I build things.

Static Site Security Posture

Using Lambda@Edge to Implement OWASP Secure Headers for S3 Hosted Websites

The combination of S3 and CloudFront offers a low cost and easy way to deliver static and client side websites. In this blog post I’ll explore how to use Lambda@Edge to improve the security posture of your S3 hosted site through the addition of the OWASP recommended browser security headers. There are some aspects of control that you don’t have, when using S3 and CloudFront, compared to serving your content from a more typical server environment.

Basic CD With CodeBuild

Automated deployment from CodeCommit to S3 through CodeBuild/Lambda

I’ve been meaning to start experimenting with CodeBuild since it’s announcement and decided to put something basic but flexible together as a proof of concept. The TL;DR was to create an environment with a CodeCommit repo and a push trigger. That trigger fires a Lambda, which invokes a CodeBuild project, depositing a set of the repo files into an S3 bucket. It is possible to include these in a CodePipeline, rather than trigger a Lambda from CodeCommit, but there are a couple reasons I decided to go the Lambda route.

Route 53 Apex Domain External Hosting

Using S3 to redirect your Route 53 managed apex domain to 3rd party CNAME hosting.

If you are hosting content with a 3rd party provider that relies on a CNAME for using a custom domain (i.e. SquareSpace) and your domain is managed in Route 53 you will find you have an issue with your apex domain (the domain without the “www.” at the front, so for this website it would be “mikeapted.com”). While some managed DNS providers (like DNSimple) allow you to create an ALIAS record at the apex, this is not an option in Route 53.