How To Tutorial

Never again waste time to set up permissions for an S3 access point.

Bubble Nebula by NASA, ESA, and the Hubble SM4 ERO Team

Recently, I got a call from one of my customers, saying they were struggling to set up a S3 access point. They wanted to share a large data set across several company accounts, but could not get the permissions to work correctly. After some back and forth, I managed to weed out all the issues. However, we ended up spending much more time than any of us would like to admit.

The requirement

We have a S3…


Notes from Industry, What I’ve learned

Security best practices that helped us pass a security audit with flying colors

AG Carinae (“Celebrity Star” Nebula) by NASA, ESA and STScI

Currently Amazon S3 and CloudFront are some of the best cloud services for delivering production-ready SPAs, such as Angular apps, Vue apps or React apps. Unfortunately, by default, S3 and CloudFront don’t have all security features enabled, needed to run such SPA frontend apps in production.

Overview of Security best practices with S3 and CloudFront


How To Tutorial

Not passing an auth token header from CloudFront to AWS Application Load Balancer can be a huge mistake

Crab Nebula by NASA, ESA, and STScI

Failing to inject custom headers in CloudFront distribution! I have seen my customers make this mistake time and again. They do a wonderful job setting up the infrastructure with CloudFront and Application Load Balancer (ALB), but fail to block direct access to their ALB properly. Effectively, rendering the whole setup useless.

Securely configuring ALB with CloudFront

There are…


What I’ve learned

An S3 policy anti-pattern to avoid; And how to unlock an S3 bucket

Carina Nebula by NASA, ESA and STScI

Recently, I did a review of security policies for one of my customers. In the process, I managed to accidentally lock myself and everyone in the company, out of an S3 bucket. It was not just any bucket, no — it was the bucket holding all the customers' media files. Imagine having to ask all your customers to reupload all their photos, videos etc…

An anti-pattern S3 policy to avoid

Let’s see what I did so wrong, when I attached the following policy to the S3 bucket.

Anti-pattern S3 policy statement that will render a bucket fully locked.

Attaching the above policy to an S3 bucket…


How to tutorial

Part 1: How to build a development container with VS Code and Docker (plus a demo video)

Butterfly Nebula by NASA, ESA, and the Hubble SM4 ERO Team

Dev containers and CLI tools have been gaining popularity among open-source and commercial projects. Recently, I built a dev container for Polaris SLO Cloud, an open-source project I am involved with. Previously, I reported on main lessons learned. In this two-part series, I will give a hands-on tutorial on how to build a development container, with VS Code and Docker (Part 1 — this article) and how to create a CLI tool, with Nx (Part 2).

Building a dev container with Docker and VS Code

In this section, I will show how to build a dev container from scratch using VS Code and Docker. Later in the article, I…


What I’ve Learned

What I’ve learned from building a dev container for an open source project

The Pillars of Creation in the Eagle Nebula by Hubble Space Telescope

With the rise of cloud native applications and the advent of microservice architectures, a lot has changed in terms of how we develop applications. Recently, I have spent some time setting up development containers for Polaris SLO Cloud, an open source project I lead. My main aim was to make our project more accessible to our (future) developers. Since it is a Kubernetes project, configuring local development environment can be a project in itself — I wanted to improve this experience.

Development containers

A development container is a running Docker container with a well-defined tool/runtime stack and its prerequisites¹. Basically, a development…

Stefan Nastic

Software engineer, Cloud expert, DevOps enthusiast. Sharing my experiences and learnings from solving interesting engineering problems.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store