Terraform modules often need a balance between flexibility and simplicity. Sometimes you need a reusable module, but you do not want every caller to define whatever possible option. Some values should be optional, some should have defaults and some should…
User-uploaded files are a common security risk. If an application allows users to upload PDFs, images, or any documents into S3, those files should be scanned before they are trusted by downstream services. Instead of building a custom pipeline with…
When working with a Terraform VPC Lambda setup, you will not always be creating AWS accounts and networking from scratch. In many projects, the client already has an AWS Landing Zone in place, with much of the foundational infrastructure and…
Sometimes we just need frontend to simply place files into S3, so routing every upload through API Gateway and maybe Lambda adds extra latency, extra cost and extra code to maintain. Also there is API upload size limit of 10MB.…
When working with asynchronous systems in AWS solutions usually include SQS without thinking too much about long-term architecture and structure. Regardless that SQS is generally easy to deploy and use when you start deploying multiple services and solution gets on…
Backup and restore strategies are something we usually configure it just in case anything bad happen but we never actually test it and try it out to see in more details how it works.In AWS environment when using RDS cluster…
Authentication in modern applications is an architectural boundary. It defines how users prove their identity, how applications obtain tokens, how APIs validate incoming requests, and how permissions are enforced across services. When authentication is configured manually in the AWS console…
When managing data heavy infrastructure at scale we often forget about backups as we are used to fact that cloud will not fail us until one day you actually need to restore it. Having a consistent, automated backup process across…
AWS CloudWatch is a powerful service for monitoring resources and applications. While AWS automatically provides metrics for most services, sometimes you need to create custom metrics that CloudWatch do not provide by default. For example, to track whether your data…
When managing infrastructure with Terraform, enforcing standards across teams and environments could be essential. When working alone or in small team I can say these policies might not be needed but as soon as it became hard to manage all…
