Managing your infrastructure as code with CloudFormation can be a double edged sword.
You’re able to automate the provisioning of vast amounts of resources from a few YAML files; at the same time a single coding error can result in your production database getting wiped and replaced afresh.
Fortunately AWS have already considered this and have a CloudFormation feature called Stack Policies.
More …
Following up from the previous post describing security best practices when setting up S3 buckets, this post tackles the next steps when you are wanting to provide your applications access to resources in your buckets.
There is a comparison of 4 architectural approaches for tackling this problem, evaluating the pros and cons when it comes to security, speed and complexity.
Head over to the hedgehog lab blog to read the post in full.
AWS S3 has been in the headlines over the past year following numerous security breaches linked to the storage service. In a blog post for hedgehog lab I cover the main security threats relating to the service, and how you can implement passive & active security measures to prevent them. Plenty of CloudFormation snippets are in there, ready to be plugged into your infrastructure codebase!
Head over to the hedgehog lab blog to read the post in full.
Also keep an eye out for part 2, which will cover four different architectural approaches to provide your applications & users secure access to S3!