I build things.

Static Site Security Posture

Using Lambda@Edge to Implement OWASP Secure Headers for S3 Hosted Websites

The combination of S3 and CloudFront offers a low cost and easy way to deliver static and client side websites. In this blog post I’ll explore how to use Lambda@Edge to improve the security posture of your S3 hosted site through the addition of the OWASP recommended browser security headers. There are some aspects of control that you don’t have, when using S3 and CloudFront, compared to serving your content from a more typical server environment.

OpenVPN on AWS in 4 clicks

Run a personal VPN server in AWS using CloudFormation and OpenVPN

There’s been a sudden general interest in VPNs again with the recent policy developments in the US. There are many important steps users can take to bolster their privacy and you can get a good run down of them in this EFF article. It is worth re-stating that VPNs are not a magic bullet. They typically just shift the threat downstream. A substantial number of VPN providers are not trustworthy and likely more dangerous than your ISP.

Basic CD With CodeBuild

Automated deployment from CodeCommit to S3 through CodeBuild/Lambda

I’ve been meaning to start experimenting with CodeBuild since it’s announcement and decided to put something basic but flexible together as a proof of concept. The TL;DR was to create an environment with a CodeCommit repo and a push trigger. That trigger fires a Lambda, which invokes a CodeBuild project, depositing a set of the repo files into an S3 bucket. It is possible to include these in a CodePipeline, rather than trigger a Lambda from CodeCommit, but there are a couple reasons I decided to go the Lambda route.

Route 53 Apex Domain External Hosting

Using S3 to redirect your Route 53 managed apex domain to 3rd party CNAME hosting.

If you are hosting content with a 3rd party provider that relies on a CNAME for using a custom domain (i.e. SquareSpace) and your domain is managed in Route 53 you will find you have an issue with your apex domain (the domain without the “www.” at the front, so for this website it would be “mikeapted.com”). While some managed DNS providers (like DNSimple) allow you to create an ALIAS record at the apex, this is not an option in Route 53.

ACM Validation Domain

Sending validation emails to apex domain for subdomain requests.

The release of AWS Certificate Manager has been a fantastic resource for zero cost issuance and management of SSL/TLS certificates for use in your AWS environments. As per the ACM marketing collateral: With AWS Certificate Manager, you can quickly request a certificate, deploy it on AWS resources such as Elastic Load Balancers or Amazon CloudFront distributions, and let AWS Certificate Manager handle certificate renewals. SSL/TLS certificates provisioned through AWS Certificate Manager are free.