How to get near-realtime logs for a Terraform-managed Lambda function

11 June 2019, Tamás Sallai
There is a recurring thing that happens nearly every time I work on a serverless function behind an API Gateway. I deploy the function, open a browser and navigate to the URL, and finally see an Internal server error. Bummer, something is broken. But what? Let’s check the logs! But to do that, I need to open CloudWatch logs, find the function, then find the appropriate log stream, and finally, I’ll see the logs.

Cacheable S3 signed URLs

04 June 2019, Tamás Sallai
Let’s say you have an image on a customers-only corner of your website. To ease the bandwidth requirements on your servers, you decided to move the image to S3 and use signed URLs to selectively grant access to it. This can be a small thing like an avatar, or a bigger one, for example, some promotional content.

Why AWS access and secret keys should not be in the codebase

28 May 2019, Tamás Sallai
I’ve seen a few applications with hardcoded AWS credentials. Even though it is something that should not happen, I can see why this pattern emerges from time to time. When there is nobody with adequate experience with the cloud it is the easiest and the “just works” solution that ticks all checkboxes. And not until much later, just before the product goes to production will it surface (well, I’ve seen teams where it wouldn’t have been a problem even then).

Taking notes on a conference with smartphone and Bluetooth keyboard

21 May 2019, Dávid Csákvári
This month I’ve attended the Craft Conference. Last time I used my laptop to take notes, but this time, I tried a new setup to save some space in my backpack: an Android smartphone with a Bluetooth keyboard.

Editors' Favourites

Despite my ambivalent feeling about CloudFormation I use it a lot, but managing stacks through the Console is a pain. Fortunately, this service enjoys the same CLI support most other ones do, so it is just a matter of scripting to make it more developer-friendly.
One of the most catastrophic of the AWS account security breaches is not sophisticated hacking involving 0-day vulnerabilities traded on the deep web by high-profile hackers. It is when you post your access and secret keys in plain text to the public. After all, it’s so easy to test with some hard-coded keys and accidentally push it to the VCS.
S3 signed URLs provide fine control over who can access private resources. It is flexible regarding both the permission side and also on the ease of automation.
Why some projects are clean, easy-to-read, and performant, while others a convoluted mess? Why, when making a modification, in some codebases everything falls into place immediately, while in others it’s more like walking on a minefield?