Security

How to create Private DynamoDB tables accessible only within a VPC

DynamoDB is a fully managed NoSQL database service known for its low latency and high scalability. Like most other AWS services, it’s protected by AWS IAM. So, despite being a publically accessible service, your data is secure. Conversely, zero-trust networking tells us we should always authenticate the caller and shouldn’t trust someone just because they’re …

How to create Private DynamoDB tables accessible only within a VPC Read More »

The Old Faithful: Why SSM Parameter Store still reigns over Secrets Manager

Managing and securing application secrets is a crucial part of any cloud-native application. AWS offers two primary services: the Systems Manager (SSM) Parameter Store and the more recent Secrets Manager. You might think Secrets Manager is the better choice for managing secrets because it’s a newer service and offers more advanced features such as cross-region …

The Old Faithful: Why SSM Parameter Store still reigns over Secrets Manager Read More »

Implementing Magic Links with Amazon Cognito: A Step-by-Step Guide

Last week, we looked at implementing passwordless authentication using one-time passwords (OTPs) using Cognito [1]. Another popular passwordless authentication method is magic links where: The user initiates the sign-in process by entering their email in your application. They receive an email with a time-limited URL. The user clicks on the URL and is authenticated into …

Implementing Magic Links with Amazon Cognito: A Step-by-Step Guide Read More »

Passwordless Authentication made easy with Cognito: a step-by-step guide

Password-based authentication has long been the norm for securing user accounts. However, it is becoming increasingly clear that password-based authentication has several drawbacks. Such as the risk of password theft, the need for users to remember complex passwords, and the time and effort required to reset forgotten passwords. Fortunately, more and more websites have started …

Passwordless Authentication made easy with Cognito: a step-by-step guide Read More »

Yes, S3 now encrypts objects by default, but your job is not done yet

Update 06/04/2023: AWS announced that S3 now enables the “block public access” and “disable ACL” settings for all new buckets. It’s great to see these being enabled by default. But the points I raised in the post still stand. The default encryption (SSE-S3) only protects against situations when someone has stolen data from AWS servers/disks …

Yes, S3 now encrypts objects by default, but your job is not done yet Read More »

Group-based auth with AppSync Lambda authoriser

AWS AppSync added support for Lambda authorizers on 30th July 2021 and it made it much easier to implement group-based authorization with 3rd party identity services. Group-based auth with AppSync and Cognito I previously wrote about how you can secure multi-tenant applications with AppSync and Cognito. Where you can use custom attributes to capture the tenant …

Group-based auth with AppSync Lambda authoriser Read More »

The API Gateway security risk you need to pay attention to

When you deploy an API to API Gateway, throttling is enabled by default in the stage configurations. By default, every method inherits its throttling settings from the stage. Having built-in throttling enabled by default is great. However, the default method limits – 10k req/s with a burst of 5000 concurrent requests – matches your account …

The API Gateway security risk you need to pay attention to Read More »

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close