Writing about Cloud, architecture, AWS and software engineering.

Golang JWT authorizer for AWS API Gateway

When using AWS API Gateway you can use the AWS Lambda authorizer for HTTP APIs to authorize the requests. In this blog I will show you how to validate a JWT token signed with KMS in a Lambda using the Golang runtime....

July 5, 2023

How to: Deploy Terraform to AWS with GitHub Actions authenticated with OpenID Connect

In the past it was very common to use AWS credentials (access token and secret) in your GitHub actions pipeline. This poses a security risk because most of the time these AWS credentials are long-lived credentials with a lot of permissions....

May 14, 2023

Improve your AWS user management and security with AWS IAM Identity Center (SSO)

I have seen a lot AWS environments and noticed that it is very common that companies use AWS IAM users to log in and access the API. This can cause security issues and is time-consuming to manage but is very easy to improve by setting up AWS IAM Identity Center (Successor to AWS Single Sign-On)....

May 2, 2023

Steps to take after leaking AWS credentials

So you leaked your AWS credentials onto the world wide web, and you are wondering what to do to minimize the damage. There are multiple steps that should be taken, but I do think that the order of these steps matter....

April 26, 2023

What happens when you leak AWS credentials and how AWS minimizes the damage

I heard multiple times that AWS scans public GitHub repositories for AWS credentials and informs its users of the leaked credentials. So I am curious to see this for myself, so I decided to intentionally leak AWS credentials to a Public GitHub repository....

April 5, 2023

How to interconnect on-premises network and multiple AWS VPCs

Creating a large network, connecting multiple VPC and an on-premises data center together can be done in multiple ways. In this article I will explain how to do this by using Transit Gateway and Direct Connect on a high-level....

March 16, 2023

How to view AWS accounts attached to IAM Identity Center (SSO) groups

The AWS IAM Identity Center (Successor to AWS Single Sign-On) web console can be hard to navigate when trying to view the AWS accounts attached to an AWS IAM Identity Center (Successor to AWS Single Sign-On) group....

November 23, 2022

CloudFormation Custom Resource: Transit Gateway Peering Accepter

A Transit Gateway Peering Attachment must be accepted by the owner of the attachment. Even if both Transit Gateways are in the same account. To automate this with CloudFormation I have created a custom resource....

July 11, 2022