Articles

PowerShell DSC: Self Signed SSL Certs

Hello! First, this isn't a best practices guide for SSL certificates, it's a how-to for creating functional ones. As always, only use self-signed certs when you've specifically validated that they're a sufficiently secure solution. When I do need self-signed certs and I'm working in Windows, I generate them with PowerShell DSC and its Script Resource. … Continue reading PowerShell DSC: Self Signed SSL Certs

Lambda Gotcha: CloudWatch Logs Group Name

Hello! Today's post is a little "gotcha" that sometimes still gets me when I'm developing AWS lambda functions: if you want to stream the function's logs to CloudWatch the log group's name has to follow a specific convention. Suppose I'm creating a lambda function with this CloudFormation snippet: The key piece is this: When AWS … Continue reading Lambda Gotcha: CloudWatch Logs Group Name

CloudFormation Custom Resource: Complete Example

Hello! It takes a few pieces to assemble a working CloudFormation Custom Resource. I like to start from a simple example and build up to what I need. Here's the code I use as a starting point. First, a few notes: My custom resources are usually small, often only a few dozen lines (more than … Continue reading CloudFormation Custom Resource: Complete Example

Cloud Infrastructure: Automating For Security

Hello! The United States National Security Agency (NSA) just published guidance for mitigating cloud vulnerabilities. It reached my inbox via the United States Department of Homeland Security's Cyber Infrastructure (CISA) mailing list. The document covers a bunch of topics and I recommend reading the whole thing, but its "misconfiguration" section contains a guideline that's extra-relevant to … Continue reading Cloud Infrastructure: Automating For Security