Understanding the API Gateway mTLS chain depth limit
Learn why Amazon API Gateway allows only four CA levels for mTLS, what causes 403 errors, and how to reproduce and troubleshoot the depth‑limit.
Javier Carrera
End-to-End Multi-Account Amazon VPC Flow Logs Centralization & Analysis with AWS Config, Amazon S3, AWS Glue & Amazon Athena
Learn how to automatically enable Amazon VPC Flow Logs across all AWS accounts, centralize them in a Log Archive Amazon S3 bucket and build cross-account AWS Glue tables and Amazon Athena queries in your Audit account for scalable, end-to-end log analysis.
Optimizing Multi-Architecture Container Image Builds on AWS
Learn how to optimize multi-architecture container images using CodeBuild, Docker Buildx, and Amazon ECR. I focus on two powerful techniques: structuring Dockerfiles to leverage build caching effectively, and enabling ECR layer caching with Buildx.
Capturing Detailed Amazon SES Email Logs in CloudWatch Logs
I'll explore the available SES event destinations and provide three practical options to capture and store detailed SES event logs in CloudWatch Logs.
Solving the ECS Task Definition Update Challenge in CodePipeline Deployments
The ECS Deploy action in CodePipeline updates the service with the Task Definition currently associated with the running service, not the latest one you've registered. Any changes to the Task Definition won't be applied unless you force the service to use the newest Task Definition.
Simplifying EKS Add-on Management Across Regions with a Custom Python Script
Managing EKS clusters across regions is challenging, especially ensuring all clusters run the latest compatible add-ons. This post explores a Python script to simplify verifying add-on versions, identifying upgrade options, and keeping your EKS clusters up-to-date efficiently.
Automating AWS Lambda Deployment with Container Images using CodePipeline and CodeBuild
This article walks you through automating the packaging and deployment of Lambda code in a Docker container using AWS CodePipeline and AWS CodeBuild, with the source code stored in a private GitHub repository.
AWS GenAI 101 by DoiT
The AWS GenAI Day, organized by my employer, DoiT, was a comprehensive event designed to delve into the current state and future of Generative AI (GenAI) and showcase how businesses can harness this technology using AWS services. Here's a summary of the key takeaways and insights from the event.
Access an S3 Bucket using SFTP and password-based authentication
This solution explains how to access an S3 bucket using SFTP in scenarios where only password-based authentication is available (for instance, when using a legacy SFTP that uses passwords to authenticate and it's not possible to change the client).
List EC2 instances making calls to the Instance Metadata Service using IMDSv1
A script that scans all EC2 instances in an AWS Account across all regions for their use of the IMDSv1 protocol within the past 15 months, based on two CloudWatch metrics: MetadataNoToken and MetadataNoTokenRejected.