it looks like a very simple service: you can choose which database engine you want to use, pick some additional parameters, and launch the database. However behind the single interface lies a complexity: each database engine type has slightly different concepts and functionality that you have to be aware of.
read more