Apply Cloudfront Security Headers With Terraform

In November 2021, AWS announced Response Headers Policies — native support of response headers in CloudFront. You can read the full announcement here: Amazon CloudFront introduces Response Headers Policies I said “native” because previously you could set response headers either using CloudFront Functions or [email protected] And one of the common use cases for that was to set security headers. Now you don’t need to add intermediate requests processing to modify the headers: CloudFront does that for you with no additional fee....

November 5, 2021 · Serhii Vasylenko

Auto Scaling Group for your macOS EC2 Instances fleet

It’s been almost a year since I started using macOS EC2 instances on AWS: there were ups and downs in service offerings and a lot of discoveries with macOS AMI build automation. And I like this small but so helpful update of EC2 service very much: with mac1.metal instances, seamless integration of Apple-oriented CI/CD with other AWS infrastructure could finally happen. While management of a single mac1.metal node (or a tiny number of ones) is not a big deal (especially when Dedicated Host support was added to Terraform provider), governing the fleet of instances is still complicated....

October 24, 2021 · Serhii Vasylenko

AWS Resource Access Manager — Multi Account Resource Governance

With a multi-account approach of building the infrastructure, there is always a challenge of provision and governance of the resources to subordinate accounts within the Organization. Provision resources, keep them up to date, and decommission them properly — that’s only a part of them. AWS has numerous solutions that help make this process reliable and secure, and the Resource Access Manager (RAM) is one of them. In a nutshell, the RAM service allows you to share the AWS resources you create in one AWS account with other AWS accounts....

September 25, 2021 · Serhii Vasylenko

Run Ansible playbook on mac1.metal instances fleet with AWS Systems Manager

In days of containers and serverless applications, Ansible looks not such a trendy thing. But still, there are cases when it helps, and there are cases when it combines very well with brand new product offerings, such as EC2 Mac instances. The more I use mac1.metal in AWS, the more I see that Ansible becomes a bedrock of software customization in my case. And when you have a large instances fleet, the AWS Systems Manager becomes your best friend (the sooner you get along together, the better)....

May 27, 2021 · Serhii Vasylenko

Configure HTTP Security headers with CloudFront Functions

In November 2021, AWS has added this functionality as a native CloudFront feature. I suggest switching to the native implementation. I have described how to configure Security Response Headers for CloudFront in the following article: Apply Cloudfront Security Headers With Terraform A couple of weeks ago, AWS released CloudFront Functions — a “true edge” compute capability for the CloudFront. It is “true edge” because Functions work on 200+ edge locations (link to doc) while its predecessor, the [email protected], runs on a small number of regional edge caches....

May 21, 2021 · Serhii Vasylenko