Analyzing CloudWatch Costs

Amazon CloudWatch is a managed service for storing, visualizing and analyzing logs and metrics data of applications and AWS infrastructure. The service is simple to configure and use and is priced based on usage. Thus, adoption is generally both easy and cheap compared to other tools such as Splunk, ElasticSearch, Datadog, and all the others out there. Upon heavy usage, it can become quite expensive though. This post summarizes some common cost drivers in CloudWatch and proposes strategies to identify these and reduce their costs.

(Prevent) Hacking into a CloudService - About security, ECS and terraform AWS UserGroup Hannover Online Meetup Feb, 4th 2021

Yoni: Oftentimes, when we think about protecting resources in the cloud, we immediately think about the typical ways in - via public-facing applications or abuse of credentials. In this talk, we will look at one additional way: through the work unit parameters of a service. During the development of Indeni’s Cloudrail SaaS product, Yoni was responsible for trying to find ways to hack into the service. One of the ways he found, raises questions about how secure ECS workloads really are.

Why I had to update my mental model of DynamoDB streams

In a recent training I learned something about DynamoDB streams that surprised me. I had expected that any PutItem, UpdateItem or DeleteItem API call would cause a record to appear in the stream of my table, but that’s not the case. The stream works a little different from what I expected and in this short article I’m going to explain to you how.

Cross Account Resource Access - Invalid Principal in Policy

Keeping accounts decoupled is important in cross account scenarios. Setting permissions in the wrong way can lead to unwanted behavior. Better avoid setting a principal in a resource policy to a specific ARN as it may lead to ‘Invalid Principal’-errors. Using conditions provides you a more reliable and least privileged architecture.