This post is a follow up to Hosting a Single Page Application in AWS. It builds on that article with some specifics for the Single SPA micro frontend famework. There are couple core problems to solve here when using the recommended setup outside of just hosting the applicaiton as described in the article linked above.… Continue reading Deploying a Single SPA Application on AWS
Category: AWS
Hosting a Single Page Application in AWS
Last year I started using Single SPA as framework for a microfrontend based single page application. Part of this was figuring out how to even host a single page application in AWS. I wanted to do this without having to run servers and instead rely on AWS services only. This is the solution I arrived… Continue reading Hosting a Single Page Application in AWS
Create Your Own Certificate Authority with Terraform
I did this for an EC2 Client VPN Endpoint and certificate based authentication in a continuous integration environment. It might also be suitable for localhost certificates and is pretty much what Minica or Easy RSA does. But I do a lot of infrastructure work with Terraform, so here we are. Another important note: AWS has… Continue reading Create Your Own Certificate Authority with Terraform
AWS Transfer: SFTP rename Fails with Permission Denied
Just hit this little fun thing. Using the rename command for SFTP seems to use the s3:CopyObject action, which attempts to copy any object tags as well as the actual object itself. The IAM Permission associated with the SFTP user must allow s3:GetObjectTagging and s3:PutObjectTagging or a rename command will get an Access Denied message… Continue reading AWS Transfer: SFTP rename Fails with Permission Denied
Using AWS Transfer with a Custom Lambda Identity Provider
This week I got a chance to work on implementing AWS Transfer as an SFTP server backed by a set of S3 buckets. Authentication in this new system is handled by another, self-serve SFTP application. Users can create an manage SFTP users there and AWS Transfer uses their usernames, passswords, and public keys to authenticate… Continue reading Using AWS Transfer with a Custom Lambda Identity Provider
How Access an AWS Container Repository from Another Account
Like many things AWS all this information can be found in the AWS docs themselves, but scattered everywhere. This article on service policies (or resource policies) vs IAM permissions provides some background for what we'll do here. There are two pieces here: 1. The Elastic Container Repository (ECR) in one AWS account (account ID 1111111111… Continue reading How Access an AWS Container Repository from Another Account
Use Many S3 Buckets
Should applications use one S3 bucket, putting different categories of files under different directories?1 Or should an application use multiple S3 buckets -- one for each different category of files? As the title implies, the answer is many S3 buckets. While some things, like lifecycle rules, can be configured based on directories (key prefixes, really),… Continue reading Use Many S3 Buckets
Building an Upload System Backed by S3 and Client-Side Uploads
One of the things I try to do when building applications is keep servers stateless. This makes those servers easy to throw away -- a piece of infrastructure failing (which it always will) is not a big deal with stateless servers. Just spin up a new one. When the requirement came down the pipeline to… Continue reading Building an Upload System Backed by S3 and Client-Side Uploads
AWS’ Minimum Level of Complexity
The past week I've been doing some training at PMG around our AWS setup and infrastructure. In the past year we've become heavy users of Docker and Amazon's Elastic Container Service as well as moving more towards infrastructure as code with terraform. My team, understandably, feels a bit overwhelmed by the complexity of our AWS… Continue reading AWS’ Minimum Level of Complexity
One Way to Manage Secrets in Dockerized Applications
Putting configuration in the environment is a fairly well acknowledged best practice now. That configuration often includes secrets. But environment variables in container images -- like the docker ENV stanza -- are not really secure. They are built as part of the image, after all, so anyone with access to the image can get at… Continue reading One Way to Manage Secrets in Dockerized Applications