An interesting question came up on the AppSync Masterclass forum, and it highlights a common way you can get into CloudFormation circular dependencies. In the CloudFormation stack, there is an AppSync API, which uses a Cognito User Pool for authentication and authorization. When a user signs up, the app should fire an update on a …
How to work around CloudFormation circular dependencies Read More »
As a consultant, I have helped a lot of clients with their architecture and built a couple of serverless applications for clients from scratch. And the no. 1 question I get about serverless is around testing. “How should I test these cloud-hosted functions?” “Should I use local simulators?” “How do I run these in my …
AWS AppSync added support for Lambda authorizers on 30th July 2021 and it made it much easier to implement group-based authorization with 3rd party identity services. Group-based auth with AppSync and Cognito I previously wrote about how you can secure multi-tenant applications with AppSync and Cognito. Where you can use custom attributes to capture the tenant …
With API Gateway and Lambda, you can handle client errors gracefully by returning a 4xx response. module.exports.handler = async (event) => { // run validation logic return { statusCode: 400 } } This way, we can communicate clearly to the client that there’s a problem with its request. It also lets the Lambda invocation complete …
How to handle client errors gracefully with AppSync and Lambda Read More »
It’s been two years since I last wrote about Lambda layer and when you should use it. Most of the problem I discussed in that original post still stands: It makes it harder to test your functions locally. You will still need those dependencies to execute your function code locally as part of your tests. …
Lambda layer: not a package manager, but a deployment optimization Read More »
An interesting question came up in a conversation today: “How should I manage the Route53 DNS records in a multi-account environment?” Suppose you have configured an AWS Organization with different accounts for dev, staging and production environments. And you have registered the root domain for your application in the master AWS account. When working with …
How to manage Route53 hosted zones in a multi-account environment Read More »
In the last post I discussed my preferred approach for modelling multi-tenant applications with AppSync and Cognito. This approach supports the common requirements in these applications, where there are a number of distinct roles within each tenant. This approach (and others like it) works great when the tenants are isolated. But what if they are …
Building a custom IAM system has made me appreciate AWS IAM even more Read More »
Thank you to Josh for asking this question on the AppSync Masterclass forum. His original question goes like this: Let’s say I want to add a one-to-many relationship from Profile to a new property called “Tag” (a complex object with “name” and “color” properties) so a user can define their own Tags. I would also like a …
How to model one-to-many relationships with AppSync and DynamoDB Read More »
One of the most common questions I get is “How do I build a multi-tenant application with AppSync and Cognito?”. If you google this topic on the internet you will no doubt come across many different opinions. It’s a topic that we’ll soon explore in the AppSync Masterclass but I want to take this opportunity …
How to secure multi-tenant applications with AppSync and Cognito Read More »
In light of recent news of Okta’s pending acquisition of Auth0 there’s been renewed discussion about where Amazon Cognito fits into the picture. It’s a question my clients often ask me, so here are my two cents. The case for Cognito Integration with other AWS services Cognito’s tight integration with other AWS services such as API Gateway, …
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.
