David Killmon
@kohidave.bsky.social
I toot about bikes and Seattle. I don’t talk about work here 🖖
Happy Sound Transit Systems Day to all who celebrate!
November 14, 2025 at 6:34 PM
Happy Sound Transit Systems Day to all who celebrate!
I love these people.
November 6, 2025 at 5:00 AM
I love these people.
Excellent advice. Thank u!
February 2, 2025 at 12:20 AM
Excellent advice. Thank u!
Now that my Hooks is configured to fail, any Change Set, Stack action, or resource update will fail.
Let's create a new "sus" stack.
When the stack is being created, before any resource actions happen, the Lambda Hook is run, fails, and blocks the rest of the operations.
Let's create a new "sus" stack.
When the stack is being created, before any resource actions happen, the Lambda Hook is run, fails, and blocks the rest of the operations.
November 20, 2024 at 7:18 PM
Now that my Hooks is configured to fail, any Change Set, Stack action, or resource update will fail.
Let's create a new "sus" stack.
When the stack is being created, before any resource actions happen, the Lambda Hook is run, fails, and blocks the rest of the operations.
Let's create a new "sus" stack.
When the stack is being created, before any resource actions happen, the Lambda Hook is run, fails, and blocks the rest of the operations.
Now, let's get serious. Our fun Hook is a little too permissive - let's turn it into enforcement mode.
I'll turn the Hook mode to "FAIL" and I'll update my Lambda function to always fail. In reality, you'd add your own evaluation logic, but for fun, we'll fail everything.
I'll turn the Hook mode to "FAIL" and I'll update my Lambda function to always fail. In reality, you'd add your own evaluation logic, but for fun, we'll fail everything.
November 20, 2024 at 7:18 PM
Now, let's get serious. Our fun Hook is a little too permissive - let's turn it into enforcement mode.
I'll turn the Hook mode to "FAIL" and I'll update my Lambda function to always fail. In reality, you'd add your own evaluation logic, but for fun, we'll fail everything.
I'll turn the Hook mode to "FAIL" and I'll update my Lambda function to always fail. In reality, you'd add your own evaluation logic, but for fun, we'll fail everything.
What's cool with the Lambda Hook, is that it calls a Lambda that's entirely yours. You can version it, use aliases, view logs, etc.
Pictured below is the my Hook's Lambda Function's logs:
Pictured below is the my Hook's Lambda Function's logs:
November 20, 2024 at 7:18 PM
What's cool with the Lambda Hook, is that it calls a Lambda that's entirely yours. You can version it, use aliases, view logs, etc.
Pictured below is the my Hook's Lambda Function's logs:
Pictured below is the my Hook's Lambda Function's logs:
I love ChangeSets because they let me evaluate what's going to happen if I update my CFN stack. Now, Hooks can automatically evaluate ChangeSets for you.
I created a ChangeSet and my Lambda Hook evaluated it & found it to be ✅. Had it failed, the Change Set would be blocked.
I created a ChangeSet and my Lambda Hook evaluated it & found it to be ✅. Had it failed, the Change Set would be blocked.
November 20, 2024 at 7:18 PM
I love ChangeSets because they let me evaluate what's going to happen if I update my CFN stack. Now, Hooks can automatically evaluate ChangeSets for you.
I created a ChangeSet and my Lambda Hook evaluated it & found it to be ✅. Had it failed, the Change Set would be blocked.
I created a ChangeSet and my Lambda Hook evaluated it & found it to be ✅. Had it failed, the Change Set would be blocked.
Now, whenever a Change Set is created, a stack is updated, or a Cloud Control API resource is mutated, my Lambda function will be called to evaluate if the change is compliant.
I've configured my Hook to only WARN if it fails, but you can also hard block the operation.
I've configured my Hook to only WARN if it fails, but you can also hard block the operation.
November 20, 2024 at 7:18 PM
Now, whenever a Change Set is created, a stack is updated, or a Cloud Control API resource is mutated, my Lambda function will be called to evaluate if the change is compliant.
I've configured my Hook to only WARN if it fails, but you can also hard block the operation.
I've configured my Hook to only WARN if it fails, but you can also hard block the operation.
Let's set up a new Lambda Hook! I'll point this Hook to a Lambda function in my account.
Traditionally, Hooks could only target CFN Resource operations but starting today, Hooks can also target:
1. Change Set operations
2. Stack Operations
3. Cloud Control API operations
Traditionally, Hooks could only target CFN Resource operations but starting today, Hooks can also target:
1. Change Set operations
2. Stack Operations
3. Cloud Control API operations
November 20, 2024 at 7:18 PM
Let's set up a new Lambda Hook! I'll point this Hook to a Lambda function in my account.
Traditionally, Hooks could only target CFN Resource operations but starting today, Hooks can also target:
1. Change Set operations
2. Stack Operations
3. Cloud Control API operations
Traditionally, Hooks could only target CFN Resource operations but starting today, Hooks can also target:
1. Change Set operations
2. Stack Operations
3. Cloud Control API operations
This launch has a ton of new features, but the theme is making it EASIER to author hooks, and increasing the things Hooks can evaluate.
To make authoring easier, we're have two new managed hooks, one which can run CFN Guard, and one which simply invokes a Lambda function
To make authoring easier, we're have two new managed hooks, one which can run CFN Guard, and one which simply invokes a Lambda function
November 20, 2024 at 7:18 PM
This launch has a ton of new features, but the theme is making it EASIER to author hooks, and increasing the things Hooks can evaluate.
To make authoring easier, we're have two new managed hooks, one which can run CFN Guard, and one which simply invokes a Lambda function
To make authoring easier, we're have two new managed hooks, one which can run CFN Guard, and one which simply invokes a Lambda function
So first, what are Hooks? A Hook is just code that you can write to evaluate an Infrastructure as Code operation and block the operation if it's not chill.
This is super useful for making sure that your IaC is configured correctly. No public S3 buckets, no * policies, etc.
This is super useful for making sure that your IaC is configured correctly. No public S3 buckets, no * policies, etc.
November 20, 2024 at 7:18 PM
So first, what are Hooks? A Hook is just code that you can write to evaluate an Infrastructure as Code operation and block the operation if it's not chill.
This is super useful for making sure that your IaC is configured correctly. No public S3 buckets, no * policies, etc.
This is super useful for making sure that your IaC is configured correctly. No public S3 buckets, no * policies, etc.
When I rode it in 2016 it was VERY quiet. I think we passed through a neighborhood then basically we didn’t see a car until Cumberland.
(This is the cute 1 lane bridge)
(This is the cute 1 lane bridge)
August 27, 2024 at 3:54 AM
When I rode it in 2016 it was VERY quiet. I think we passed through a neighborhood then basically we didn’t see a car until Cumberland.
(This is the cute 1 lane bridge)
(This is the cute 1 lane bridge)
Me really struggling to navigate the 10,000 detours and bike to the east side today.
August 17, 2024 at 3:58 PM
Me really struggling to navigate the 10,000 detours and bike to the east side today.
Guess who gets to ride inside the bus today!
August 17, 2024 at 3:54 PM
Guess who gets to ride inside the bus today!