I regret to inform that I am extremely back on my bullshit.

I've been thinking about connectivity in unusual places. And I got to thinking: can I establish bidirectional connectivity over the Internet between two EC2 instances in private subnets without a third-party relay? Typically you would expect that connectivity between instances A and B isn't possible - `ping` fails to yield responses after all. But it turns out that an instance with a public IP address in a VPC with an IGW attached can _receive_ traffic - it just can't respond to it.

After using AWS for ~14 years, I've internalised a handful of design patterns that I try to apply to my own software. I'm keen to know if it's the same for other folks.

Roughly: tags, IDs (thrice), limits, pagination.

(I'm not going to use the thread emoji) 1: Tags.

A lot of software has support for tags, but it's usually a set of strings. This is useful in the case of "show me all resources tagged 'engineering'". Or even "show me all resources tagged 'engineering' and 'frontend'".

New thing alert: jwtex. GitHub OIDC federation was a great start, but I want more. Specifically:

a) The ability to use GitHub CI job info as AWS role session tags.

b) CloudTrail entries enriched with a lot more context about the CI job that assumed the role.

1/5 github.com/aidansteele/jw…

It's a Lambda app that receives JWTs, transforms them and returns new OIDC-compatible JWTs. Your AWS IAM roles trust this IdP instead of GitHub.

You provide a "mapper" Lambda function to process the JWT. The sample function creates role session tags. 2/5

(1/13) People seemed to like the thread last week about silly IPv6 TOTP possible in AWS EC2. But then @donkersgood said I should do something useful instead.

So here are some useful things that are possible thanks to the AWS Gateway Load Balancer

https://twitter.com/__steele/status/1478904436747427840

So far I've seen a few boring firewalls (no offence) and nothing else done with the GWLB. So I made a framework and a few sample apps to demonstrate what's possible.

It's called flowdog because I am bad at names. And logos. But I like dogs. github.com/aidansteele/fl…

I've been using AWS CDK full-time for six months now. My feelings are mixed. First, the requests. I wish AWS CDK had these behaviours out of the box: First: default tags. It would be very useful to me as an AWS admin if CDK resources automatically had some default tags. Useful ones would be:

• cdk:id
• cdk:path
• cdk:stack-name

I made a thing. stepfn.dev is a site for rapidly iterating on AWS Step Function designs. Change a few characters, hit Cmd+Enter, see result ~300ms later. Much faster feedback loop.

The other use is sharing SFNs on Twitter for when you need help.

1/4 It's the first website I've built in React and most of the buttons in the nav don't actually do anything yet. But I figure YOLO. It's all on GitHub so I'd appreciate some frontend help from anyone with more than my one day of experience.

2/4

I like the AWS CodeBuild curated environment Docker images, but I'd like to add a couple of things without having to modify the "install" step across all my projects.

Using the curated Dockerfile adds at least 5 mins to CodeBuild provisioning time. So what can we do to fix it? I extracted the curated images' layers from the CodeBuild environment and published them to Docker Hub.

Using this as the the base for my own custom images has eliminated the 5+ min delay as CodeBuild no longer needs to gunzip 4GB of layers on every build.