Dynamic AWS IAM Policies
We maintain a CloudFormation custom resource provider for Amazon Connect. The provider has grown organically, and as new features were added, the default role policy has become large. The provider can
Category: HowTo
10x API Start-up Boost
I while ago I optimized my Screen Saver Gallery API by loading a flat data file into lambda memory. A nightly job selects a random subset of the database and stores it in S3, and the API uses that fil
AWS SAM Multi-Region Packaging Script
I use this bash loop to package an AWS SAM template to multiple regions. This script stages the CloudFormation template and assets in a regional bucket. You can share the bucket with other accounts vi
Adding Assets to CDK Staging Bucket
Today I discovered that you can deploy arbitrary files to the CDK staging bucket with a human-readable file name! This feature is awesome if you are pre-synthing CDK apps to CloudFormation Templates.
CDK package.json Scripts
I found the following package.json scripts very convenient when managing a complex CDK app. The key is the -- operator, which allows us to append additional parameters.
Speed up CDK Pipelines Deployment
I recently converted a large CDK app to use CDK Pipelines. I LOVE how quickly it was to get working but it generated a UGLY and SLOW pipeline.
Write config.json to S3 with AWS CDK
To make prebuilt SPA installers with CDK I like to keep environment configuration outside of the minified code via a config.json file. This allows me to build the app once and move it between environments and stages.
Synth CDK app to Custom Bucket
Some AWS customers don’t use the CLI, and will not grant an external contractor CLI access. Trying to get access is a waste of time and resources. Do not fear, there is a solution!
AWS Athena SAM Policies
AWS Athena provides SQL queries over S3 data. The service depends on S3, Glue, and Athena itself so getting permissions set up can be tricky. Here is what worked for me.
Fargate with EFS CDK
I struggled WAY too long trying to sort out the permissions for EFS. Turns out, there are 2 layers. The IAM role, and the Posix permissions. Both throw a similar-looking access denied. Finally!