Stephen Jones

Understanding LLM Prompt Injection: The Security Risk You Can't Ignore

If you’ve been building with LLMs lately, you’re probably as excited as I am about the possibilities! But let me tell you about something that’s been keeping security folks up at night… prompt injection vulnerabilities.

I Used Amazon Q CLI to Build a Feature for Amazon Q CLI (And It Was Mind-Bending)

Ever wondered what it’s like to use an AI tool to improve itself? I just spent 2 hours using Amazon Q CLI to build a new feature for Amazon Q CLI, and the experience was genuinely mind-bending.

Multi-Agent Orchestration with Claude Code: When AI Teams Beat Solo Acts

Working with a single AI assistant on complex projects is like having one engineer handle an entire software delivery pipeline. Possible? Sure. Optimal? Not even close.

AWS Lands in New Zealand: What the ap-southeast-6 Region Means for Kiwi Cloud Builders

Summary AWS just flipped the switch on their newest region: Asia Pacific (New Zealand) - ap-southeast-6. After years of routing traffic through Sydney, Kiwi organizations finally have a local AWS presence. This isn’t just about national pride — it’s about single-digit millisecond latency, data sovereignty, and unlocking cloud-native architectures that were previously cost-prohibitive.

AWS VPC Route Server: The Game-Changer for Dynamic Routing You've Been Waiting For

Summary AWS just dropped a networking feature that’s going to change how we think about VPC routing forever. VPC Route Server brings dynamic routing capabilities directly into your VPC, automatically handling failover scenarios that used to require complex scripting or third-party solutions. If you’ve ever wrestled with static routes and manual failover for network appliances, this one’s for you.

Building AI-Powered Life Management Systems: The AWS Infrastructure Approach

Daniel Miessler just dropped a fascinating deep-dive into building what he calls a “Personal AI Infrastructure” (PAI) - essentially an AI-powered life management system that handles everything from content creation to security assessments. While his approach uses Claude Code and local tooling, it got me thinking about how we could architect something similar using AWS services.

Building Your Personal AI Infrastructure: Beyond Tools to Systems

Daniel Miessler just published something that made me stop and think: “What are we actually building with all these AI tools?” It’s a question that cuts through the hype and gets to the heart of what matters.

The Bedrock AgentCore Toolkit: A New "Easy Button" for AI Agents

Let’s be honest. The most exciting part of building an AI agent is the agent itself—the logic, the prompts, the creative problem-solving. The least exciting part? The ceremony. The boilerplate. The tedious dance of wrapping our code in an API, writing a Dockerfile, managing ECR repositories, and wrestling with deployment scripts to get our creation into the cloud.

🕹️ AWS-Powered Tetris: Building a Retro Game with Amazon Q and Amplify

There’s something magical about the games we grew up with. The simple mechanics, the blocky graphics, and the maddeningly catchy music are etched into our collective memory. So when AWS announced the Build Games Challenge, a global event to recreate these classics using modern AI tools, I knew I had to jump in.

Cost-Effective Workflow Automation: Deploying n8n on Amazon Lightsail

Recently I’ve been trying out n8n as a workflow automation tool and I’m really enjoying the flexibility it offers. Of course, being an AWS Community Builder I would naturally run this on AWS Fargate as the n8n software is available as a container, however to keep the costs down I ended up running it on Amazon Lightsail.

Unlocking Cloud Savings: Your Guide to fsx and s3 Intelligent-Tiering with Python Magic! 🚀

Hey there, tech enthusiasts! Ever stared at your AWS bill and wondered, “Where did that come from?” Yeah, me too. Especially when diving deep into services like fsx for NetApp ONTAP and considering the magic of s3 Intelligent-Tiering to keep those storage costs in check.

Streamline Your Cloud Compliance: Mastering Time-Based AMI Copies with AWS

Hey there, Tech Friends! 👋 Let’s talk about something that might not sound super exciting at first glance, but trust me, if you’re wrestling with cloud infrastructure, especially in regulated industries, this is pure gold. We’re diving deep into the newly announced Time-based Copy for Amazon Machine Images (AMIs).

