Dynamic AWS IAM Policies
We maintain a CloudFormation custom resource provider for Amazon Connect. The provider has grown organically, and as new features were added, the default role policy has become large. The provider can
We maintain a CloudFormation custom resource provider for Amazon Connect. The provider has grown organically, and as new features were added, the default role policy has become large. The provider can
I while ago I optimized my Screen Saver Gallery API by loading a flat data file into lambda memory. A nightly job selects a random subset of the database and stores it in S3, and the API uses that fil
I use this bash loop to package an AWS SAM template to multiple regions. This script stages the CloudFormation template and assets in a regional bucket. You can share the bucket with other accounts vi
Today I discovered that you can deploy arbitrary files to the CDK staging bucket with a human-readable file name! This feature is awesome if you are pre-synthing CDK apps to CloudFormation Templates.
I found the following package.json scripts very convenient when managing a complex CDK app. The key is the -- operator, which allows us to append additional parameters.
I recently converted a large CDK app to use CDK Pipelines. I LOVE how quickly it was to get working but it generated a UGLY and SLOW pipeline.
To make prebuilt SPA installers with CDK I like to keep environment configuration outside of the minified code via a config.json file. This allows me to build the app once and move it between environments and stages.
Some AWS customers don’t use the CLI, and will not grant an external contractor CLI access. Trying to get access is a waste of time and resources. Do not fear, there is a solution!
AWS Athena provides SQL queries over S3 data. The service depends on S3, Glue, and Athena itself so getting permissions set up can be tricky. Here is what worked for me.
I struggled WAY too long trying to sort out the permissions for EFS. Turns out, there are 2 layers. The IAM role, and the Posix permissions. Both throw a similar-looking access denied. Finally!