Featured
Keeping up with AWS these days is like drinking from a firehose and while a lot of their newer products are designed to make existing products more accessible, every once in a while you get something that helps solve a nagging issue, or opens up a whole new world of possibilities on one of their core services.
One strategy for data encryption is called Envelope Encryption which can be used to encrypt data in transit or at rest. The envelope encryption service used in AwAws was built around AWS Key Management Service (KMS) which is a dedicated Hardware Security Module (HSM) to secure and encrypt data at rest and by leveraging the AWS Encryption SDK (available for python) following their best practices.
I had this idea that I could build an event driven, service based architecture across multiple AWS accounts and it was my friend’s job to try to talk me out of it. The idea was to break up all of the services I would need to build so that they could run independently from its own AWS account and then providing an AWS account for each client that would provide access to all of the services they subscribe to as well as be the location for all of their data.
Here’s an interesting challenge. You have a personal laptop that you want to use to access both your personal GitHub account as well as your work GitHub account. Or maybe you have a number of clients and you need GitHub access to all of them from a single system.