Streamline Vault Operations: A Guide to Mastering Auto Unseal

Unsealing Vault after a server restart is one of those tasks that, while essential, can quickly become cumbersome—especially when you’re managing multiple Vault nodes or clusters. Enter Auto Unseal, a lifesaver in production environments, as it automates the process of securely unsealing Vault without requiring manual intervention.

Unleash the Power of EBSight for Optimal AWS Storage Management 🚀

Hey there, tech aficionados! 👋 Recently, AWS dropped a neat minor update – they started showing the full size of your EBS snapshots. Game changer! This isn’t just the incremental stuff; it’s the data footprint.

Mastering AWS Security: Why You Should Avoid Using the Root User for Everyday Tasks

Hey there, tech enthusiasts! Ever felt that little thrill of power when you get root access on a system? It’s like holding the keys to the kingdom, right?

A Reminder of the Power of AWS Config

Today, I was reminded of the rich content stored in AWS Config and how easily it can reveal so much about an AWS Organisation across one or many accounts.

Streamline Your Azure DevOps Pipelines: Harnessing Variables and makefile Magic

👋 Hey there! I’ve been exploring Azure DevOps recently, and while the user interface is quite user-friendly, navigating through numerous clicks to complete tasks can be cumbersome. One particularly tedious task is setting up a new pipeline using an existing YAML definition with variables.

Secure Your Secrets: Best Practices for Hardening HashiCorp Vault in Production

So, you’ve got Vault up and running, and you’re feeling pretty good about storing and managing secrets. But here’s the thing—running Vault in production is a whole different game. It’s not just about turning it on; it’s about hardening it to ensure that your Vault instance is secure, reliable, and resilient against attacks.

HashiCorp Vault: The Key to Secrets Management 🔐

I’ve embarked on my latest deep-dive into the HashiCorp ecosystem, and let me tell you there’s a lot to unpack! My focus right now? Vault. It’s one of those tools that, once you understand its capabilities, you can’t help but wonder how you ever managed without it.

Ensuring Seamless Connectivity - The Crucial Role of Failover testing in AWS Direct Connect

👋 Hey there! Setting up the Direct Connect service is reserved for a select few. Typically, the network dudes handle this intricate task. However, understanding this service is crucial, especially when establishing hybrid cloud connectivity.

github Self-Hosted Runners on AWS CodeBuild

👋 Hey there! I’ve written before about establishing Self-Hosted Runners within github.com here. However, this involves deploying API endpoints and integrating with github via a WebHook. It’s not hard to establish, but it’s extra work to look after, update, and manage.

Creating shared github-actions

Table of contents Workflow Before Workflow After The Workflow Creating a shared (reusable) workflow Workflow Repository Adapt the workflow for reuse Calling the shared workflow Summary 👋 Hey there!

Do Not Default to PAT

👋 Hey there! Scenario: You need to automate something in github, and after a couple of searches in Google, you see that you can create a PAT and use that.

Searching github Organisations

👋 Hey there! As a DevOps 🧑‍💻 team grows, so does the number of repositories. If you use Infrastructure As Code and automation tools like Terraform or Ansible, you will likely have many repos that map to reusable modules. The modules are then combined to deliver full deployments. 🚀

AWS Windows SSM Port Forwarding, too easy

👋 Hey there! Recently, I had to configure some Windows boxes for a project and was reminded of how simple it was to access them without needing a Bastion host by using SSM port forwarding. 🙌

Supercharge Your AWS CloudWatch Metrics with Lambda Powertools

In this post, I’ll show you how easy it is to publish custom metrics into AWS CloudWatch using AWS Lambda Powertools and the Cloudwatch EMU Specification

How to sync containers from github Container Registry to AWS ECS

Back in June last year I wrote about syncing containers from DockerHub to AWS ECS.

github-actions in CodeBuild

This month AWS released support for github-actions in CodeBuild. https://aws.amazon.com/about-aws/whats-new/2023/07/aws-codebuild-github-actions

Getting Started with Steampipe on Azure

It’s been a while since I gave Steampipe a run, and wow, has it had some excellent updates!

Route 53 Resolver Magic

This post covers some core concepts of Route 53 Resolvers and how they can help establish inbound and outbound name resoltion with your on-premise and AWS resources.

Unlock the Hidden Power of VPC Sharing in AWS

As rightly stated here by Aidan Steele (AWS Hero), VPC Sharing appears to be the forgotten superpower.

