AWS CLI Cheat sheet!

Head over to my download page to find AWS CLI cheat sheet for free! There AWS CLI cheat sheets for Amazon S3 commands and EC2 commands.

I have recently designed and uploaded an AWS S3 CLI cheat sheet on the This is addition to the AWS EC2 and general AWS CLI cheat sheets!

As always if you see any errors, mistakes, have suggestions or questions please comment below. Don’t forget to like, share, and subscribe for more! 


This is follow on post from Google Firebase detailed security rules part 1.

Advanced Rules

Only allow user to edit or add their own

This prevents other users from modifying other users content. Here’s an example of Firebase Realtime Database.

"users": {
      "$user_id": {
        ".write": "data.child('user_id').val() === auth.uid || newData.child('user_id').val() === auth.uid"               

Similarly in Firebase Storage rules. Allows authenticated users to read the users image. This example show folders and child folders to help apply different rules for each folder.

match /user-images {
      // Allow all to read each other's profile if authenticated
      allow read: if request.auth != null;
      match /{user_id} {
      // Only allow current user to write to its own folder
      	allow write: if request.auth.uid == user_id;
        allow read: if request.auth != null;
        match /{allPaths=**} {
        	allow read: if request.auth != null;
      		allow write: if request.auth.uid == user_id;

Multi-layer permission

Sometimes one key will need a different permission than the rest of the keys in the Firebase Realtime Database.

"users": {
      "$uid": {
        ".write": "$uid === auth.uid",
        "key1": {
          ".write": "auth != null"
        "key2": {
          ".write": "auth == null"
        "key3": {
          ".write": "auth === auth.uid"
        "key4": {
          ".write": "auth != auth.uid"

In Firebase Storage. Allow only authenticated users to read in the /users/ folder. Then in /users/1233/ only allow the owner to write and others who are authenticated to read. In the folder /users/1233/anotherFolder/ read for all authenticated and write for owner. Last, /users/private/ only the owner is able to read and write.

match /users{
      allow read: if request.auth != null;
      match /{user_id} {
      	allow write: if request.auth.uid == user_id;
        allow read: if request.auth != null;
        match /{allPaths=**} {
        	allow read: if request.auth != null;
      		allow write: if request.auth.uid == user_id;

        match /private {
      		allow write: if request.auth.uid == user_id;
        	allow read: if request.auth.uid == user_id;

More info checkout Don’t forget to subscribe below for more cloud engineer posts!

As always if you see any errors, mistakes, have suggestions or questions please comment below. Don’t forget to like, share, and subscribe for more! 

AWS Route 53 Routing Policies explained with diagrams

Reading time: 5 minutes

Wait, route what? Yes you are reading that correctly. AWS (Amazon Web Services) Route 53 is DNS (Domain Name Services). In this post I’ll be writing about AWS Route 53 Routing Policies and not discussing what is DNS. Search elsewhere for that information. Keep in mind these diagrams are simplified.

What is Route 53?

Again Route 53 is a DNS service built and fully managed by AWS. Did you know Route 53 has a freaking 100% SLA?! Read here if you don’t believe me. It basically means it will NEVER, ever be down! I don’t know about you but that’s beyond amazing to me! Here’s a link to learn more in depth about Route 53. Why 53? 53 is the common DNS port.

Route 53 Routing Policies


This is the default routing policy. Use this only when you have exactly one resource such as one EC2 web server. This policy can contain multiple values but it returns one resource. This policy is not recommend for production sites.

AWS Route 53 routing policy simple diagram


Allows creating two records for the same name. This starts like simple policy but with a health check. If that single web server is unhealthy then you can point elsewhere. That next pointer can be another web server or possibly an error.html page hosted in AWS S3.

AWS Route 53 failover routing policy diagram


Use this when you want to serve your site based on the location of the client or user.

AWS Route 53 geolocation routing policy


This is somewhat complicated so I would like to point to original documentation for full explanation.

Let’s subscribe to learn more or suggest topics!


When you have multiple resources in multiple regions, this policy routes the user not to the closest resource necessarily but the resource who responds the fastest or lowest latency.

AWS Route 53 latency policy diagram
In this example we can see the latency from France to United States was the lowest so therefore the website traffic is routed from a U.S region and not from an Australian region.

Multivalue answer

This one lets your return multiple values for each of your resources. The client or user browser randomly chooses one. Optionally you can add health checks. If any value becomes unhealthy then the client chooses another value to resolve. This is not an alternative solution to load balancing, it’s an enhancement.

AWS Route 53 multivalue answer routing policy diagram


This one is fantastic for new deployments or release testing new versions. It’s based on a numerical value ranging from 0 to 255. If you specify a value of 0 for all regions then it’s routed equally.

