Amazon Web Services

In November 2021, AWS announced Response Headers Policies — native support of response headers in CloudFront. You can read the full announcement here: Amazon CloudFront introduces Response Headers Policies I said “native” because previously you could set response headers either using CloudFront Functions or Lambda@Edge. And one of the common use cases for that was to set security headers. Now you don’t need to add intermediate requests processing to modify the headers: CloudFront does that for you with no additional fee....

It’s been almost a year since I started using macOS EC2 instances on AWS: there were ups and downs in service offerings and a lot of discoveries with macOS AMI build automation. And I like this small but so helpful update of EC2 service very much: with mac1.metal instances, seamless integration of Apple-oriented CI/CD with other AWS infrastructure could finally happen. While management of a single mac1.metal node (or a tiny number of ones) is not a big deal (especially when Dedicated Host support was added to Terraform provider), governing the fleet of instances is still complicated....

With a multi-account approach of building the infrastructure, there is always a challenge of provision and governance of the resources to subordinate accounts within the Organization. Provision resources, keep them up to date, and decommission them properly — that’s only a part of them. AWS has numerous solutions that help make this process reliable and secure, and the Resource Access Manager (RAM) is one of them. In a nutshell, the RAM service allows you to share the AWS resources you create in one AWS account with other AWS accounts....

In days of containers and serverless applications, Ansible looks not such a trendy thing. But still, there are cases when it helps, and there are cases when it combines very well with brand new product offerings, such as EC2 Mac instances. The more I use mac1.metal in AWS, the more I see that Ansible becomes a bedrock of software customization in my case. And when you have a large instances fleet, the AWS Systems Manager becomes your best friend (the sooner you get along together, the better)....

In November 2021, AWS has added this functionality as a native CloudFront feature. I suggest switching to the native implementation. I have described how to configure Security Response Headers for CloudFront in the following article: Apply Cloudfront Security Headers With Terraform A couple of weeks ago, AWS released CloudFront Functions — a “true edge” compute capability for the CloudFront. It is “true edge” because Functions work on 200+ edge locations (link to doc) while its predecessor, the Lambda@Edge, runs on a small number of regional edge caches....