Infrastructure (AWS)

When requesting an ACM certificate, AWS will ask you to add some CNAME records in Route 53 (or yo...

If you're performing a particularly long operation (e.g. the user submitted an AJAX request to pe...

Below is an example of a function you can use to set the Content-Disposition HTTP header when a U...

There are several outdated articles on the AWS website about how to integrate CloudFront and WAF ...

While CloudFront natively supports websockets, there is one major pitfall you can end up running ...

Although the pricing for ALBs is ~$18/month (before accounting for traffic), keep in mind that th...

Check the User-Agent header for incoming requests Depending on your load balancer, it will perio...

The flexible timeframes feature on EventBridge is there to help avoid having e.g. a bunch of task...

EventBridge scheduler role An example IAM role for EventBridge schedules is below. The main poin...

Example permissions policy This policy grants access to create, update, delete and invoke Lambda...

Example permissions policy This policy allows access to objects within a given bucket. The main...

Example permissions policy { "Version": "2012-10-17", "Statement": [ { ...

Example permissions policy This policy grants permission to create, delete and get Parameter Sto...

Note: this isn't used, as despite the lower cost, ARM has significantly lower performance for Des...

To save on repetitive code in your Lambda functions, you can define a custom Lambda Layer to add ...

Different Lambda runtimes are bundled with different AWS API versions The different runtimes, de...

Compiling sharp for x86_64 architecture To use Sharp for Node.js properly, we need to compile it...

There are two secure ways you can give a Lambda function permission to invoke other AWS services,...

While Lightsail supports IPv6, you can't assign static IPv6 addresses. They'll remain the same fo...

Normally when you use Lightsail, you can't connect to other AWS resources from your Lightsail ser...

Beware that, if you use EventBridge to send a notification somewhere after a MediaConvert job com...

Strictly speaking, Amazon RDS does not give you full root privileges on your database server (so ...

Connection pools take up connections even if they're not being used Your database server is goin...

Using the batch query function When using batch queries via conn.batch, be aware that attempting...

If for whatever reason you need to restore a snapshot of an RDS database, there are a few possibl...

Warning: auto-generated passwords  When creating an RDS instance, if you choose "auto-generate a...

If you fail to clean up connections properly, you can end up with functions taking a lot longer t...

Minor version upgrades You can do these easily in the RDS console (be aware they will cause some...

When exporting backups of a Redis node or cluster to S3, you'll be greeted by a rather unhelpful ...

Install Redis for windows using the instructions here: https://redis.io/docs/getting-started/inst...

For public and protected buckets, add a lifecycle rule: - Filter with prefix "tmpuploads/"- Expi...

Replace values in "AllowedOrigins" with your website domain. This will allow fonts to be loaded v...

SMTP credentials vs. IAM Access Keys If it looks like an IAM credential, walks like an IAM crede...

Setting up Amazon SES to send (but NOT receive) emails: - Register your domain in Route 53 (or t...

Setting up Amazon SES to send and receive emails: # WARNING: Amazon SES only supports receiving ...

When using SES: - Emails sent directly via SMTP, e.g. via Monolog/PHPMailer, must be sent with t...

If you have an error in one of your email templates, or any code that uses them, you may end up w...

When adding IP addresses or CIDR blocks to VPC security groups - make sure you're using the priva...

Normally when you use Lightsail, you can't connect to other AWS resources from your Lightsail ser...

If you're running a Lambda function within a VPC (for instance, to allow it to connect to an RDS ...

VPC Endpoints Not all AWS services can communicate with each other, as some are in a VPC and som...

Setting up WAF to protect Lightsail instances is a little awkward. From a technical standpoint, L...

The free managed rule groups still incur a charge Be aware that, although the AWS managed rule g...

If your infrastructure setup is such that all of your site visitors are coming to your website th...

Default VPC security group changes Modify the security group to allow TCP ports 3306 and 6379 (f...

IAM Policies Deserted-Chateau-Test-Lambda-Admin-Access { "Version": "2012-10-17", "St...

deserted-chateau-test-external-site-assets Bucket Policy { "Version": "2012-10-17", "...

See the codebase for a list of functions and layers to upload to Lambda, under the /lib/aws/ folder.

Verified Entities Add desertedchateau.com as a verified domain entity. See the SES chapter for c...

/Deserted-Chateau/Credentials/BunnyAccountCredentials {"api_key": "<bunny API key>"} /Deserted-...