Open in app

Sign In

Write

Sign In

Ben Kehoe
Ben Kehoe

1.95K Followers

Home

About

Mar 14

The Meaning(lessness) of Serverless

People have been arguing about the meaning of serverless since the term came into vogue nearly a decade ago, and it seems to be quite active recently as well. Today, “serverless” as a term is close to meaningless. I won’t name names here, but we’ve all seen services get called…

Cloud

3 min read

Cloud

3 min read


Jan 2

The “End of Programming” will look a lot like programming

Communications of the ACM has a new article titled “The End of Programming” by Matt Welsh. It posits that traditional programs “will be replaced by AI systems that are trained rather than programmed” (emphasis in the original). Welsh is “the CEO and co-founder of Fixie.ai, …

Artificial Intelligence

4 min read

Artificial Intelligence

4 min read


Oct 29, 2021

AWS IAM Permissions Boundaries Are Incomplete Without Propagation

Permissions boundaries are great in concept: an administrator can place restrictions on what IAM principals can possibly do, while letting developers determine the actual least privilege policy that principals should have — and this includes the principal for the developers themselves. …

AWS

4 min read

AWS

4 min read


Oct 22, 2021

Cross-account role trust policies should trust AWS accounts, not roles, part 2

I’ve gotten some responses to my article where I argue that cross-account role trust policies should trust accounts, not principals within the accounts. A lot of them took the form of “it provides an extra layer of defense” along with “it can’t hurt”. …

AWS

5 min read

Cross-account role trust policies should trust AWS accounts, not roles, part 2
Cross-account role trust policies should trust AWS accounts, not roles, part 2
AWS

5 min read


Oct 13, 2021

Cross-account role trust policies should trust AWS accounts, not roles

In my article on IAM principals, I mentioned that when creating a cross-account role trust policy, it’s generally better to trust the entire account, rather than a particular principal within that account. I got some questions on why, so here are the details! Note: there’s a follow-up to this article…

AWS

5 min read

Cross-account role trust policies should trust AWS accounts, not roles
Cross-account role trust policies should trust AWS accounts, not roles
AWS

5 min read


Oct 6, 2021

Never put AWS temporary credentials in the credentials file (or env vars)—there’s a better way

We need to talk about how AWS credential configuration works. Many people have more than one IAM principal that they use on a regular basis, most likely because of multiple accounts, though they may also have multiple principals available to them within a given account. The ways I see a…

AWS

13 min read

AWS

13 min read


Sep 29, 2021

AWS IAM Permission Boundaries Has A Caveat That May Surprise You

AWS IAM Permission Boundaries Has A Caveat That May Surprise You Note: this article was originally published on September 1, 2021. It erroneously stated that the resource policy could reference the role, rather than the assumed role session. I removed it pending an update. The confusion, complexity, and poor documentation led me to publish I Trust AWS IAM to Secure My…

AWS

5 min read

AWS IAM Permission Boundaries Has A Caveat That May Surprise You
AWS IAM Permission Boundaries Has A Caveat That May Surprise You
AWS

5 min read


Sep 22, 2021

I Trust AWS IAM to Secure My Applications. I Don’t Trust the IAM Docs to Tell Me How.

AWS IAM operates at an immense scale, more than 400 million operations per second, and the stakes are frankly terrifying; a substantial portion of the internet runs on AWS, and access to those resources is regulated by IAM. I’m therefore glad that the people who design and run IAM are…

AWS

5 min read

AWS

5 min read


Sep 8, 2021

AWS Authentication: Principals in AWS IAM

Note: this article uses the boto3, the AWS Python SDK, as an example, but other SDKs have analogous features. I’ve found that newcomers to AWS can sometimes get confused by what it means to have AWS credentials, and that people have notions of “logging into AWS” that don’t really correspond…

Cloud Computing

5 min read

Cloud Computing

5 min read


Aug 25, 2021

Python multi-line string literals with textwrap.dedent()

You’re writing some Python, and you need to write out a string containing newlines. You’ve got two options: a regular string with \n in it, or a multi-line string literal using three double quotes (are those sextuple quotes?), which looks like this: my_string = """This is a multi-line string""" assert…

Python

2 min read

Python

2 min read

Ben Kehoe

Ben Kehoe

1.95K Followers

AWS Serverless Hero

Following
  • Cory Doctorow

    Cory Doctorow

  • Better Allies®

    Better Allies®

  • Adrian Hornsby

    Adrian Hornsby

  • Jeff Hollan

    Jeff Hollan

  • Jess Trochet

    Jess Trochet

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech