AWS: How to query the available CPU credits for t2/t3 instances

16 April 2019, Tamás Sallai
The instances in the t2 and the t3 instance family, i.e. the instance types that start with either t2. or t3., are burstable ones. That means the instance collects CPU credits over time that can be used later. If you use less than what you get in the long run – the baseline performance, between 5% and 40% of the available CPUs – you won’t even notice how this system works. But if you use more than that, the instance will either get throttled or you’ll get charged for the excess usage.

AWS: How to limit Lambda and API Gateway scalability

10 April 2019, Tamás Sallai
When you develop a new serverless function or an API, you should limit the scalability. You don’t need the whole cloud to power a function that you call by hand once every few seconds. On the other hand, scary stories about a runaway Lambda function generated a bill so large it would deter anyone from trying out cloud-scale computing are plenty.

AWS: Increase instance security by allowing SSH only from your IP

02 April 2019, Tamás Sallai
By blocking port 22 on your instance attackers can not brute force it or exploit eventual vulnerabilities. But then how do you access it? With some shell scripting, you can allow access specifically from your IP, thwarting attacks against the SSH server.

AWS: How to get notified on compromised credentials

26 March 2019, Tamás Sallai
When you create Access Keys, you are basically blind how they are used. You can see the effects, like new instances starting or things disappearing, but to see how the key is used you need a separate service. CloudTrail records all calls to the AWS APIs and logs some metadata, such as the caller, the result, and a few others. Using this information you can get an insight into how your keys are used, and whether they have landed in the wrong hands.

Editors' Favourites

One of the most catastrophic of the AWS account security breaches is not sophisticated hacking involving 0-day vulnerabilities traded on the deep web by high-profile hackers. It is when you post your access and secret keys in plain text to the public. After all, it’s so easy to test with some hard-coded keys and accidentally push it to the VCS.
S3 signed URLs provide fine control over who can access private resources. It is flexible regarding both the permission side and also on the ease of automation.
Why some projects are clean, easy-to-read, and performant, while others a convoluted mess? Why, when making a modification, in some codebases everything falls into place immediately, while in others it’s more like walking on a minefield?
As WebPack 2 barrels forward, Tree Shaking — or more technically, the removal of unused exports using static analysis — is finding its way to the mainstream. Developers are putting their hopes high, as it promises to solve the pressing problem of bloated packages. Usually, only a fraction of code is actually needed from each dependency but their entire codebase is bundled, increasing the size.