Keith Gregory

Running the SAM CLI on Linux

I find the SAM (Serverless Application Model) CLI extremely frustrating to use on Linux, starting with installation. But this week I learned two things that simplify both installation and operation. I’m passing them on in the hopes that they’ll be useful to you as well.

RDS Database Authentication with Spring Boot: Part 2, IAM Authentication

Frequent database password changes are a best practice, because they reduce the “blast radius” if compromised. However, restarting your applications in order to pick up the latest password can be onerous in a large deployment. This post describes how to implement a custom Postgres datasource that calls on IAM to generate a password whenever your application opens a connection to the database.

RDS Database Authentication with Spring Boot: Part 1, Secrets Manager

Frequent database password changes are a best practice, because they reduce the “blast radius” if compromised. However, restarting your applications in order to pick up the latest password can be onerous in a large deployment. This post describes how to use AWSLabs database driver that retrieves the current password from Secrets Manager whenever your application opens a connection to the database.

Secrets Manager vs Parameter Store

AWS gives you two ways to store application configuration: Secrets Manager and Systems Manager Parameter Store. Both can store arbitrary configuration data. Both use IAM (Identity and Access Management) policies to control access. Both can encrypt the data. So which should you pick?

CloudFormation Tips and Tricks

I’ve noticed that many of Chariot’s clients — from 4-person startups to 40,000-person multinationals — use CloudFormation for their infrastructure-as-code. For them and others, here are some tips that I’ve learned while developing CloudFormation templates over the past five years.

Delving into CloudTrail events

CloudTrail provides you with an audit log of every successful API call made in your AWS account. This post focuses on management events in CloudTrail, and techniques for exploring and analyzing those events using a search engine such as Elasticsearch with Kibana.

Building Developer Sandboxes on AWS

The ability to experiment is one of the unsung benefits of cloud computing. It was, in fact what drew me to AWS in 2008. At Chariot, we have multiple sandbox environments, some for specific projects and some for general play, and recommend that our clients do the same. However, sandboxes need some controls, to ensure that they don’t become a source of runaway costs.