DEV Community: Gbemisola Esho

Build and Deploy to Google Cloud with Antigravity: The Era of Agent-First Development

Gbemisola Esho — Fri, 24 Apr 2026 15:26:04 +0000

The landscape of software development is undergoing a seismic shift from simple chat interfaces to autonomous agents capable of planning, executing, and refining complex workflows. Leading this charge is Google Antigravity, an agentic development platform that evolves the traditional IDE into a mission control center for an agent-first era.

Unlike standard coding assistants that merely autocomplete lines, Antigravity functions as an autonomous actor that can design, build, and deploy entire systems with minimal human intervention.

The Mission: An Event-Driven Document Pipeline

To see Antigravity in action, we can look at the creation of a serverless, event-driven document processing pipeline on Google Cloud. The architecture involves:

Ingestion: Files uploaded to a Google Cloud Storage (GCS) bucket.
Trigger: Uploads firing a Pub/Sub message.
Processor: A Cloud Run service (Python/Flask) that extracts metadata and processes files using Gemini on Vertex AI.
Storage: Streaming the results (tags, word counts, filenames) into BigQuery.

Development in Antigravity doesn't start with code; it starts with a Mission. In the Agent Manager, developers use the Playground to provide high-level prompts. Antigravity excels at planning complex systems before a single line is written.

A critical feature is the Review Policy. By setting artifacts to "Asks for Review," you ensure the agent presents its logic for approval before execution, fostering trust and maintaining human-in-the-loop control.

Phase 2: Autonomous Code & Infrastructure Generation

Once the plan is approved, Antigravity generates all necessary artifacts:
Infrastructure as Code: A setup.sh script to enable APIs (Cloud Run, Pub/Sub, BigQuery) and provision resources.
Application Code: A Python-based main.py, a Dockerfile, and a requirements.txt.
Deployment: The agent handles building the container image and deploying the Cloud Run service automatically.

Phase 3: Verification via Artifacts, Not Logs
The most tedious part of delegation is verification. Antigravity solves this by moving away from raw logs to Artifacts - tangible deliverables like task lists, implementation plans, and Walkthroughs.
The agent proactively verifies the deployment by uploading a test file to GCS and running SQL queries in BigQuery to ensure the data was processed correctly. You can review these results in the Walkthrough artifact, which summarizes every change and result at a glance

To verify the application really works you can test It creates a test artifact (test.txt) and wants to upload it to Google Cloud Storage bucket. Click on Accept to go ahead.
If you want to run further tests on your own, you can try to upload a sample file to the Cloud Storage bucket:

gcloud storage cp .txt gs: // doc-ingestion-{project-id}

Extend the Application

Add a Frontend: Generate a Streamlit or Flask web app to visualize BigQuery data.
Integrate Real AI: Swap "simulated" logic for real Gemini-powered document classification and translation.
Enhance Security: Move sensitive configurations to Secret Manager or implement Dead Letter Queues (DLQ) for robust error handling.

Google Antigravity represents a shift toward a higher, task-oriented level of engineering. By combining an AI-powered editor with a dedicated agent workspace, it allows developers to focus on the "what" while the agent handles the "how," turning abstract ideas into live, verified cloud applications in minutes.
For your step to step learning visit the Build and Deploy to Google Cloud with Antigravity codelab for more.

A Stitch at a time

Gbemisola Esho — Fri, 24 Apr 2026 06:52:18 +0000

Every UI idea starts the same way. A sentence. A sketch. A screenshot of something you saw and liked.
Then the process starts and the idea starts dying.
Wireframes go to designers. Designs go to developers. Somewhere in that handoff, the original intent gets trimmed, approximated, and eventually shipped as something slightly less than what you imagined.
Google Stitch is built to kill that gap.
Launched at Google I/O 2025 under Google Labs, Stitch takes a plain English prompt or a rough sketch, or a URL and returns a high-fidelity UI design with exportable frontend code. The whole thing takes under two minutes. No Figma file. No design-to-developer handoff. No lost intent.
This is what that workflow looks like, what it gets right, and where it still has limits.
"Stitch does one thing exceptionally well: it gets you out of the blank canvas problem fast."

