When I first started using AWS ECS, I was a bit confused about how to scale the service. I thought (and hoped) it was one simple setting, but it turned out to be a bit more complicated and requires various settings to be configured. This article summarizes the settings needed to enable auto-scaling for an ECS service. ...
When using AWS API Gateway you can use the AWS Lambda authorizer for HTTP APIs to authorize the requests. In this blog I will show you how to validate a JWT token signed with KMS in a Lambda using the Golang runtime. For the examples I am using API Gateway V2 with HTTP APIs with the v2 authorizer payload format version and for the resources I am using Terraform. ...
In the past it was very common to use AWS credentials (access token and secret) in your GitHub actions pipeline. This poses a security risk because most of the time these AWS credentials are long-lived credentials with a lot of permissions. If these credentials get leaked or misused the damage done could be huge. ...
I have seen a lot AWS environments and noticed that it is very common that companies use AWS IAM users to log in and access the API. This can cause security issues and is time-consuming to manage but is very easy to improve by setting up AWS IAM Identity Center (Successor to AWS Single Sign-On). ...
So you leaked your AWS credentials onto the world wide web, and you are wondering what to do to minimize the damage. There are multiple steps that should be taken, but I do think that the order of these steps matter. ...
I heard multiple times that AWS scans public GitHub repositories for AWS credentials and informs its users of the leaked credentials. So I am curious to see this for myself, so I decided to intentionally leak AWS credentials to a Public GitHub repository. And show you the steps I took and how I got informed about the leaked credentials. ...
Creating a large network, connecting multiple VPC and an on-premises data center together can be done in multiple ways. In this article I will explain how to do this by using Transit Gateway and Direct Connect on a high-level. ...
The AWS IAM Identity Center (Successor to AWS Single Sign-On) web console can be hard to navigate when trying to view the AWS accounts attached to an AWS IAM Identity Center (Successor to AWS Single Sign-On) group. This involves a lot of going back and forth between pages to get this seemingly simple information. Having done this multiple times and wasting an equal amount of time. I took the time to create a simple Go tool aws-iam-identity-center-explorer making use of the AWS SDK to retrieve this information and output it in a JSON structure. ...
