Welcome to Shikisoft Blog!

In AWS IAM, permission policies play a crucial role in securely controlling access to your AWS environment. You can attach three types of permission policies to your identities: AWS-managed, customer-managed, and inline policies. In most cases, AWS recommends using managed policies over inline policies, especially customer-managed policies created from AWS-managed policies. However, there may also be cases for inline policies. In this post, we will quickly explore IAM’s permission policies to help you decide which is best for you.

By the way, we will only talk about AWS IAM’s identity-based permission policies in this post. The resource-based trust policies used in IAM roles, in which you specify the principals you trust to assume a role, will be out of the scope of this post. So, when we use the ‘policy’ term below, it will only refer to an IAM permission policy: AWS-managed, customer-managed, or inline. Then, let’s begin.

So, when you attach a policy to an identity (a user, group of users, and a role), that policy determines whether to allow or deny access to your AWS resources. Hence, with security threats in mind, choosing the right policy type for your needs is essential, as well as granting the least privilege. But you wouldn’t want to increase the management overhead while doing this, right?

Each IAM policy type has its use cases. So, let’s analyze each one to see what features it offers.

Continue reading the A Quick Overview of IAM Permission Policies: AWS-Managed, Customer-Managed, and Inline Policies blog post.

When I first used AWS back in 2013, I remember missing some free-tier benefits in my first year. I was developing an app with Ruby on Rails and read some fancy blog posts about how another VPS provider performs better than AWS, and I didn’t use EC2 or RDS at the start. I had to manage my servers and MariaDB databases myself. Even though that Linux administration experience helped me become a DevOps engineer today and better understand AWS’s benefits, my life would have been easier then, even with fewer costs. So, the AWS free tier is a great offer, especially when starting to learn the cloud and AWS.

However, if you are new to AWS, understanding the exact coverage of the AWS free tier can be confusing. Besides, you may be concerned about encountering a surprise bill at the beginning of the following month. So, in this post, let’s discuss five of the most crucial things you need to know about the AWS free tier and how to avoid unexpected costs when benefiting from it.

Continue reading the 5 Things to Note About AWS Free Tier blog post.

In my AWS CDK with Python Step by Step course, I teach you to define your constructs from the ground up. You learn to specify your AWS resources through CDK constructs using Python’s object-oriented methods.

However, what if you need to use or reference an existing resource from your AWS account, such as a VPC? Can you import a resource to your AWS CDK app?

So, in this blog post, I will discuss how to import an existing resource as a CDK construct. But you cannot achieve this in environment-agnostic stacks. Hence, we will start with specifying targetted CDK environments for your CDK stacks.

Continue reading the Importing AWS Resources to CDK Apps with Python blog post.

AWS Identity and Access Management, or IAM, is a critical AWS component controlling access to your AWS resources. The IAM user and the IAM role are two crucial IAM concepts with similar features. So, sometimes, it can be difficult to tell the difference between them. In this post, we will discuss the similarities between AWS IAM users and IAM roles and how they differ.

Continue reading the AWS IAM Users vs. Roles: Which to access your AWS resources? blog post.

If you tried learning AWS CDK, you might have realized that three levels of CDK construct types exist when defining an AWS resource: L1, L2, and L3 (also called ‘CDK patterns’). So, deciding which CDK construct level to choose may become confusing. Sometimes, a resource’s different construct classes are even named similarly. Then, are there any advantages you get by choosing one over another?

You aren’t alone if you feel the same. This was also what I felt while learning AWS CDK. So, in this post, I will discuss AWS CDK construct levels to help you understand their differences.

I thoroughly cover them with hands-on examples in my AWS CDK with Python Step by Step course. Still, this post will be a nice addition as a summary of these crucial AWS CDK concepts.

Continue reading the AWS CDK Construct Levels: How do L1, L2, and L3 Construct Types Differ? blog post.