Recent Blogs
Use CloudWatch LogGroups for EC2 logging
You can protect yourself from losing logs on Amazon EC2 by using CloudWatch Logs. Configure the CloudWatch Agent to stream your logs to a LogGroup. This protects you from losing logs. For example, when the instance is replaced by autoscaling. You are also protected against tampering of the logs. An attacker who has gained access to your system can remove the logs. But the logs in the LogGroup will contain the original log lines.
read more
Compliant infrastructure using infrastructure as code
When you are using compute you have a lot of options. One of these options is Amazon EC2. In a world where more and more workloads become serverless. You might still have this use-case that is better off on EC2. But, how do you combine EC2 with compliance and security? In this blog post we will explore how we can build a compliant and secure EC2 stack.
Compliance in AWS When we talk about compliance we are actually saying AWS Config.
read more
Tracking your security posture in AWS
How do you track your security posture in AWS? You have services like Security Hub, but it will only show you the scores of a limited set of standards. This blog post will continue on the previous 2 blog post that I wrote:
Use custom rules to validate your compliance Deploy config rules across your organization In this blog we will look at how you can track your security posture in your organization.
read more
Deploy AWS Config rules across your organization
In my previous blog I showed you how you can write your own config rules. But it will only bring you value if you deploy the rule in your AWS Accounts. In this blog we will dive into the distribution of these config rules.
What are my options? There are many ways you can deploy these rules in your member accounts. In this blog I will only focus on the 2 real options:
read more
Use custom rules to validate your compliance
AWS has a lot of controls built in, but what if you need more? AWS Config allows you to create your own rules. These rules can then inspect your resources and determine if they are compliant. This is useful when you want to enforce certain configuration settings. Giving you an overview of how compliant your workloads are.
Let’s use a specific example, but you can apply this concept to other scenarios.
read more
Using design patterns in AWS Lambda
When you speak with software developers, they will probably tell you that they use design patterns. But when the world first shifted to the internet the general feeling was that these design patterns would not work for the web. This is not true, and today you see these patterns being used more and more.
I have noticed the same behavior with serverless. In this blog post I will go over some reasons why you should be using design patterns in your Lambda functions
read more