What Stitch actually generates

Most AI design tools give you a starting point. A rough layout. Something to react to.
Stitch gives you more than that but less than you might expect. Understanding exactly what comes out of it is the difference between using it well and being disappointed by it.
Here is what a single Stitch prompt produces.

Before you open Stitch

Write a better prompt

Stitch is only as good as what you give it. A weak prompt returns a generic layout. A specific one returns something you can actually build on. Spend three minutes here before you spend ninety seconds waiting for a generation.
A strong Stitch prompt answers four questions:
What kind of product is this? Name the category dashboard, mobile app, landing page, onboarding flow, news article template. Stitch needs to know what structural pattern to reach for.

Who is it for? An internal tool looks different from a consumer product. A newsroom CMS looks different from a public-facing news app. Say it explicitly.
What are the key screens or sections? Do not make Stitch guess. List the components you need — sidebar, data table, search bar, article card, navigation menu.

What is the visual tone? Minimal, bold, dark mode, data-heavy, editorial, clean. One or two words is enough.
Here is the difference in practice.

Weak prompt:

"Design a news app."

Strong prompt:

"Design a mobile news reader app for a digital-first African newsroom. Dark theme. Home screen with a hero story, category tabs, and a scrollable article feed. Article view with a full-width image, headline, author byline, share button, and related stories section. Clean, editorial feel — inspired by BBC News and The Guardian app."

Same tool. Same model. Completely different output.
Write your prompt before you open the browser tab. Treat it like a brief, not a search query.

Now you are ready. Here is exactly what to do.
Step 1: Go to stitch.withgoogle.com
You need a Google account. No waitlist, no setup. Sign in and you land directly on the prompt canvas.
Step 2: Choose your mode
You will see two options before you type anything.
Standard mode uses Gemini 2.5 Flash. Use this for exploration — testing ideas, comparing layouts, moving fast. You get 350 generations per month.
Experimental mode uses Gemini 2.5 Pro. Use this when you have found your direction and want a higher-quality result worth exporting. You get 50 generations per month.
Start with Standard. Switch to Experimental only when you have a prompt you are confident in.

Step 3: Paste your prompt and generate
Stitch will show you a generation time estimate usually around 90 seconds for Standard mode. It is accurate. Do not refresh.
When it comes back, you will see two or three layout variants side by side.

Step 4: Compare variants do not skip this
Resist the urge to click the first one that looks good. Spend 60 seconds comparing structural decisions. Does one use a bottom nav bar while another uses a sidebar? Does one prioritise the hero image while another leads with text? These are architectural choices that matter later.
Pick the variant whose structure fits your product logic not just the one with the nicest colours.

Step 5: Refine with follow-up prompts
Your first generation is a starting point. The chat panel on the right accepts follow-up instructions. Be specific.
Instead of: "Make it look better"
Write: "Switch the background to dark grey. Move the category tabs below the hero image. Make the headline font larger and bolder. Apply WCAG 2.1 contrast standards throughout."
Each follow-up takes another 60–90 seconds. Give it two or three rounds before moving to export.

Section 4: Exporting your design which path to take
When your design is ready, you have three exits. Pick the one that matches your next step.
Export to Figma if you have a design team
Click "Copy to Figma" and paste directly into an open Figma file. Your design arrives as editable components. From there your team can apply your real design system, adjust spacing, and hand off through the normal design workflow.
Use this path when: you are handing the design to someone else, you have an existing component library, or the project needs collaborative review before development.
Export to Google AI Studio : if you want working code fast
This is the most powerful path for solo builders. Send your design to AI Studio and Gemini converts it into a functional web application — with routing, interactivity, and logic — without you writing a line of code.
Exporting to Google AI Studio

Use this path when: you are a founder, developer, or journalist building a prototype you want to test quickly.
Export as HTML and Tailwind CSS — if you are building it yourself
Click "View Code" and download the frontend code directly. It is clean, readable, and structured logically. Drop it into your repository and build from it.
The one limitation: you cannot change the output stack. Stitch always exports HTML and Tailwind CSS. If your project runs on React, SwiftUI, or a custom component library, treat this code as a visual blueprint rather than production-ready output.
Use this path when: you are a web developer who wants a head start on a project and can translate or adapt the code.

