Sign in

5 May 2021

by Thomas

Photo by CDC on Unsplash

Modern web applications need to scale well, both from a code and infrastructure perspective. While I believe that Lambda functions are a great platform to build off of for scalability, Fargate is also a valid option. With most developers being familiar with containers, Fargate gives us a great jumping-off point to run those containers in the cloud without getting in the way of how developers want to write applications. I’m bringing this up to mention that I understand the draw of developing with containers over developing for a Lambda function which is not as easy…


3 May 2021

by Thomas

NOTE: If you want my list of commands and keystrokes, scroll down to the bottom. If you want to know more about my motivation behind switching to vim and compiling this list, read on.

I like VS Code. I have nothing against it and I still use it from time to time. My VS Code setup used to have a color scheme, keybindings, linters, different syntax highlighting, and the like. Most people probably end up with something similar after using it for a while. Then one day my computer decided it didn’t want to start…


28 April 2021

by Thomas

A while back I wanted to create a CloudFormation template for a DynamoDB table because that seemed like a missing piece in my serverless stack. It seems like everywhere I turn someone new is extolling the beauty and efficiency that is DynamoDB. I’ll add some more commentary below, but without further ado, here is a quick and easy example for a DynamoDB table.

AWSTemplateFormatVersion: 2010-09-09 Description: Basic template for DDB Table Resources: Table: Type: AWS::DynamoDB::Table Properties: AttributeDefinitions: - AttributeName: id AttributeType: S BillingMode: PAY_PER_REQUEST KeySchema: - AttributeName: id KeyType: HASH Outputs: TableName: Description: The created…

26 April 2021

by Thomas

I stumbled across something interesting the other day that I dove into and wanted to share. There exists a vulnerability called ReDos (Regular expression Denial of Service) which results from a poorly written regular expression taking a long time to complete matching. If an attacker can determine that a regex has been written with this type of vulnerability, they can exploit the long running times to block processes. Since regexes are used for loads of different web services nowadays, I think it is important to understand the time complexities behind regex algorithms and the unintended…


20 April 2021

by Thomas

I had a need for an IAM User not too long ago and wanted to create a CloudFormation template instead of going through the console. I do not create IAM entities too often, so I figured that this would be a good time to cement my knowledge into a template. I wanted the user to have CLI access for some automation, which meant that I needed to also create an access key. While I was looking through the documentation for access keys I noticed an interesting field: Serial.

Serial is a field specific to CloudFormation…


15 April 2021

by Thomas

The other day I spun up an RDS cluster in a VPC and wanted to connect to it to make sure everything looked correctly configured. However, since I put the cluster in a private subnet and only allowed connections from the VPC, I was not able to connect from my desktop. The solution I decided to go for was spinning up a small EC2 instance, SSHing into the EC2 instance, and connecting to my database through the CLI. Unfortunately, the default AMI does not come with the mysql CLI installed. …


12 April 2021

by Thomas

The other day I had a situation in which I needed to restrict permissions on a given IAM user. That IAM user had temporarily been given fairly open permissions but I had the intention of coming back around and tightening those up. I could have very easily gone through the services that I knew it used and added a wildcard for the service similar to s3:*, but I wanted to be a little slicker with my solution.

CloudTrail came to mind since I knew that I would be able to see API calls the user…


5 April 2021

by Thomas

Photo by Pankaj Patel on Unsplash

File IO seems to be a topic that I normally end up Googling to find the right answer to. This last time I came across a convenient way to perform I told myself that I would instead contribute to this topic instead of only consume it. I recently needed to read and write JSON files and this is what I ended up coding and liking. Since it was one of the cleaner ways to handle this operation, I wanted to keep track of it. …


Arguments have two sides and there is always an argument going on about the stock market. Stock prices are not stagnant and people constantly bet (or at least contemplate) on whether or not prices will rise or fall. Anyone who has ever looked at financial news has most likely read about the bulls and the bears. Bulls bet that prices will rise, while bears bet that prices will fall. Those bets can be over short or long periods but the sentiment remains. As in many facets of life, some choose to agree and act wholeheartedly with one side. …


22 March 2021

by Thomas

A while ago I wanted to add functionality to a React page to do something when a user pressed enter on a Material UI TextField, and the solution I found involves capturing events. Of course, the events can be applied to other elements as well, but for my sake, I'll use a TextField in the code snippets. I already had a Button set up to take action, but I wanted the same behavior when the enter key was pressed, which is fairly common web app behavior.

<Button variant="contained" onClick={(e) => doSomething(e)} > This button does…

Thomas Step

I am a interested in software development and personal finance, and I write about my thoughts and experiences on those subjects.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store