We can use permissions boundaries to give developers and teams more freedom to create their own resources. For forcing them to provide specific tags during resource creation, we need a deeper understanding of how this can be achieved. We talk about the example of creating a security group.
Keeping accounts decoupled is important in cross account scenarios. Setting permissions in the wrong way can lead to unwanted behavior. Better avoid setting a principal in a resource policy to a specific ARN as it may lead to ‘Invalid Principal&rsqu
CloudFormation does not cover all AWS Resource types. Terraform does a better job in covering resource types just in time. So if you want to use a resource type which CloudFormation does not support yet, but you want to use CloudFormation, you have to bui
“Infrastructure definition has to be declarative”. Let’s see where this presumption gets us. My guess why some ops guys prefer pure terraform or CloudFormation is that these languages seem to be easier to understand. There is precisely o
Everybody knows you should protect your AWS accounts (and other logins) with MFA against brute-force attacks. Most of the account providers use a standardized algorithm (RFC 6238) to generate the famous six-digit TOTP codes for your login. But where do yo
When leveraging AWS services such as EC2, ECS, or EKS, achieving standardized and automated image creation and configuration is essential for securely managing workloads at scale. The concept of a Golden AMI is often used in this context. Golden AMIs repr