Section 5: Where Stitch fits and where it does not
Stitch is not a Figma replacement. It does not have Figma's precision, collaboration features, or component library depth. If your team runs a mature design system, Stitch is an upstream ideation tool not a replacement for your existing workflow.
What Stitch is genuinely good at is getting from zero to something real, fast. The blank canvas problem that paralysing moment at the start of any design project largely disappears. You have a structured layout, a colour system, and exportable code in under two minutes. For journalists, founders, and solo developers who need to move fast without a design team, that is a meaningful shift.
The honest limitations are three. Layout consistency drifts across screens components that look identical visually are not always built identically under the hood. Complex flows with more than two or three screens require significant follow-up prompting. And the generation caps are real 50 Experimental mode generations per month sounds generous until you are deep in a prototype and burning through revisions.
Use Stitch for: early-stage ideation, rapid prototyping, client presentations, fellowship projects, hackathons, and any situation where speed matters more than perfection.
Do not use Stitch for: production-ready design systems, large multi-screen applications, or any project where design consistency across dozens of components is non-negotiable.

The tools that change how you work are rarely the ones that replace everything you know. They are the ones that remove the friction at the point where most ideas die.
For UI design, that point has always been the start the blank canvas, the first decision, the gap between what you can imagine and what you can actually put on a screen.
Stitch does not build your product for you. It just makes sure the idea survives long enough to become one.

Harnessing Google’s AI for a Sustainable Future: From Data to Action

Gbemisola Esho — Sat, 14 Feb 2026 03:44:13 +0000

The intersection of technology and environmental stewardship is no longer a futuristic concept, it is a present-day necessity. As a GDE and investigative researcher, I have always looked for tools that bridge the gap between complex data and actionable policy.

The Yale GDG on Campus series provided a deep dive into a powerful ecosystem that allows us to monitor, model, and communicate environmental challenges with unprecedented precision.

The Sustainability Trinity: Earth Engine, Vertex AI, Gemini and more
To achieve true environmental accountability, we need a workflow that moves from observation to intelligence.

Google Earth Engine

: Our Planetary Dashboard
Earth Engine serves as the ultimate tool for environmental OSINT (Open Source Intelligence). It allows us to monitor the “Right to a Healthy Environment” by analyzing decades of satellite imagery. Whether we are tracking deforestation in the Sahel or urban heat islands in Lagos, Earth Engine provides the empirical evidence needed to verify corporate sustainability claims and fight “greenwashing.”

Vertex AI

: Engineering the Solutions
While Earth Engine gives us the data, Vertex AI allows us to build the solutions. As a Professional Security Engineer, I see Vertex AI as the bedrock for training custom machine learning models that can predict energy consumption or simulate climate risks. It allows us to create inclusive tools that are “secure by design,” ensuring that climate data remains protected while being accessible for impactful decision-making.

Gemini

: The Bridge to Human Understanding
The greatest barrier to climate action is often the complexity of the data. Gemini changes this by acting as a multimodal translator with advanced reasoning. I can explore how Gemini can take complex geospatial reports and localize them into languages like Yoruba, Hausa, or Igbo — making climate literacy a reality for everyone.

©Nadia B Ahmad

Google Maps

: The Interface for Real-World Action
Google Maps has evolved from a navigation tool into a “digital powerhouse” for environmental awareness and city planning.

Project Green Light: Uses AI and Google Maps driving trends to model traffic patterns and optimize traffic lights. This can reduce stops at intersections by up to 30% and emissions by over 10%.
Fuel-Efficient Routing: Suggests routes that take a similar amount of time but have fewer hills and less traffic, which enabled an estimated 2.7 million metric tons of GHG emissions reductions in 2024 alone.
Environment APIs: New tools like the Solar API (mapping solar potential for 320 million+ buildings) and the Air Quality API (tracking pollutants in 100+ countries) empower businesses and citizens to make healthier, greener choices.

Google Colab

: The Scientific Engine for Analysis
Google Colab is a zero-configuration, cloud-based platform that allows you to write and execute Python code directly in your browser, with free access to powerful GPUs and TPUs.

Geospatial Processing: Colab integrates seamlessly with Google Earth Engine and BigQuery, allowing researchers to process petabytes of satellite imagery without needing local high-end hardware.
AI Model Training: It is used extensively to develop and train machine learning models for sustainability, such as predicting deforestation risk or mapping species distributions.
Interactive Storytelling: Researchers use Colab to create interactive notebooks that combine live code with visualizations (like heatmaps of urban heat islands), making it an ideal tool for investigative journalists to “ground” their environmental reports in reproducible data.

The Portfolio Challenge by Google AI

Gbemisola Esho — Sat, 07 Feb 2026 13:00:49 +0000

This is a submission for the [New Year, New You Portfolio Challenge Presented by Google AI] Not really!(https://dev.to/challenges/new-year-new-you-google-ai-2025-12-31)
The Portfolio Challenge has come and gone but I still have this write up which well, I forgot to submit.
I followed the format for submission, I hope you enjoy it and learn from it.
Happy reading!

About Me

Gbemisola Esho is a multidisciplinary technology leader operating at the critical intersection of cloud security, artificial intelligence, and digital inclusion. With a career that spans technical infrastructure and investigative journalism, she brings a dual perspective to the global dialogue on AI: how to build secure, scalable systems, and how to ensure they serve the public interest in emerging economies.

As a cybersecurity practitioner, Gbemisola specializes in securing cloud architectures against complex threats. She is a recognized voice in the developer ecosystem, recently speaking at DevFest Kigali 2025 at Carnegie Mellon University Africa on "Bot Management with Google Cloud Armor and reCAPTCHA."
She is the Founder and Lead of Connectobridge, an initiative dedicated to closing the digital skills gap for women, youth, and underrepresented communities. Through this platform, she champions AI literacy and online safety, aligning her advocacy with the United Nations Sustainable Development Goals. As a journalist trained in the Pulitzer AI Spotlight Reporting program, she also wields the investigative skills to interrogate AI systems for bias, transparency, and accountability, challenging hype-driven narratives with evidence-based reporting.

Portfolio

This is the link to my portfolio with some projects and deployed on Cloud Run
{https://gbemisolaportfolio-627390562920.us-west1.run.app/}

How I Built It

Gbemisola's Portfolio: Creation & Deployment Process

Technical Stack & Development Frontend Architecture: Built using React 19 with TypeScript for type safety. The UI is crafted with Tailwind CSS, utilizing a "glassmorphism" aesthetic to reflect a modern, high-tech security vibe.

AI Integration: The "Resume Agent" uses the Gemini 3 Flash model. It's configured with a specific system instruction that defines your professional persona, project history, and technical expertise.

Security Features: The app implements a secure API key management flow. It uses the window.aistudio interface to let users provide their own keys, ensuring no sensitive credentials are hardcoded or stored on the server.

Containerization (Docker) To ensure the app runs identically in any environment, we use Docker. Base Image: A lightweight Nginx Alpine image.

Configuration: The Dockerfile copies the static assets (HTML, TSX, CSS) and configures Nginx to serve them. Crucially, it includes a template for nginx.conf that listens on the $PORT environment variable, which is a requirement for Google Cloud Run.

Automated CI/CD (Google Cloud Build) The deployment is fully automated using a cloudbuild.yaml pipeline: Step 1 (Build): When you push code, Cloud Build triggers a docker build, tagging the image with the specific Git commit SHA for version control.

Step 2 (Push): The built image is pushed to Google Container Registry (GCR).

Step 3 (Deploy): Cloud Build tells Google Cloud Run to pull the new image and update the service.

Serverless Hosting (Google Cloud Run) We chose Cloud Run for deployment because:

Zero-Scale: It scales to zero instances when there's no traffic, making it practically free for a personal portfolio.

Concurrency: It can handle multiple simultaneous requests efficiently.

Security: It provides an isolated, managed environment with automatic HTTPS and built-in protection against common infrastructure threats.

What I'm Most Proud Of
The Evolution from Static to Intelligent:
Most portfolios are digital paper. With Google AI studio I built a living technical agent integrating Gemini 3 Flash, I demonstrated how Generative AI can be used not just for "chat," but as a professional proxy that understands context, projects, and your professional persona.

Architectural Sophistication (Cloud-Native):
This isn't just hosted on a simple web provider, It is a production-grade pipeline that uses:
Dockerization for immutable deployments.
Google Cloud Run for serverless, cost-effective scaling.
Cloud Build CI/CD for automated security-focused delivery

NB:Most of what is in the portfolio is true but the actual projects disguised.

