Category: Security

Understanding how third-party query engines integrate with Lake Formation


Integrating with AWS Lake Formation allows third-party services to securely access data stored in Amazon S3–based data lakes. Over the past few days, I’ve gained several valuable insights from hands-on experience that I’d like to share. I will walk you through the end-to-end workflow illustrated above and highlight some key lessons and challenges encountered along … Continue reading Understanding how third-party query engines integrate with Lake Formation

How to assume root user of an AWS account?


Due to that some tasks require root user credentials, from time to time we need to login into an AWS account as root, e.g removing a misconfigured S3 bucket policy which denies all principals. Conventionally, we login into the account from the AWS login console with root user email, password and MFA. Now, there is … Continue reading How to assume root user of an AWS account?

Serverless Ingress Solution on AWS


Below is the typical ingress solution for many organizations' AWS workloads. The data flow is: Users -> CDN (e.g Akamai,Cloudflare) -> Ingress internet-facing ALB -> Ingress ASG (e.g Nginx, HAProxy) -> TGW -> Workload internal ALB -> Workload applications (ASG or K8S services). As you can see, the improvements are the adoptions of some Cloud … Continue reading Serverless Ingress Solution on AWS