CloudFormation: Conditional List Items

Hello! Many CloudFormation resources take parameters whose values are lists. Like tags on a Load Balancer: I often find that I want to add an item to the list, but only if a condition is true. That's possible, but the syntax is a little funky. In addition to conditions, we need AWS::NoValue. It's a CloudFormation … Continue reading CloudFormation: Conditional List Items →

CloudFormation: Multiline Strings

Hello! If you're asking how to do multiline strings in CloudFormation's JSON syntax: I recommend switching to YAML. There are a bunch of ways to do multiline strings in YAML, so there are a bunch of ways to do them in CloudFormation. For inline code, write them as Literal Block Scalars with a vertical pipe … Continue reading CloudFormation: Multiline Strings →

Lambda Gotcha: CloudWatch Logs Group Name

Hello! Today's post is a little "gotcha" that sometimes still gets me when I'm developing AWS lambda functions: if you want to stream the function's logs to CloudWatch the log group's name has to follow a specific convention. Suppose I'm creating a lambda function with this CloudFormation snippet: The key piece is this: When AWS … Continue reading Lambda Gotcha: CloudWatch Logs Group Name →

CloudFormation Custom Resource: Complete Example

Hello! It takes a few pieces to assemble a working CloudFormation Custom Resource. I like to start from a simple example and build up to what I need. Here's the code I use as a starting point. First, a few notes: My custom resources are usually small, often only a few dozen lines (more than … Continue reading CloudFormation Custom Resource: Complete Example →

Boto3: NoRegionError

Hello! Read on if your boto3 code is throwing this error: But first, two reasons why you might only get this error in some situations: AWS lambda sets the region automatically. Code that works in lambda may still throw NoRegionError locally. Some AWS services are global (don't have regions). Like S3: This code will work … Continue reading Boto3: NoRegionError →

Best Practices For Backups: Restore Regularly

Hello! Here's one of my Golden Rules of Infrastructure: If you haven't restored from your backups, you don't have backups. It's common to set up backups, check that the files or images exist and have sizes and contents that look right, then call the job done and move on. I've seen this leave plenty of … Continue reading Best Practices For Backups: Restore Regularly →

Cloud Infrastructure: Automating For Security

Hello! The United States National Security Agency (NSA) just published guidance for mitigating cloud vulnerabilities. It reached my inbox via the United States Department of Homeland Security's Cyber Infrastructure (CISA) mailing list. The document covers a bunch of topics and I recommend reading the whole thing, but its "misconfiguration" section contains a guideline that's extra-relevant to … Continue reading Cloud Infrastructure: Automating For Security →

PowerShell DSC EXE ProductID And Name

Hello! PowerShell DSC can install EXEs with its Package resource: Path is easy, it's just the path to the installer. But what goes in Name or ProductID? Let's use WinRAR as an example. You shouldn't actually install this with DSC, you should use Chocolatey, but I needed something to demo. There are lots of instructions … Continue reading PowerShell DSC EXE ProductID And Name →

PowerShell DSC In Vagrant

I work mostly on Apple Mac OS X. I've also been writing a lot of Windows automation, and that means PowerShell DSC. PSDSC doesn't work on OS X yet, and even once it does I won't be able to test Windows-only resources. To test my configurations, I use Vagrant boxes. It took a little fiddling … Continue reading PowerShell DSC In Vagrant →

PowerShell Install-Module: Use Install-Package Instead

Hello! When I restarted in the Windows ecosystem, I was installing PowerShell modules like this: This is similar to installing a Python package with pip in Linux: Install-Module installs PSDscResources from the PowerShell Gallery. Pip installs Ansible from PyPI. Like the Linux ecosystem, the Windows ecosystem has several package databases. The PS Gallery I linked … Continue reading PowerShell Install-Module: Use Install-Package Instead →