Introduction In hybrid and multi-cloud environments, one of the biggest challenges is enabling secure access to cloud resources without relying on static credentials such as IAM access keys. As organizations integrate on-premises workloads, edge devices, and services running in other clouds with AWS, identity management becomes a critical piece of the architecture. AWS IAM Roles Anywhere addresses this challenge by allowing systems outside of AWS to authenticate using X.509 c

1. Introduction This document describes how to use the SSM Cronjobs Terraform Module to define, deploy, and operate scheduled operational tasks on EC2/ECS hosts using: SSM Documents (run shell scripts). SSM Maintenance Windows (scheduling, orchestration). Instance / resource targeting via tags. This module is designed for: Operational jobs (migrations, maintenance, cleanups). Jobs that must run inside existing hosts or containers. Jobs that must run in a specific order. J

Introduction When deploying APIs on AWS using Application Load Balancers (ALB), it is common to configure Security Groups to allow HTTP/HTTPS traffic from any source (0.0.0.0/0). While this works, it violates the principle of least privilege and exposes your infrastructure to unnecessary risks . In this article, I’ll show you how to improve your API security by using CloudFront as a distribution layer and restricting access to your ALB so that it only accepts traffic from Cl

For years, DevOps teams have been told the same story: automate everything you can, design for failure, and aim for operational excellence. The guidance is solid. The reality, however, has been harder. Modern systems are no longer simple stacks you can reason about from a single dashboard. They are living environments: multiple AWS accounts, distributed services, continuous deployments, third-party integrations, and teams shipping changes daily. When something breaks, the pro

Based on a real project implementation + official references Azure DevOps does NOT support native OIDC federation to AWS. Even though it can theoretically issue a token: It cannot be used for write operations It does NOT work with SigV4 It is NOT an officially supported method by AWS Therefore: We had to install the AWS Toolkit. We had to create an AWS Service Connection. Only then Azure Pipelines could write to AWS (ECR/Mira, S3, Terraform, etc.). This is exactly what we i