Serverless Ingress Solution on AWS


Below is the typical ingress solution for many organizations' AWS workloads. The data flow is: Users -> CDN (e.g Akamai,Cloudflare) -> Ingress internet-facing ALB -> Ingress ASG (e.g Nginx, HAProxy) -> TGW -> Workload internal ALB -> Workload applications (ASG or K8S services). As you can see, the improvements are the adoptions of some Cloud … Continue reading Serverless Ingress Solution on AWS

Advertisement

Two Examples of using AWS Network Firewall


AWS Network Firewall is a high-available and scalable firewall service that provides network protections for VPC, which is a supplement to the existing security services. Security group protects computing resources (EC2, Lambda, RDS...)NACL (Network Access Control List) protects subnetsWAF (Web Application Firewall) and Shield protects frontend resources (ELB, CloudFound, API Gateway) There are quite a … Continue reading Two Examples of using AWS Network Firewall

When KMS key grant is created for Lambda execution role?


I was working on a new Lambda function a couple days ago. It took me a while to deploy it successfully via CloudFormation. It was all due to some required IAM policies were missed in the deployment role. So I had to delete the stack then create again for a couple of times. When I … Continue reading When KMS key grant is created for Lambda execution role?