The Portfolio challenge was used to demonstrate the power of Gemini, AI Studio and Cloud Run Google technologies demonstrating how these technologies can make your projects come alive.

From Zero to Global: A Complete AI Video Workflow Using Google Cloud & Gemini

Gbemisola Esho — Sun, 18 Jan 2026 08:58:08 +0000

Content is king, but context is queen. In a country as diverse as Nigeria, creating digital content is only half the battle. The real challenge and opportunity lies in making that content accessible to everyone, whether they speak Yoruba, Hausa, or Igbo.

I recently explored the power of Google Vertex AI Studio to create a short film. I used cutting-edge tools like Google Veo and Imagen (via the “Nano Banana” MCP server) to generate stunning visuals. But I didn’t want to stop at just great visuals. I wanted to ensure the message could resonate across Nigeria’s linguistic landscape.

                Vertex AI Studio

Here is the step-by-step technical workflow I discovered for localizing AI-generated video content using the Google Cloud ecosystem.
The Visual Foundation
First, the video itself was created using Vertex AI Studio. By leveraging generative video models like Veo, I was able to turn text prompts into high-quality video clips. This formed the visual base of the project.

Creating viuals and films in Google Flow

But to take this video from a silent clip to a localized story, I needed a suite of Google Cloud APIs. Here is the architecture for localization.

Prompting in Vertex AI Studio

Step 1: Transcription (The Ear)
Tool: Google Cloud Speech-to-Text API
If your source video already has English audio (or any other language), the first step is extraction. You cannot translate what you haven't captured.
The Speech-to-Text API listens to the audio track of the video and converts spoken words into a text transcript. It's highly accurate and serves as the foundation for the rest of the pipeline.

Step 2: Translation (The Brain)
Tool: Google Cloud Translation API
Once I had the raw text, the next step was bridging the culture gap. I used the Cloud Translation API to convert the English transcript into Nigeria's major languages: Yoruba, Hausa, and Igbo.

Google has been actively expanding support for African languages, meaning the translations are becoming increasingly nuanced, handling idioms and context better than ever before.

Step 3: Vocalization (The Voice)
Tool: Google Cloud Text-to-Speech API
This is where the magic happens. Reading subtitles is great, but hearing a message in your mother tongue is powerful.
Using the Text-to-Speech API, I converted the translated Yoruba, Hausa, and Igbo scripts back into audio. This service synthesizes lifelike, neural speech. Instead of a robotic monotone, you get a voice-over that feels natural and engaging, which can then be synced back to the original video.
Step 4: Subtitling (The Eyes)
Tool: Google Cloud Transcoder API
For accessibility (and for those watching on mute), subtitles are non-negotiable.

Using the same translated text from Step 2, the Transcoder API allows you to burn captions directly into the video file or generate sidecar files (like .SRT). This ensures that even if the audio isn't played, the message is readable in the user's local language.
Why This Matters for African Tech
While Vertex AI handles the heavy lifting of creative generation (building the world, the characters, and the movement), these specialized APIs are the bridge to the user.
For independent media houses, creators, and developers in Africa, this stack represents a massive opportunity. We can now build:
Educational content that scales to every region.
News broadcasts that automatically generate local versions.
Entertainment that feels homegrown, regardless of where it was produced.
The tools are there. It is up to us to build the pipelines.

Did you find this workflow helpful? Follow me for more insights on building with Google Cloud and Vertex AI.

GoogleCloud #VertexAI #GenAI #Localization #AfricanTech

Cyber resilience in applications on AWS-Using AWS Security Hub.

Gbemisola Esho — Sat, 30 Dec 2023 14:59:38 +0000

With the rise of digital, the interconnectivity of the world is unquestionable and cyberspace is the world that was born, making the saying “The world is now a village” My words are “The world is now an interconnected village”.

As we are in the era of “digital everything” the need for cyber resilience has increased, paving the way to sustainable development and growth in the cybersecurity landscape.

A synergy between public and private sector stakeholders will help to find solutions. The late UN scribe Mr Kofi Annan said “There is no development with security and no security without development”

Solutions to problems of increase in cybertheft and data breaches lead only to the place of capacity building so cyber professionals are well equipped to identify, contain, and stop attacks that occur in cyberspace.

