AWS

Takeaways from AWS re:Inforce 2025

This June I got the amazing opportunity to attend AWS re:Inforce, a yearly cloud security conference taking place in Philadelphia. As a recipient of the AWS All Builders Welcome Grant, I attended this event at zero cost, with all travel, accommodation and conference pass costs covered by AWS. If you are in your first 5 years of your career and are passionate about cloud, I highly encourage you to apply to this grant offered for either re:Inforce or re:Invent. Apart from learning about the latest innovations in the cloud, you will also have the opportunity to meet like-minded individuals from all over the world, share experiences and learn from each other.

Monday, June 23, 2025 Read

Configuring Grafana Alerts with AWS SES to send email alerts

Introduction If you have a couple of servers in your homelab and have set up monitoring, chances are you’ve implemented alerting to notify you when something doesn’t go as expected. Two of the most popular options for managing alerts are Grafana Alerts and Prometheus Alertmanager. Unless you have very specific requirements for alert grouping or silencing—or you don’t use Grafana for visualization—Prometheus Alertmanager might not be your first choice.

Saturday, January 11, 2025 Read

Deploying the 2048 game on EKS with ArgoCD

Introduction Recently, I delved deeply into EKS setup, aiming to establish a solid understanding of IAM management, focusing on the aws_auth config map and access policies. I also explored how to expose applications via the AWS Load Balancer ingress controller and ensured the correct tags were in place for automatic discovery of private and public subnets. Additionally, I wanted to install ArgoCD, expose its UI through an ingress, and deploy an application using ArgoCD. Since the game 2048 is widely used in Kubernetes deployment demos, I chose to include it in this demonstration.

Saturday, September 28, 2024 Read

Notes on passing the AWS Advanced Networking cert

Intro note Just because I wrote this article focused on AWS certifications does not mean that I believe they offer enough knowledge on their own. Oftentimes, I question the value of these multiple-choice tests mainly because they test your ability to memorize large amounts of information and analyze a variety of scenarios in a fairly short amount of time (at least that is the case for the professional/specialty ones). Nowadays, with the increased popularity of LLMs, I am not sure if we need to memorize every single specific thing about services that we are unlikely to use but appear on the exam. I personally prefer hands-on certifications like Kubernetes or the RHEL administrator suite since they validate skills that are closer to what you are likely to do during your day-to-day work.

Thursday, July 18, 2024 Read

Setting up AWS dynamic VPN using Transit Gateway attachments and BGP

Note This blog post is inspired from one of Adrian Cantrill’s labs in his AWS Advanced Networking course. I highly recommend his content, it helped me pass all of my AWS certs. Feel free to check his courses. The setup for strongswan and FRR BGP was taken from this blog post. Architecture The purpose of this blog post is to demo highly-available AWS VPN with Transit Gateway (TGW) attachments and highlight the steps to setup the TGW, the IPSec tunnels and BGP routing. Setting up VPN is an essential feature in all hybrid cloud estates because it improves the organization’s security posture by encrypting data transmissions and facilitating secure access across both cloud and on-prem environments.

Thursday, July 4, 2024 Read

Checking AWS resource compliance with AWS Config Custom Lambda Rules and Rules Development Kit

Introduction AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. AWS Config rules allow you to assess whether your AWS resources comply with certain conditions and policies. There are two types of rules: *AWS Config Managed Rules* and *AWS Config Custom Rules*. AWS Config Managed Rules are predefined, customizable rules created by AWS Config. AWS Config Custom Rules are rules that you create from scratch.

Thursday, June 20, 2024 Read

Exploring AWS Hybrid DNS with R53 outbound/inbound endpoints

Architecture The purpose of this lab is to demo hybrid AWS DNS and highlight the steps to setup the necessary R53 endpoints and resolver rules. Hybrid DNS is a common feature across all IT infrastructures and hopefully this blog post will serve as a basic template to get you started if you are tasked with implementing domain resolution between cloud and onprem. As part of this lab we will implement the architecture below:

AWS
DNS

Tuesday, June 11, 2024 Read

Using Athena and Lambda to get daily notifications about your Cloudfront website requests

The problem After deploying this website I wanted to track the number of daily visitors. While Cloudfront provides default distribution metrics such as the total number of requests and error percentages, my focus was on obtaining the daily count of unique visitors. Cloudfront logs offer numerous fields which offer insights into things such as the source IP, HTTP method, protocol version or response times. These logs are available in two formats: standard, which are delivered multiple times per hour, and real-time. Since my requirement was to analyze the daily number of requests without real-time constraints, I opted for standard logs for my query.

AWS

Wednesday, May 15, 2024 Read

Using Lambda@Edge to overcome limitations of static website hosting with S3 and Cloudfront

The problem This blog is a static website hosted in a S3 bucket which acts as an origin for a Cloudfront distribution. The article that you are currently reading is a post which is located on the URI path ‘/posts’. When I first deployed this website and I tried to access the posts which were displayed perfectly fine in my localhost, I came across the error below:

AWS
fix

Wednesday, May 8, 2024 Read