How to target subscribers in an SNS topic

03 December 2019, Tamás Sallai
Let’s say you have a monitoring app that pings customers’ pages and sends a notification when there is a problem. In AWS, the service for notifications is SNS, where you create a topic, customers subscribe to it, then you can push messages to the topic.
Read more

How CloudFront solves CORS problems

26 November 2019, Tamás Sallai
Let’s consider a fairly typical serverless setup! There is an S3 bucket containing the static files of the frontend code (SPA, typically) and an API behind an API Gateway. The problem is that they are under different domains, which becomes apparent during the first call to the API:
Read more

How to setup CORS for Lambda Proxy integration

19 November 2019, Tamás Sallai
The URL of an API behind API Gateway is in the form of https://.execute-api..amazonaws.com, but your users are usually using a different URL to get your frontend. This can be a website hosted from an S3 bucket, a CloudFront distribution, or something entirely different. But since the domains are different, calling the API is a cross-origin request that requires CORS headers, most apparent from this error:
Read more

Is Access-Control-Allow-Origin: * insecure?

12 November 2019, Tamás Sallai
CORS headers come into play when a client makes a cross-origin request. In that case, the server must indicate that it allows the cross-origin operation otherwise the browser will reject the request. The two important points are that the target server must allow the operation and the client’s browser enforces it.
Read more

Editors' Favourites
CloudFormation CLI workflows
Despite my ambivalent feeling about CloudFormation I use it a lot, but managing stacks through the Console is a pain. Fortunately, this service enjoys the same CLI support most other ones do, so it is just a matter of scripting to make it more developer-friendly.
AWS: How to secure access keys with MFA
One of the most catastrophic of the AWS account security breaches is not sophisticated hacking involving 0-day vulnerabilities traded on the deep web by high-profile hackers. It is when you post your access and secret keys in plain text to the public. After all, it’s so easy to test with some hard-coded keys and accidentally push it to the VCS.
A categorized list of all Java and JVM features since JDK 8
Since the release of version 8, up to version 11, Java is shaped by 120 JDK Enhancement Proposals (JEPs), each of which brings some improvement to the platform. I’ve decided to read them and create a concise, categorized list from the improvements.
How to use S3 signed URLs with CloudFront
S3 signed URLs provide fine control over who can access private resources. It is flexible regarding both the permission side and also on the ease of automation.