What is Cyber resilience?
This is the ability of an organisation to prevent withstand and recover from cyber-attacks.

Cyber resilience goes beyond preventing cyber attacks and has a proactive approach to cybersecurity. It anticipates that it still needs to detect and respond with minimal damage occurring as it recovers from attacks.

Components of Cyber resilience
Risk Assessment: It is important to take stock of the assets of your organisation, their value, and the potential vulnerability to know the cyber threat severity and impact

Prevention: Best security practices will be without fail help with prevention some examples include setting up firewalls, anti-virus, and security awareness training.

Detection: Intrusion detection systems, security information, event management systems, and monitoring tools should be addressed.

Response: A well-defined and drafted plan should always be in place and ready to be activated.

Recovery: The ability of an organisation to recover from a breach or an attack and return to normalcy as quickly as possible is very important to be resilient.

Adaptability: The ability to adjust to the fast pace of cyberspace and changing threats

Ensuring your applications are cyber-resilient is a continuous process you achieve this by ensuring best practices are followed and the right security posture.

Security Posture in Cyber Resilience

The security posture of an organisation is the organisation's overall cyber security readiness.
In AWS cloud security posture is managed by the AWS Security Hub

What is the AWS Security Hub?
The AWS security hub is an AWS resource that has the following function

Automates Security best practices: Security best practices in AWS are linked to a Well-Architected Framework which helps in making decisions on how to deploy our workload bearing in mind the need for secure deployments in the Cloud.
Aggregate security alerts into a single place and format
Helps in understanding your overall security posture across all of your AWS accounts.

Security Best Practises in AWS

The security pillar in the Well-Architected Framework emphasizes the advantage of cloud technologies by describing how to protect data, systems, and assets in a way that can improve your security posture.

There are several principles associated with this like
Implement a strong identity foundation: This requires implementing the principle of least privilege and enforcing separation of duties with appropriate authorization for each interaction with your AWS resources.

Maintain traceability: Logging and monitoring are key factors in maintaining traceability. The need for alerts and audits is critical as well.

Apply security at all layers: Defense-in-depth approach is applied with multiple security controls. Applied to all layers from networking, load balancing, operating systems, and application layers.

Automate security best practices: To securely scale more rapidly and cost-effectively, using automated software-based security mechanisms enhances your ability.

Protect data in transit and at rest: Encryption and classification of data into sensitivity levels is a best practice as well as the use of tokenization, and access control as well.

Data Restriction and Control: Reduce or eliminate the need for direct access or manual processing of data. This reduces the risk of mishandling or modification and human error when handling sensitive data.

_Security events readiness: Incident readiness is a priority with the robust incident management and investigation policy and processes that align with your organizational requirements.

The security Hub centrally manages security alerts

How it works

The security Hub Centre is a central security tool that is used to manage the security across several AWS accounts and automate security checks.

It has an integrated dashboard that displays the security and compliance status that helps in decision-making and taking action.

The AWS Security Hub aggregates alerts across different services like AWS Config, AWS GuardDuty, AWS Macie, IAM Aces Analyzer, AWS Systems Manager, AWS Firewall, AWS Health

AWS Config service is enabled for the Security Hub to work, looking at the diagram we can see that the Security Hub can cover multiple accounts at a time taking the findings from the AWS services mentioned finding out the potential issues and findings, and visualizing it on the dashboard.

EventBridge generates an event and Amazon Dectective investigates the source of the threat.

And finally, to investigate the source of these issues you can use Amazon Detective.

To know more about AWS Security Hub like this link

Introduction to Cloud I AM:Can I come in? Access Control in Google Cloud

Gbemisola Esho — Tue, 22 Aug 2023 01:28:04 +0000

In Google Cloud resources are arranged in a hierarchy with the organisation as the root node.To be able to access resources in Google Cloud you need identity access management in short called I AM.
Cloud I AM is how you decide who can do what in Google Cloud resources.To navigate this Google Cloud provides policies, identities and roles.
Lets get back to the hierarchy,every workload deployed in Google Cloud are organised as projects.The hierarchy flows from the organisation which is the root node to the folder and then the projects.