AWS Route 53 weighted routing policy
The math is a little more complicated than simplified here but you get the idea. Over time if release 2.0 is going good, then you would increase that value and lower release 1.0.

In the future I’ll be showing how to actually implement these via code. Subscribe to get notified when that gets released!

As always if you see any errors or mistakes, please comment below. Don’t forget to like, share, and subscribe for more! 🙂

Top 13 Cloud Engineer position interview questions and answers

Hi there! 

Here’s my list of top 13 cloud engineer position interview questions and answers! I have been a Cloud Engineer for years now. We hire cloud engineers, cloud system engineers (Linux & Windows admins), developers, security personal, developers, testers, DevOps engineers, etc. I have had the opportunity to interview dozens of potential employees. Most are transitioning from a typical system administrator to a cloud engineer. Nearly all interviewee fails to answer basic cloud questions! Read these questions and answers to help you prepare for your interview to be a cloud engineer for any cloud service provider, government, contractor, or public companies. Please enter your information to receive the download link for top 13 cloud engineer position interview questions and answers: 2019.

Here is a sample of what’s in the PDF.

What is the cloud? | What do you know about the cloud? | What does cloud computing mean to you?

What is your experience in automation in configuration management? | Have you used Ansible or Puppet or Chef?

How do you provision cloud resources? | How do you automate cloud resources?

Get the full Free PDF download by entering your info below.


If you have any issues receiving the download link please comment below or email me at

It’s also a good idea to take some certifications to learn and be prepared for actual AWS services questions.


Get the user’s profile image in Firebase iOS Swift

Updated: 6/8/2020

In this post I’m going to show you how to user’s profile image in Firebase in iOS Swift. Google’s Firebase Realtime database allows you to store data such as text in tree like structure. Google’s Storage is another database for blog storage like images, videos, etc.

In my ProMe Sports (A social network for athletes) app this is how I retrieve user’s properties like the userid, email address, full name, profile photo URL storage location, etc. My app is built using Swift 4.2 of course so I don’t know how this would work in Objective-C.

User object model

First create a user object in a separate file.

//  UserProfile.swift
//  Created by Waleed on 9/10/17.
//  Copyright © 2017 Waleed Sarwari. All rights reserved.

import Foundation

struct UserProfile {
    var userId: String
    var emailAddress: String
    var fullName: String
    var profilePhotoURL: String
    // MARK: - Firebase Keys
    enum UserInfoKey {
        static let email = "email"
        static let name = "name"
        static let profilePhotoURL = "profilePhotoURL"
        static let age = "age"
    init(userId: String, fullName: String, emailAddress: String, profilePicture: String) {
        self.userId = userId
        self.emailAddress = emailAddress
        self.fullName = fullName
        self.profilePhotoURL = profilePhotoURL
    init?(userId: String, userInfo: [String: Any]) {
        let fullname = userInfo[] as? String ?? ""
        let dateJoined = userInfo[UserInfoKey.dateJoined] as? Int ?? 0
        let photoURL = userInfo[UserInfoKey.photoURL] as? String ?? ""
        let emailAddress = userInfo[] as? String ?? ""
        self = UserProfile(userId: userId, fullName: fullname, emailAddress: emailAddress, profilePhotoURL: profilePhotoURL)

Upload user profile

Timing and correct steps are essential to clean user experience. If you have programmed long enough you’ll know “race conditions“. In IOS I use PromiseKit to control one execution completes before another starts. Now you may not need a Promise, it all depends on what you are doing.

func uploadUserProfileImage(profileImage: UIImage) -> Promise<()> {
        return Promise<()> { seal -> Void in
            // Use the auto id for the image name
            // Generate a unique ID for the post and prepare the post database reference
            let imageStorageRef = PROFILE_IMGS_STORAGE_REF.child(Utilities.getCurrentUserId()).child("default.jpg")
            // Resize the image
            //        let scaledImage = image.scale(newWidth: 640.0)
            guard let imageData = profileImage.jpegData(compressionQuality: 0.9) else {
            // Create the file metadata
            let metadata = StorageMetadata()
            metadata.contentType = "image/jpeg"
            // Upload the image to the userProfileImages storage
            let uploadTask = imageStorageRef.putData(imageData, metadata: metadata, completion: {
                (data, error) in
                imageStorageRef.downloadURL(completion: { (url, error) in
                    if let uploadedImageURL = url?.absoluteString {
                        // Get the image url and assign to photoUrl for the current user and update
                        if let changeRequest = Auth.auth().currentUser?.createProfileChangeRequest() {
                            changeRequest.photoURL = URL(string: uploadedImageURL)
                            changeRequest.commitChanges(completion: { (error) in
                                if let error = error {
                                    print("Failed to change the profile image: \(error.localizedDescription)")
                                }else {
                                    print("Changed user profile image")
                                    guard let userId = Auth.auth().currentUser?.uid else {
                                    // Save the profile of the user
                                    let values = [UserProfile.UserInfoKey.profilePhotoURL: uploadedImageURL]
                                    USERS_DB_REF.child(userId).updateChildValues(values, withCompletionBlock: { (error, ref) in
                                        if error != nil {
                                        print("Updated user photoUrl")
                                        // Update cache
                                        CacheManager.shared.cache(object: profileImage, key: userId)
            uploadTask.observe(.failure) { (snapshot) in
                if let error = snapshot.error {
            // Observe the upload status
            uploadTask.observe(.success) { (snapshot) in


