by Stephen Kuenzli | Dec 16, 2019 | AWS, Cloud
This is the second post in a series about how the Cloud is changing how we manage network access control and application identity. In particular, my thesis is that the use of a network-centric identity such as an IP address or subnet to identify an application is... 
by Stephen Kuenzli | Dec 9, 2019 | AWS, Cloud, Security
Cloud Pattern: Secure Inbox Today, I’d like to describe a useful pattern for many Cloud-hosted applications, the Secure Inbox. Problem: Organization A needs to publish a work product stored in potentially large files to a consumer in organization B. Organization... 
by Stephen Kuenzli | Dec 6, 2019 | AWS, DevOps, Security
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied Ugh… that looks like it could be the start of a two hour or two week long goose chase. Understanding why access was denied and implementing a... 
by Stephen Kuenzli | Dec 4, 2019 | AWS, Cloud
Photo by Paula May I had an interesting conversation yesterday with someone looking for advice on how to add ‘Cloud’ to their career path. They have more than ten years experience architecting and delivering projects in enterprise IT along with a couple of... 
by Stephen Kuenzli | Nov 25, 2019 | AWS, DevOps, Infrastructure As Code, Security
Why is AWS IAM so @!#^$!# hard?One of my favorite Directors of Cloud Platform AWS Identity and Access Management (IAM) is a security tool that controls access what AWS API actions that Principals (roles, users) are allowed to perform on which AWS resources: an S3... 
by Stephen Kuenzli | Nov 11, 2019 | AWS, Cloud, Docker, Strategy, Systems
This series on container orchestrators has covered: the general concept of a container orchestrator, their responsibilities, and typical architecturean overview of the orchestrators leading the market in 2019q4 (Swarm, Elastic Container Service, Kubernetes), what... 