With I AM you manage "who" that is the identity does "what" access the role to which resource..
The organisation, folder and projects are used to organize your resources.
I AM ensures that the resources are accessed by those authenticated to do so and not by all users, for a user to gain access you need to have a role.Authenticated users/members are called Principals
An I AM policy also called an "allow policy" defines what role or roles are given to the principals and enforce them as well.
The I AM policies are attached to resources, if there are any attempts to access this resource, the policy will check if the user/principal is allowed to do so.
This is called Authorization.

Authentication vs Authorization
Authentication verifies "who" it proves who you say you are ,a principal, while authorization determines "what" you have access to, that is to say you can do what you want to do the "who" (authenticated) the "what"(role).
Authentication offers a general scope in security of your resources at a granular level whereas authentication is more fine-grained.

Credentials
Credentials are digital objects that provide prove of authentication that you are really who you say you are.
Examples of credentials include passwords,pins, and biometric data,a great example of this is logging into an email account with a password, and in trying to secure your account,you could protect it with a two-factor authentication in short 2FA.

AWS and Cyber Insurance

Gbemisola Esho — Fri, 23 Jun 2023 09:10:18 +0000

Data breaches have been on the rise, this is because data is the new currency. The growth and the spread of the internet in establishing "digital "have moved most businesses online this development has changed how data is managed.
AWS have a number of services and tools ensuring security in the cloud to make sure that the triple A of any basic security infrastructure is preserved that is Authentication, authorization and accounting framework is in place.

Triple A

Bearing that in mind, AWS help customers harden their infrastructure preventing cyber incidences by mitigating threats and compromises through detection with Amazon Guard Duty

Amazon Guard Duty.

Amazon Guard Duty protects by using intelligent threat detection, continuously monitoring malicious behaviour in your aws account and workloads.
AWS have taken security a notch higher by launching AWS Cyber insurance programme helping to link AWS partners with cyber security insurance otherwise know as "cyber insurance" and is foremost in this thrust, AWS shows its commitment to securing everything in the cloud and well as helping its partners improve their security posture by getting insurance at the snap of the finger.
AWS through its partner networks lead by Ryan Orsi who at AWS re:inforce said" AWS focuses on all partners in the security landscape the whole spectrum from Professional Services to the large conglomerates in helping to make security easier
Ryan Orsi, the head of AWS worldwide head of cloud foundations for the AWS Partner Network describes this as "A defining moment for here at AWS and our partners" this was unveiled at AWS reinforce 2023.

The AWS Cyber Insurance programme offering helps to take the stress of a lot paperwork and processes minimizing time and days spent in getting a quote.
AWS Cyber insurance Programme gives the assurance of getting a quote in 2 days or less helping to keep insurance premium down and these are all hinged on AWS Security Hub.

Amazon Security Hub
Amazon Security Hub a cloud security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation.

The programme is open to all enterprises from small to giant and AWS channel partners can choose any insurance dealer that is a designate of the programme whether they individual insurers,brokers or insurance companies, as AWS helps in the facilitate the relationship between their partners and the insurance company.
The AWS partner network create programmes to help the customers understand the best practices in AWS environment and the experts who help out the partners have technical checklist to assist every customer.
To know more about the AWS Cyber Insurance Programme visit the AWS Partners Network

Culled from CRN

What is the AWS Builder Programme all about?

Gbemisola Esho — Tue, 10 Jan 2023 12:36:45 +0000

This is a programme that offers growth and networking opportunities to AWS enthusiasts .

Do you love teaching, writing and sharing about technology? The Builders programme is the right place for you.
You will have access to resources like human resource and materials to grow in your career and you would be part of an elite set of people privy to AWS products and services before they are launched in the public.

That's not all! You have access to AWS staff, Product Managers and AWS Heros!

Guess what? That's not all, you say impossible right?
You also get swags!!

What are you waiting for? Apply here

To know more about the programme visit this website

Deploying Wordpress on Aws Lightsail and enabling HTTPS.

