AWS CDK Doesn’t yet have a highlevel WAFv2 construct. Using the learnings I’ve recently discussed, I’ve created two constructs. One you can use for REGIONAL WAFs and one for CLOUDFRONT WAFs. AWS CDK seems to be moving towards an approach of having cross regional resources created via custom resources, but this doesn’t exist for WAF yet, and I’ve had mixed results. In this post we will first start with the REGIONAL solution. Read more

I love security and love to keep my systems security. I have been using capabilities such as SPF and DKIM records and more recently DMARC records and ensuring I have quality SSL setup on my web server and testing using https://www.ssllabs.com/ssltest/ and ensuring I have quality headers too and test using https://securityheaders.com/. Now that Route 53 supports DNSSEC (https://datatracker.ietf.org/doc/html/rfc4033) I figured it was about time I enabled it. You can find some information about DNSSEC and enabling on your domain by following the AWS blog post: https://aws. Read more

There are a few tricks I’ve learnt recently that I thought I would share with you, as I’ve found them really useful. Constructs Constructs are objects that can contain a set of other objects to define a standard set of components. You can use constructs inside of constructs or you can user lower level Cfn primitives. You can find the AWS Documentation here: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html https://cdkworkshop.com/30-python/40-hit-counter.html To get started you inherit the Construct class, creating your new class. Read more

I’ve been using DynamoDB recently for a few projects and ran into something that I didn’t really expect to be a problem, but there wasn’t an out-of-the-box solution. Cross Region Snapshots It seems that while you can do point-in-time recovery and create manual snapshots, there is no way to copy these snapshots to another region. There does however exist a process to restore a database from a snapshot from another region. Read more

This post isn’t so much about how I consolidated a lot of ALBs, but more about how I saved ~USD$3,300 a year by doing this consolidation. The particular application in question has been running on AWS for a number of years and has 3 environments, test, staging and production. The application is made up of 6 services. (no, I’m not going to call them micro). Each service is an autoscaling group and used to have an ELB attached. Read more