Boto sessions and AWS multi-account

Generally when I’m writing an automation script for AWS resources, the action is isolated to the one account. Recently, I worked on a script that manipulated resources across multiple accounts. It’s good practice and a common pattern to host separate environments and resources in different accounts, unifying them then by creating a third. Users are assigned limited permissions in the third account, they can then take the step of assuming an IAM role to access the secure environments through a trust relationship with it. [Read More]

Lambda Pattern: Hopper

Reusable patterns for Lambda

Hopper: 1. A container for a loose bulk material such as grain, rock, or rubbish, typically one that tapers downward and is able to discharge its contents at the bottom. 2. A person or thing that hops. A simple pattern I’ve been using lately when working with serverless architecture is what I’ve been calling a hopper, i.e. a Lambda function that takes as argument a path to some semi-structured data that can be iterated over then passed onto another Lambda function with the purpose of performing some well defined and isolated task. [Read More]

AWS Config and Resource Tags

An infrastructure piece I’ve been working on over the last fortnight is enforcing tags on resources in the AWS account environment. If you’ve worked in an Amazon account that hosts multiple environments with different resource types and jobs you will know it can quickly become difficult to tell if some resource is necessary or not, it may have been created by another team member and no one remembers if it’s used anymore. [Read More]