Gbemisola Esho — Wed, 07 Dec 2022 20:33:01 +0000

Lightsail is a powerful virtual server and one of the easiest way to launch and deploy your web apps and websites.
This saves you from building a site from the scratch at the snap of your fingers because as developers time is critical.
You can deploy wordpress in Lightsailand authenticate with the following steps.
Log into the lightsail console and create an instance

Choose your prefered instance and image and blue print,select your instance location and your availability zone

Go on to choose the plan you want and can afford

Go ahead and create your wordpress blue print deployed on lightsail instance
The next step is to connect to you instance through the SSH so you can get the Wordpress password

It results to this SSH session where you run the
cat $HOME/bitnami_application_password

This retrieves the application password and you sign into wordpress by using the public IP address going to the browser using this url http://PublicIpAddress/wp-login.php replacing "PublicIpAddress" with the public address IP of the instance

You go ahead to sign in to your wordpress site.

There you are! signed into your administration dashboard of your wordpress website.

You need to attach a permanent IP address which is the static IP address because the public IP changes when you start and stop the instance then you connect the static IP to the instance.You find this under networking,name it then create.

Go ahead to create your DNS ZONE this is also found under networking to and map a domain to the lightsail instance.To deloy checkout the tutorial https://aws.amazon.com/getting-started/hands-on/launch-a-wordpress-website/

Websites security gains the trust of users and you can achieve this by enabling Hyper text Protocol Secure (HTTPS) on your WordPress site .The assurance of encrypted data transfer on the website is gives the assurance of security.
The Bitnami HTTPS configuration tool (bncert) is used enable HTTPS on your Certified by Bitnami WordPress instance on Amazon Lightsail.
The tool requests certificates only for the domains and subdomains that specified when making your requests
To enable the tool ,you will connect to the instance via SSH and it opens when you are successfully connected

Enter the following command to run the tool to ascertain it is installed
sudo /opt/bitnami/bncert-tool this is the output

If it informs about an updated version,accept download then re-run the command again.

It will proceed further asking you to enter your primary domain name and alternate domain names separated by a space as shown.It would also ask how you want your website to be redirected.

Answer with a yes and continue
This was the website before it was encrypted

When bcert tool enabled encryption

The website after http has been added

Build,Host and Authenticate your fullstack react app with AWS Amplify in minutes.

Gbemisola Esho — Sun, 04 Dec 2022 10:13:36 +0000

Building a fullstack react app now really easy, AWS amplify has enabled the building ,hosting and deploying your app.
It is a development resource that makes building fast on AWS
It creates a workflow from Git-hub using a continuous integration and deployment pipeline.
The resource builds,hosts basic and static websites with serverless backends.

The first step is to create the app by running the following commands in the command prompton in the terminal:

npx create-react-app amplifyapp
cd amplifyapp
npm start
For the commands to work, you must have nodejs on your machine then you run the scripts on your command prompt

Initialize github and create a new repo for the app and push application to new git repo by running this commands.
git remote add origin git@github.com:username/reponame.git
git branch -M main
git push -u origin main

Log into the management console search for Amplify

Under Amplify hosting, go to get started

Click Github repository then continue

Authenticate with Github and choose the newly created repo plus main branch and click next

Configure your build settings, save and deploy

Aws amplify goes ahead to build source code and deploys the app

There sits your fullstack app in minutes once the build completes

To automatically deploy code changes edit src/App.js , I prefer to it in Vscode

Here is my https://main.doukipuj2x592.amplifyapp.com/

Build,Host and Authenticate your fullstack react app with AWS Amplify in minutes 1.

Gbemisola Esho — Sun, 04 Dec 2022 09:12:34 +0000

The first step is to create the app by running the following commands in the command prompton in the terminal:

npx create-react-app amplifyapp
cd amplifyapp
npm start
For the commands to work, you must have nodejs on your machine then you run the scripts on your command prompt

Log into the management console search for Amplify

Under Amplify hosting, go to get started

Click Github repository then continue

Authenticate with Github and choose the newly created repo plus main branch and click next

Then you go right ahead to configure build setting, review

Amplify goes ahead to build source code

Your app is ready

You can then automatically deploy code changes from src/app.js in a text editor like Visual studio

Push to github and run the following command in the terminal

git add .
git commit -m “changes for v2”
git push origin main

When the build completes view your app in the Amplify console
https://main.doukipuj2x592.amplifyapp.com/

First step is get an AWS free-tier account here