using Cloudwatch Events, Lambda, S3, and SNS

use case: Your company’s AWS account is close to the maximum of S3 buckets allowed. Every time an AWS bucket is created you want to be notified to evaluate whether the bucket is needed/approved.

Let’s get started by navigating to the IAM service in AWS and create a role choosing the lambda service.

For this example, we will be providing full access to the following services: S3, SNS, Lambda, and Cloudwatch. If you are in a production environment I highly recommend tightening up these permissions as all services do not require full access…

and….maybe advanced 😂

using variables & conditional statements

Before we get started…

Make sure you have an AWS account to test this in your own environment. You will also need to know how to write some basic terraform. In this article [for the most part] we will not be writing high-level terraform. In fact, a few days before this article, I myself had never written a conditional statement inside of terraform until a situation arose at work.


Your place of employment has recently (like most companies) adopted infrastructure as a code (in its cloud-agnostic form) tool Terraform. Recently the infrastructure has been stood up in terraform…

What you will need to complete this lab?

  • Basic knowledge of how to build a YAML file
  • Terraform
  • AWS
  • CI/CD Processes
  • Gitlab (free account)

* Hint: when creating your free account you import your repositories hosted in your GitHub account.

What is Gitlab?

GitLab is an open-source end-to-end software development platform with built-in version control, issue tracking, code review, CI/CD, and more. Self-host GitLab on your own servers, in a container, or on a cloud provider.

Github vs. Gitlab

See the below link on Gitlabs’ organization page about the difference between the two.

Gitlab has some vibrant features that…

⭐️ AWS Account Required

⭐️ Python3 required

What is Python?

Python is an interpreted, object-oriented, high-level programming language with dynamic semantics. It’s high-level built-in data structures, combined with dynamic typing and dynamic binding, make it very attractive for Rapid Application Development, as well as for use as a scripting or glue language to connect existing components together. Python’s simple, easy to learn syntax emphasizes readability and therefore reduces the cost of program maintenance. Python supports modules and packages, which encourages program modularity and code reuse. …

Use Case:

You are the admin over a large number of Ec2 instances that need to be stopped at night when they are not in use by your development team to save on costs. Your development team does not have a good habit of stopping them before they leave for work so it is your job to create an automated trigger in the AWS console to automatically conduct the action every night and/or start them every morning before the team comes in.

What Are Amazon CloudWatch Events?

Amazon CloudWatch Events delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources…

Part 2: CI/CD implementation with Docker deploying a static website

In this project, we will use an increasingly popular continuous integration and continuous delivery tool Codefresh.

What is Codefresh?

We often hear about so many different tools that employers use from Jenkins to Ansible to Puppet and Chef it can be overwhelming to try and learn them all. Codefresh is a Continuous Integration/Delivery solution. It fetches code from your GIT repository and packages/compiles it. Then it deploys the final artifact to a target environment. This basic concept is implemented with pipelines.

Before we get logged into Codefresh and implement the…

What is a VPC Endpoint?

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

Endpoints are virtual devices. They are horizontally scaled, redundant, and highly available VPC components. …

What is Docker?

Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly without the concern of what type of operating system the host and end-user may use. With Docker, you can manage your infrastructure in the same ways you manage your applications.

Please visit the official docker page here to download docker to your local machine:

What is NGINX?

Let’s start off by determining what in the world is a DMZ or a Demilitarized Zone:

In computer security, a DMZ network (sometimes referred to as a “demilitarized zone”) functions as a subnetwork containing an organization’s exposed, outward-facing services. It acts as the exposed point to an untrusted network, commonly the Internet.

The goal of a DMZ is to add an extra layer of security to an organization’s local area network. …

  • AWS Account Required
  • May be outside of the free tier

Log-in to your AWS Account:

-Preferably with admin permissions to make it easy to provision (not a best practice)

- create a key pair named tf-demo (or whichever name you have in your Terraform config file)


DevOps Engineer at ThreatConnect Inc. — AWS Certified DevOps Professional/Security Specialty/SAA, Gitlab Certified, Terraform Associate.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store