⚠️ A major risk when using customer-managed KMS keys is that someone deletes the key, and thus, all data is encrypted with the key. How to mitigate the risk?
1️⃣ AWS does not allow to delete keys immediately but enforces a waiting period of 7 to 30 days.
2️⃣ Customers use key policies, IAM policies, or SCPs to restrict access to the kms:ScheduleKeyDeletion action.
But there is another risk of losing access to a key: modifying the key policy. (1/2)
Change is constant. Compose events to make a service.
Need diverse engineering skills, as things like observability and queue dynamics as important business logic
Serverless first is not serverless-must - end to end cost efficient and effective enough at that cost
See your vendor lockin as instead a partnership with them providing training etc
Every stack should have a dashboard, for trends, not just alerts for now
HashiCorp adopting the Business Source License 1.1 is a nightmare. Building products based on Terraform is no longer a safe bet as the license says:
„You may make production use of the Licensed Work, provided such use does not include offering the Licensed Work to third parties on a hosted or embedded basis which is competitive with HashiCorp's products.“
But what if HashiCorp enters a new market tomorrow and you are now competing with their offering? 🤯
Pro tip: replace your AWS support subscription with a ChatGPT subscription. You will get wrong answers from both, but ChatGPT is a lot faster and cheaper. 🙈