Simplified by first getting the profile storage URL from the Firebase Realtime Database.

func getUserProfileImgURL(userId: String, completionHandler: @escaping (String) -> Void) {
        // Get the rest of the user data
        USERS_DB_REF.child(userId).observeSingleEvent(of: .value, with: { (snapshot) in
            // Get user value
            if let userValues = snapshot.value as? NSDictionary {
                if let userPhotoURL = userValues[UserProfile.UserInfoKey.profilePhotoURL] as? String {

This static function can now be called from anywhere.

static func loadUserProfilePhoto(userId: String, matchingUserId: String, imageView: UIImageView) {
        UserServices.shared.getUserProfileImgURL(userId: userId) { (profileImgURL) in
            let imageCacheId = userId

            if let image = CacheManager.shared.getFromCache(key: imageCacheId) as? UIImage {
                imageView.image = image

            } else {
                if let url = URL(string: profileImgURL) {
                    let downloadTask = URLSession.shared.dataTask(with: url, completionHandler: { (data, response, error) in
                        guard let imageData = data else {
                        OperationQueue.main.addOperation {
                            guard let image = UIImage(data: imageData) else { return }
                            // In the completion handler of the download task, we add a simple verification to ensure that we only display the right image. For the image that is not supposed to be displayed by the current cell, we just keep it in cache.
                            if matchingUserId == userId {
                                imageView.image = image
                            // Add the downloaded image to cache
                            CacheManager.shared.cache(object: image, key: userId)

You can place this static function wherever, I put it a “Utilities” class. The “matchingUserId” is for caching purposes. When the user scrolls or views the user’s profile for the first time it will download and cache in the cache manager. The second or more time during that session it will look for the cached version of the photo. This helps with speed and accuracy of loading images.

Calling the static function example

Utilities.loadUsersProfilePhoto(userId: userId, matchingUserId: self.user.object.userId, imageView: self.userImage)

This is how I retrieve the user image as data using the user Id and the photo URL location. Remember the user id comes from the Firebase Realtime Database and the actual image is stored in the Firebase Storage. This is stored in another file that does storing and retrieving only.

This is also doing some simple error checking. If there isn’t any profile image then use the default profile image that’s stored within the app assets.

Remember this all assumes the Firebase rules are allowing this, checkout this article for details. Also don’t forget to lockup your API keys!

Don’t forget to subscribe and share 🙂

Google Firebase detailed security rules Part 1

I’ll be showing you how Google’s Firebase security rules in detail with my custom iOS app with slight changes. In addition to securing your Google Firebase API’s, you must also secure your Firebase Realtime Database. This is secured by applying security rules to the database in the Firebase console. I highly recommend using the provided simulator to test and verify the expected results that you expect for your web or application! I will not be responsible for your misconfiguration or lack of understanding of what this article entails.

Basic rules

100% Closed

// These rules don't allow anyone to read or write access to your database
  "rules": {
    ".read": false,
    ".write": false

This is the MOST restrictive rule, no one is allowed to do any CRUD operations. Also, this is the least useful one. (I don’t know why I even bothered with typing this 🙂 let’s continue)

This below is open for anyone in the world to read and write, even worse than the most restrictive security rules.

100% Open

// read and write access to your database
  "rules": {
    ".read": true,
    ".write": true

This one below is a good starting point but it does require modification depending on your needs. If you’re going to have users sign up and sign in functionality then start with this.

User ID based

// These rules grant access to a node matching the authenticated
// user's ID from the Firebase auth token
  "rules": {
   ".read": "auth != null",
    "users": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"

The first rule means only authenticated users can read everything! Which is most likely what you want to start with. The second rule says only information from the “users” tree that has a node ID that is equal to the current user’s ID, may have full read and write permissions on that exact node. In the example below, the current user has full access to node1, not node2.

// assume current user id is 22222222222

  node1: 11111111111
    key: value
    key: value
  node2: 22222222222
    key: value
    key: value


How I passed three AWS certifications back to back!

