AWS: How to get notified on compromised credentials

26 March 2019, Tamás Sallai
When you create Access Keys, you are basically blind how they are used. You can see the effects, like new instances starting or things disappearing, but to see how the key is used you need a separate service. CloudTrail records all calls to the AWS APIs and logs some metadata, such as the caller, the result, and a few others. Using this information you can get an insight into how your keys are used, and whether they have landed in the wrong hands.

Optimized SPA deployment CloudFormation template

19 March 2019, Tamás Sallai
A typical SPA deployment consists of two types of assets: dynamic and static. The former, usually the index.html, can change its content upon version change, while the latter, files like 7a5467.js, cannot without renaming. Modern compilers support this use-case with a technique called revving, that renames the file and all references to it to contain the hash of the contents.

How to automate development tasks using NPX

12 March 2019, Tamás Sallai
When I look at what I do as a developer, most of the things are repeated actions that I don’t automate because “this is the last time I need to do this”. Editing a file, restarting some server, switching to the browser, refreshing and navigating it. Then I make another small change and do the same process again.

Keep costs under control when using t3 instances

05 March 2019, Tamás Sallai
I’m sure you know the t3.nano instance type in EC2. It has access to 2 vCPUs, has moderate bandwidth, and is generally an all-purpose virtual machine capable of handling light workloads. You need to pay separately for block storage and network usage, but considering only the CPU it will cost at most $72 a month.

Editors' Favourites

One of the most catastrophic of the AWS account security breaches is not sophisticated hacking involving 0-day vulnerabilities traded on the deep web by high-profile hackers. It is when you post your access and secret keys in plain text to the public. After all, it’s so easy to test with some hard-coded keys and accidentally push it to the VCS.
S3 signed URLs provide fine control over who can access private resources. It is flexible regarding both the permission side and also on the ease of automation.
Why some projects are clean, easy-to-read, and performant, while others a convoluted mess? Why, when making a modification, in some codebases everything falls into place immediately, while in others it’s more like walking on a minefield?
As WebPack 2 barrels forward, Tree Shaking — or more technically, the removal of unused exports using static analysis — is finding its way to the mainstream. Developers are putting their hopes high, as it promises to solve the pressing problem of bloated packages. Usually, only a fraction of code is actually needed from each dependency but their entire codebase is bundled, increasing the size.