AWS Config Rules Blessed with Cloudformation cfn-guard Support!

They said it was coming, and here it is! Support for defining custom cfn-guard rules for AWS Config via Cloudformation.

AWS GP3 Volumes

AWS GP3 Volumes AWS made the following announcement at Reinvent2020

AWS Managed Prefix Lists

AWS Managed Prefix Lists Some time ago AWS released a new feature called Customer Managed Prefix Lists.

Bootstrap Terraform on AWS

The Challenge Terraform is a great product for managing infrastructure on AWS however many people start by creating an iam user and sharing access keys into configuration files. This is really bad from a security aspect as these often get checked into version control and even worse in a public repo.

Build a Terraform Community Org on github Enterprise

Infrastructure As Code Infrastructure as Code (IAC) is great, people can knock up some Terraform and smash out some stacks in next to no time, delivering value to the business, however there is a side effect to this. Regular IT guys and gals are now evolving from sysadmins into… wait for it…. developers, with the power of Domain Admin or root credentials!

Cloudformation FirewallPolicy UPDATE_FAILED

While I have a fond love for Cloudformation, sometimes I find myself banging my head against a wall when trying to get past an error.

Config Conundrum

AWS Config At our organisation we use custom config rules to help us achieve near real-time compliance and remediation.

Fix github-actions 'Resource not accessible by integration' Error: Complete Guide

If you’re working with github-actions and encountering the “Resource not accessible by integration” error, you’re dealing with one of the most common github-actions permission issues. This error typically appears when your workflow lacks the necessary permissions to perform operations like creating pull requests, updating issues, or accessing repository resources.

Getting started with cfn-guard

Update Link to official AWS blog post here A fair few policy-as-code tools are popping up these days. This post looks at getting started with cfn-guard to parse AWS Config Resource JSON outputs.

Github Runner ECS Authentication

Using this fantastic open-source project, we have enabled github-actions using ephemeral self-managed runners on AWS SPOT.

github-actions - How did I not see that

This post is about a mistake I made that wasted a fair bit of time on my side until the folks over in Support set me straight :)

github-actions AWS Authentication with OIDC for github Enterprise

There are many blog posts about how to use github-actions OIDC with AWS; however, they all refer to using Github.com and don’t provide some easy steps if you are running your own github Enterprise instance.

HashiCorp packer amazon-linux cracklib gotcha

While setting up packer for the first time in ages I found a little cracklib quirk when using amazon linux while following the instructions from the website.

How to simplify your CI/CD with Makefiles

Definition Make is a build automation tool that automatically builds executable programs and libraries from source code by reading files called Makefiles which specify how to derive the target program.

How to sync containers to AWS ECS the easy way

Back in November 2021 AWS announced that you can cache containers from DockerHub through to ECS.

How to use cfn-guard with AWS Config

I’m not sure when but AWS Config now supports using Guard rules to determine the compliance of resources. This is a pretty neat integration and one of the first I’ve seen from AWS on a side Open Source Project they have created.

Prowler on AWS

Prowler is an awesome open source tool for auditing AWS settings within an account or many accounts across an organisation.

Security Hub now supports Custom AWS Config Rules

AWS recently announced an integration that I’m a little excited about!

Terraform, github-actions & OIDC on AWS

I’ve posted here how to configure the OIDC AWS Provider & github Enterprise integration; however, nothing is better than an example of it working, and this post covers just that!

Up and running with AWS Network Firewall - Part 1

This post is the first in a series to share my learnings as I get to grips with AWS Network Firewall.

Up and running with AWS Network Firewall - Part 2

The second post in my series as I share my learnings with AWS Network Firewall.

Up and running with AWS Network Firewall - Part 3

The third post in my series as I share my learnings with AWS Network Firewall.

Using Semgrep to keep track of your communities style

Semgrep is a fantastic tool, as the website rightly states!

When Enterprise IT systems migrate to AWS

So we’ve all seen the marketing slides…. Company x saved 40% in infrastructure costs Company y collapsed their monolith into 40 Lambdas But what happens when an on-prem system that has hummed its tune in the local Data Centre for years and the vendor has never even thought of a cloud migration or even contemplated what capabilities exist in Public Cloud?

When Forking is not an option for your public git repos