Posted 2025-04-05Updated 2025-04-20Resume / Certificationa few seconds read (About 23 words)

Got my AWS solution architect certification!

It has been a while since last certification, so I felt that its natural next step was earning this one:
View credentials here

Posted 2024-05-07Updated 2025-04-20Website6 minutes read (About 898 words)

Domesticate AWS nested stacks in Java: doing the chores Cloudformation doesn't do (w/ code samples)

In this article we’ll navigate through the creation of a Nested Stack in Cloudformation using the Java SDK. The child stack will be a lambda function, and the code will be uploaded with a zip archive.

What’s Cloudformation, and what’s a nested stack?

Cloudformation is the AWS offering of infrastructure as code. Instead of navigating the web UI adding and configuring resources, Cloudformation offers the capability of reading a user - supplied file (either JSON or YAML) containing the list of resources and their relationships and create them as the code states.
These resources must be grouped in Stacks, which is the parentmost object that Cloudformation can process.
Things get interesting when stacks reference other stacks, of course :-)

Posted 2024-05-06Updated 2025-04-20Website13 minutes read (About 1898 words)

Please stop publishing AWS S3 buckets as static websites! Read here for a secure, fast, and free-ish approach [1st episode]

I promise this is not yet another tutorial on how to publish a static website using AWS S3, or at least not solely smashing the S3 content onto the web. I’d like to show you a GitHub project that uses Java to orchestrate Cloudformation when deploying the architecture of a static website.

The main purpose of this tool is going beyond the S3 out of the box website functionality, that is:

Make the S3 bucket private (so, secure)
Provide HTTPS certificates (secure, again)
Serve the content via cloudfront cache (so, fast)
Hide the complexities of working with Cloudformation

I’m in for fast and secure, but free…ish?

Not all the resources that need to be fired up for this architecture are within the AWS free tier, expecially the domain. Nevertheless, all the costs that I’ve seen after this website was published were only live costs. Let’s review them from the most to the least expensive:

The domain: 20€ / year if hosted on Route53 (as marcoaguzzi.it) but you can host it elsewere (on cloudns, and it’s free)
Route53 and Codepipeline: 1€ / month each. It’s one for the hosted zone and one for the pipeline. The pipeline comes with a good amount of free build / minutes
Secret manager: less than 0.5€ / month (there’s a grace period when started)
Cloudfront and S3: 0.01€ / month each

Of course these are starting costs, they can go a lot higher as the usage increase, but it should be a welcomed issue, I suppose

Hide the complexities of Cloudformation

Cloudformation migth be a burden to use, especially within the web UI. These are the main issue I addressed in the project:

Have a self - contained architecture
Be repeatable. Could it deploy the same architecture on another domain?
Ease the deploy process, especially when the domain is not hosted on Route53
The nested stacks are not automatically resolved by Cloudformation

The Java tool to the rescue

While experimenting with Java and Gradle, I wondered if I could use Java to mitigate the problems listed above by orchestrating the instructions that Cloudformation needs in order to deploy the website. This turned out as a Github project: https://github.com/maguzzi/s3_static_website_gradle. The Gradle build creates a distributable archive with all the needed jars.

Posted 2024-03-25Updated 2025-04-20Website4 minutes read (About 670 words)

Update Github token in Codepipeline with Cloudformation

The use case

This post comes from the fact that the token used by Codepipeline to connect to Github to download the source code of the website has expired. Hence, the automation “push and update the website” is not working. Here’s the error:

Error in pipeline

Let’s view how the secret is stored into cloudformation, and how codepipeline can connect.

The secret stack

The cloudformation stack is quite easy. It does not have any hard dependency on other stacks, and it’s used both to download code for dev and prod website.

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Parameters": {
        "GithubOAuthTokenParameter": {
            "Description": "Github OAuth Token",
            "NoEcho": "true",
            "Type": "String"
        }
    },
    "Resources": {
        "GithubOAuthToken": {
            "Properties": {
                "Name": "GithubOAuthToken",
                "SecretString": {
                    "Ref": "GithubOAuthTokenParameter"
                }
            },
            "Type": "AWS::SecretsManager::Secret"
        }
    }
}

The next part of the post is dedicated on how to create and use this cloudformation template

Posted 2024-01-16Updated 2025-04-20Website9 minutes read (About 1305 words)

A new AWS account: leave ROOT user and look out for expenses

Congrats! you’ve just opened a brand new AWS account. What now? Beside getting rid of the root account, the second most wise action to do before doing anything is setting some control for bills.
I’m writing this post because some months ago I incurred in a 20 - something dollar bill from AWS for one of the accounts I opened in order to do some exercises. The account hadn’t much going on, but I left a disconnected elastic IP on for about a week… thus the mishap.
So let’s see what I’d love to have done in that situation, of course along with the respective Cloudformation templates.

Activate cost explorer

While being with the root account, you might want to turn cost explorer on. You can do it from two places: in the main UI you should see a box with “Cost and usage”, and at its center a button stating “Turn on cost explorer”