Adding a subscription to an SNS topic in CloudFormation is easily done with a few lines:

But that’s actually not enough. While creating a subscription in the AWS Console is a single step it implicitly creates a Lambda permission for SNS to invoke the function. This needs to be added as a separate resource in CloudFormation:

This will allow SNS to successfully invoke the function.

I just had the need to check a record on all NS servers of a zone to see whether they had been updated with the new zone config and returned the correct IP addresses for the name.

In the CLI this is quite a considerable amount of typing. That’s why I created a small script for it:


I’m currently two days into the Advanced Architecting on AWS class and am looking forward to taking the AWS Certified Solutions Architect – Professional Level exam later this month. Since I noticed there is quite some interest in this certification I want to use this blog post to discuss the sample exam questions you can download from AWS. If you haven’t figured them out for yourself you might want to try them first before continue reading as this post is a huge spoiler.

Continue reading

Today I updated to OS X 10.10.4. I was really happy when I read through the change notes despite the fact that I actually shouldn’t have been as there were also a dozen or so fixes for possible unauthenticated remote code executions in several components of the system.

But I was happy because it was promised that they had fixed an issue which could lead to the system to stop responding under certain conditions. One of them was your computer being connected to a directory service. Check – my computer is member of an Active Directory domain. So I know some of those certain conditions.  Like trying to connect my Mac to the Internet via my Windows Phone’s WiFi Internet sharing. Or trying to login to my non-directory account first after boot without having logged in as directory user. Or sometimes when waking up from sleep. And some other conditions I could not find a pattern for. This can really be a pain especially when being somebody who is doing on-call duty and needs to be able to rely on the computer to actually work when servers are burning.

I cannot tell if the update works. I hope it does but my hope is limited though. And this is why I’m writing these lines. Because I just witnessed another thing that adds into why my fate in OS X is declining:


Maybe I should start looking at Linux again…

I wonder what’s going on lately. Some bot-net is trying to brute force its way into my blog since a couple of days. Usually I couldn’t care less – I’m using a secure password and the default user is disabled. But it makes my security plugin flooding my inbox and I’m starting to get really annoyed by that.

Here is what I did to put an end to that. I added a few lines to the .htaccess to put an HTTP auth in front of the login and some more lines to deny access to the password file which lives in the document root so it is automatically included in the nightly backups:

The attacker has quite a bit of resources at hand. So far I didn’t see any multiple occurrences of IP addresses in the logs.

In the second episode of my µC adventures I’m not losing any time and directly approach the thing that I started tinkering with electronics in the first place.

The device I’m going to build is supposed to measure the water level in out rain water tank. And of course the measured level needs to be submitted to a server on the Internet via WiFi which is the main reason why I’m using the ESP8266.

After browsing the Internet for a few minutes I figured the best way to go would be with using capacitance to measure the water level. I wanted to have high resolution so any solution that would involve using conductivity of the water (which I found used in quite a few project write-ups online) is out of the equation.

Continue reading

I created a small helper script that encapsulates API calls for simple snapshot management. This can be used in cron jobs to trigger snapshot creation and cleanup.

Keeping manually created snapshots is the least backup security one should have on top of automatically created snapshots as the latter type is deleted together with the instance. In case of unintentional deletion of an RDS instance automated snapshots are of no help to restore the data.


Trying to wet my feet with micro-controllers I just started to play around with the ESP8266 which I find much more sexy than any Arduino that I’ve seen so far. Most probably because of the visual experience – I’m a visual guy when it comes to tech after all. ;-)

I’m also trying to start doing write-ups of my progress. I always wanted to do that but newer really got myself to actually do it. So here it is: My first post about my adventures in the world of micro-controllers.

The micro-controller I chose for prototyping is a MOD-WIFI-ESP8266-DEV from Olimex. First of all it is breadboard friendly. Secondly it exposes all of the chip’s pins and has 2MiB of flash memory which should be enough to house even more sophisticated projects. (Which I can’t judge yet because of lack of experience but I go with the rule of thumb that more usually is better.)


Continue reading

If you like to work with AWS on the CLI you can easily open the AWS by using a specially crafted link that logs you in using the credentials from your shell environment. To assemble the link you can use this little Python script: