SW BBANG

When SQL injection and cross-site scripting attacks reach your Application Load Balancer, they hit your application tier directly — WAF is the layer that intercepts and blocks them before a single malicious byte reaches your backend. This post walks through attaching an AWS WAF WebACL to an ALB using AWS Managed Rule Groups, covering the architecture, CLI setup, and the operational details that documentation glosses over. TL;DR: AWS WAF on ALB — Key Facts Aspect Detail WAF scope for ALB REGIONAL (not CLOUDFRONT) Attachment model WebACL associated to ALB ARN SQL injection protection AWSManagedRulesSQLiRuleSet XSS protection AWSManagedRulesCommonRuleSet (contains XSS rules) Default action ALLOW (explicit BLOCK rules override) Rule evaluation order Priority integer — lower number evaluated first Logging destination CloudWatch Logs, S3, or Kinesis Data Firehose How AWS WAF Works with an A...

If you're building a production application that needs to send transactional emails from a custom domain like myapp@mycompany.com , Amazon SES (Simple Email Service) is the AWS-native path — but the domain verification and DNS setup trips up most engineers the first time. This guide walks through exactly which DNS records SES requires, why each one exists, and how to confirm everything is wired correctly from the CLI. TL;DR: Amazon SES Domain Verification Summary DNS Record Type Purpose Required? 3× CNAME (Easy DKIM) Domain ownership verification + DKIM signing Yes — mandatory TXT (SPF) Authorize SES to send on your domain's behalf Strongly recommended CNAME (DMARC) Policy enforcement + deliverability reporting Strongly recommended MX (custom MAIL FROM) Bounce handling via custom subdomain Optional but best practice When you enable Easy DKIM, SES generates three CNAME records. Publishing thos...

When a Lambda function starts throwing errors in production, every minute of ambiguity is expensive. CloudWatch Logs Insights lets you run structured queries across all log streams in a log group simultaneously — no manual stream-by-stream hunting, no grep over downloaded files. TL;DR: CloudWatch Logs Insights for Lambda Error Logs Goal Approach Find all ERROR lines fast Query with filter @message like /ERROR/ Scope to a time window Set absolute or relative time range in the console or CLI Identify the most frequent errors Use stats count(*) by @message to aggregate Correlate to a specific invocation Filter on @requestId field Automate from CI/CD or runbook Use aws logs start-query + get-query-results CLI How CloudWatch Logs Insights Works with Lambda Lambda automatically publishes invocation logs to a CloudWatch log group named /aws/lambda/<function-name> . Each concurrent execution...

If you've built a Node.js app and want it running in production without first mastering EC2 instance types, VPC subnets, and load balancer listeners, AWS Elastic Beanstalk is the deployment surface you're looking for. It provisions and manages the underlying infrastructure automatically, letting you focus on shipping code. TL;DR: What Elastic Beanstalk Does for Your Node.js App Concern You Handle Elastic Beanstalk Handles Application code ✅ Write and package it — EC2 provisioning — ✅ Selects and launches instances Load balancer setup — ✅ Creates and configures ALB/CLB Auto Scaling group — ✅ Manages scaling policies OS patching — ✅ Managed platform updates Health monitoring — ✅ Built-in health dashboard Deployment strategy Optional override ✅ Rolling, immutable, blue/green How Elastic Beanstalk Works Under the Hood Elastic Beanstalk is an orchestration layer, not a new compute...

Privacy Policy for SW BBANG Last Updated: May 22, 2026 Welcome to SW BBANG ("https://www.webuildup.live/"). We are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy outlines how we collect, use, and protect your data when you visit our website. 1. Information We Collect A. Automatically Collected Information When you visit SW BBANG, we may automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the site, we collect information about the individual web pages or posts that you view, what websites or search terms referred you to the site, and information about how you interact with the site. B. Google Analytics We use Google Analytics to help us understand how our customers use the Site. Google Analytics collects inf...

Contact dreamatthehome@gmail.com

About Blog Topic Introduction This blog covers in-depth information and practical know-how on cloud technologies overall, including AWS (Amazon Web Services) cloud architecture, infrastructure management, cloud security, and cost optimization. It provides useful guides and tutorials suitable for everyone from beginners to experts. Who Runs the Blog It is operated by "Cloud Worker," an active cloud engineer with a passion for cloud technology. Why This Blog Was Created I started this blog to document various troubleshooting experiences and architecture design know-how gained in the field, and to provide practical help to those who want to learn cloud technologies. It also serves as a personal record to continuously learn and keep up with new AWS services and rapidly changing trends.

In nearly every AWS architecture diagram, you'll see resources split across "public" and "private" subnets — but AWS does not label subnets with these terms natively. The distinction is entirely determined by routing configuration, and misunderstanding it is one of the most common causes of accidental internet exposure of databases and internal services. TL;DR Attribute Public Subnet Private Subnet Route to Internet Via Internet Gateway (IGW) No direct route to IGW Outbound internet access Direct via IGW Optional, via NAT Gateway in a public subnet Inbound from internet Possible (if Security Group allows) Not possible directly Public IP assignment Typically auto-assigned or Elastic IP Private IP only (no public IP needed) Typical workloads ...