Blog
Thoughts on engineering, design, and building great products.
Foundation: IAM Service Roles and the S3 Artifact Bucket
Before building the pipeline you need two foundations: IAM service roles that let AWS services act on your behalf, and an S3 bucket to hold artifacts. This article dissects how service roles and trust policies work — why a service assumes a role for temporary credentials instead of storing keys — then creates the role for CodeBuild and the artifact bucket (versioning enabled) with the AWS CLI.
Remote State on S3 With use_lockfile
State sitting on your personal machine can't be shared, isn't safe, and two people running at once will overwrite each other. This article moves state to S3: bootstrap a bucket with versioning and encryption, configure the backend, and enable state locking with use_lockfile — the current approach replacing the deprecated DynamoDB. With a real lock-conflict demo.
Provider, Your First Resource, and the init plan apply destroy Lifecycle
Stand up your first real AWS resource: declare a provider and pin its version, create an S3 bucket, then walk the full init → plan → apply → destroy cycle. What each command does inside, why plan writes 'known after apply', what state stores, and why a second apply creates nothing new.
S3: Store Files and Host a Static Website
Create an S3 bucket, upload files, and host a static website on the Internet without any server running continuously. Understand buckets, objects, and managing access.