AWS

Lambda

OpenAPI

How to implement a Lambda backend based on OpenAPI

API documentation and implementation tend to diverge when they are maintained separately. This results in security problems where something should be validated but isn’t and usability issues such as out-of-date documentation.

Continue reading →

Tamás Sallai

30 October 2020

AWS

Terraform

OpenAPI

Interactive API documentation using Swagger UI deployed with Terraform

When a backend provides an API how do you provide documentation for people who want to use it? It can be an informal process, using documents that describe the available paths, and how each of them should be called.

Continue reading →

Tamás Sallai

27 October 2020

AWS

IAM

How to use a break-glass role for sensitive admin tasks

A break-glass role is an IAM role along with a few other resources that send a notification when somebody uses it. It is suitable for protecting rare and sensitive admin tasks, such as managing a KMS key policy or administering privileged users. By using a break-glass role, the security team can instantly know when the sensitive permissions are accessed and can start damage control right away. It is a powerful tool for security monitoring an AWS account.

Continue reading →

Tamás Sallai

23 October 2020

AWS

IAM

IAM policy evaluation logic explained with examples

IAM follows a defined course when it decides whether a given request is allowed or denied. The basic configuration block is IAM policies, which contain statements that grant/deny permissions.

Continue reading →

Tamás Sallai

20 October 2020

All posts

Books & Courses

Learn S3 signed URLs

Signed URLs allow selective access to protected content by generating a signature on the backend which the clients can use to download the file directly from S3. This moves the heavy lifting from the servers or function you manage to a cloud-scale object storage. Implemented correctly, it provides a secure and serverless-friendly way to handle files.

Learn:

It works well in a serverless environment
Implemented correctly, it is a secure way to give access to protected content
It works for file uploads too

Free

Email course

Introductory

AWS S3 signed URLs email course

Learn how to implement a secure, robust, and serverless-friendly file distribution solution from this 8-part email course.

Why the serverless architecture needs a new way of handling files
How to use NodeJs backend to generate a signature
How to use the URL on the frontend to download files

If Mailchimp says you are already signed up to the list then update your profile by following the instructions and check the "S3 signed URLs" course checkbox.
If you subscribe to this course you also sign up to our mailing list (Why is that?).

Ebook

Comprehensive

AWS S3 signed URLs handbook

Dive deep into the technical details of implementing signed URLs. This book starts with the basics but covers the details so you'll know what is going on behind the scenes. It also covers the security aspect of each configuration.

Learn:

How signed URLs work with IAM to provide access control
How to use signed URLs with other AWS services, such as CloudFront and KMS
What are the security implications of using signed URLs

Get the book

Learn Terraform

Terraform allows you to describe the infrastructure just like you write code. With a recipe it uses the AWS APIs to automatically run and configure resources. With it, you can deploy and destroy your app even if it uses several AWS services in a fully automated way.

Run identical environments for easy experimentation
Clean up all associated resources automatically when they are not needed
Faster and safer than using the Console to manually set up resources

Video course

Deep dive

Manage AWS Lambda functions with Terraform

A Lambda function allows a lot of configuration but it's not easy to see just from the documentation which options are important and what is the best way to set them. Terraform also brings some complications into the mix, such as how to best define the code to upload to the Lambda service and how to attach permissions to the function.

This course walks you through the important parts of configuring a Lambda function and shows the consequences of each step

Learn:

How to define the name, the code, and the permissions for a function using best practices
What are the effects of each argument, such as how the memory setting affects CPU
How to run a build script from Terraform before deploying the stack

Get the course

Learn CloudFront

CloudFront is AWS's CDN solution that can speed up content delivery, especially when visitors are far from your servers. It utilizes a global network of edge locations connected by the AWS backbone, a dedicated web of fiber-optic cables providing faster connectivity.

Bring connections closer to users using the edge locations
Provide a single entry point for your architecture, allowing a single TCP connection to multiple backend services
Implement path-based routing
Utilize the proxy cache to eliminate the geographic effect for static content

Free

Email course

Introductory

CloudFront essentials email course

Learn how to take advantage of AWS's global content delivery infrastructure with the CloudFront service.

How CloudFront brings connections closer to visitors and make your webapp faster
How path-based routing works and how to configure it
How to cache content on the edge locations

If Mailchimp says you are already signed up to the list then update your profile by following the instructions and check the "CloudFront essentials" course checkbox.
If you subscribe to this course you also sign up to our mailing list (Why is that?).

Video course

Introductory

The cloud architect's guide to CloudFront

CloudFront configuration is based on origins that are your backend services, such as EC2 servers, API Gateways, or S3 buckets, and cache behaviors that are the configuration how the service handles an incoming request.

To successfully set up CloudFront, you need to understand how routing and caching works. This course walks you through each configuration options, and how they affect how the requests work.

Learn:

How to set up routing and caching properly
How to debug a CloudFront distribution
Use your own domain with a valid SSL certificate

Get the course

Learn asynchronous programming in Javascript

Asynchronous programming is everywhere in Javascript. Whenever you need to read a file from the filesystem, make a network request or use an external process, you can not use normal functions. Asynchronicity is event-based and that relies on callback functions. Async/await builds on Promises, which make it a lot easier to write async code.

Async functions make async/await a first-class citizen in the language
Promises allow a standardized and easy-to use abstraction over callbacks
Errors are propagated in async calls

Free

Email course

Introductory

Async functions in Javascript

Learn how to use async functions to write a modern and clean async workflow.

Learn:

How async functions work and how to use the await keyword
How to construct Promises
How error propagation works in an async environment

If Mailchimp says you are already signed up to the list then update your profile by following the instructions and check the "Async functions in Javascript" course checkbox.
If you subscribe to this course you also sign up to our mailing list (Why is that?).