AWS Cloud Practitioner

I passed the AWS Cloud Practitioner certification with nearly flying colors!  My score was only a few points away from 900 out of 1000. This exam was not challenging for me and I doubt it will be challenging for you either. Now I do have to say that I did work with AWS and related services for two years prior to taking this exam. Always read the exam topics and find sites that organize their study guides with the exam topics. I studied about an hour a day for about 3-5 days the week before taking the exam. You don’t need to be an IT guru to study and pass this exam so don’t push too hard, just take it! 

AWS SysOps Administrator & Solutions Architect

Few months after that I started to study for the AWS SysOps administrator certification. The reason I started to study for that exam before the AWS Solutions architect because I planned to knock out both of the exams back to back. The exam topics for both of them was very similar to me and I had a feeling that passing the SysOps would help me pass the AWS Solutions Architect exam. I bought the official AWS SysOps Administrator book from Since I’m so busy with work during the day, working out during the evenings, I read a few pages before going to sleep. During my commute to and from work, I would also listen to AWS official podcasts (Note: What you hear on the podcasts may not be on the exam)

I mainly used (links below to each course) because they have the latest content, hands-on lab, quizzes and practice exams that were on par with the topics in the exam. I also purchased a study guide package from for around $12 to get more practice exams. Those exams were formatted like the actual exam but the content for the package I got had more information than I needed for the associates level. I passed one exam on one Sunday and then the other exam on the following Sunday.  I was relieved that my plan worked! What I didn’t know was that passing each exam AWS gives you a 50% off discount on your next exam. Now I have discounts available for my next AWS certifications. These exams are good for 3 years before a renewal is required.

Last words; these exams definitely require professional experience. It’s not just a memorization type exams, it’s all scenario-based. Let me know if you have any specific questions!

AWS Cloud Practitioner

The AWS Cloud Practitioner exam enables individuals with an overall understanding of the AWS Cloud to validate their knowledge with an industry-recognized credential. It provides individuals in a larger variety of cloud and technology roles with a way to validate their AWS Cloud knowledge and enhance their professional credibility.
AWS Cloud Practitioner badge

AWS Certified SysOps Administrator

The AWS Certified SysOps Administrator – Associate exam validates technical expertise in deployment, management, and operations on the AWS platform.
AWS SysOps Administrator badge

AWS Certified Solutions Architect – Associate

The AWS Certified Solutions Architect – Associate exam is intended for individuals with experience designing distributed applications and systems on the AWS platform.

AWS Solutions Architect badge

Be sure to subscribe to be updated on awesome and helpful guide on becoming the best cloud engineer!

Your Google API’s are open to the public by default! Let’s secure them.

How is it Google API’s open to the public?

There are a lot of reasons why you might be using Google API’s. They may be for Google Maps, an iOS or Android app, or just web application. Regardless what you’re using your Google API’s for by default (if it’s autogenerated) they are unrestricted meaning if anyone sees the API keys, they can simply copy and paste in their own project and start reading and writing to! How crazy is that?! The web API JavaScript’s are extremely easy to view with the developer console of the browser. Here’s what mine looks like (with fake data of course!).

// Your web app's Firebase configuration
var firebaseConfig = {
apiKey: "adfaeafaffee-eeeeeaaa333",
authDomain: "",
databaseURL: "",
projectId: "appName-1111",
storageBucket: "",
messagingSenderId: "44444444",
appId: "2:43434:122434de"
// Initialize Firebase

How to secure Google API keys for Web

Let’s secure them by only allowing the referrers or initiated action from whitelisted domain names and app bundle ID.

  1. Navigate to
  2. Go to your firebase project
  3. Go to credentials
  4. Under API keys, select the Browser key associated with your firebase project (should have the same key as the API key you use to initialize your firebase app.)
  5. Under Application restrictions select HTTP referrers (web sites), simply add the URL of your app.
  6. Optional: If you have previously unrestricted keys prior to this change, I suggest regenerate a new key and update your JavaScript!
  7. If you’re using Firebase, be sure to add those URL’s that look like “;
  8. Save.

How to secure Google API keys for App

Now let’s secure them by only allowing the referrers or initiated action from whitelisted app bundle ID.

  1. Navigate to
  2. Go to your firebase project
  3. Go to credentials
  4. Under API keys, select the iOS Key or Android Key associated with your firebase project (should have the same key as the API key you use to initialize your firebase app.)
  5. Under Application, restrictions select iOS apps. You can find this in Xcode and elsewhere.
    1. orgName.AppName
  6. Optional: If you have previously unrestricted keys prior to this change, I suggest regenerate a new key and update your JavaScript!
  7. Save.

What Google must do!

Update your damn starting guides to make the keys secure before initializing the keys! I know they have a checklist but as coders, we tend to keep following the technical guide more. Here’s their checklist.