Group-based auth with AppSync Lambda authoriser

AWS AppSync added support for Lambda authorizers on 30th July 2021 and it made it much easier to implement group-based authorization with 3rd party identity services. Group-based auth with AppSync and Cognito I previously wrote about how you can secure multi-tenant applications with AppSync and Cognito. Where you can use custom attributes to capture the tenant …

Group-based auth with AppSync Lambda authoriser Read More »

How to handle client errors gracefully with AppSync and Lambda

With API Gateway and Lambda, you can handle client errors gracefully by returning a 4xx response. module.exports.handler = async (event) => { // run validation logic return { statusCode: 400 } } This way, we can communicate clearly to the client that there’s a problem with its request. It also lets the Lambda invocation complete …

How to handle client errors gracefully with AppSync and Lambda Read More »

Lambda layer: not a package manager, but a deployment optimization

It’s been two years since I last wrote about Lambda layer and when you should use it. Most of the problem I discussed in that original post still stands: It makes it harder to test your functions locally. You will still need those dependencies to execute your function code locally as part of your tests. …

Lambda layer: not a package manager, but a deployment optimization Read More »

How to manage Route53 hosted zones in a multi-account environment

An interesting question came up in a conversation today: “How should I manage the Route53 DNS records in a multi-account environment?” Suppose you have configured an AWS Organization with different accounts for dev, staging and production environments. And you have registered the root domain for your application in the master AWS account. When working with …

How to manage Route53 hosted zones in a multi-account environment Read More »

Building a custom IAM system has made me appreciate AWS IAM even more

In the last post I discussed my preferred approach for modelling multi-tenant applications with AppSync and Cognito. This approach supports the common requirements in these applications, where there are a number of distinct roles within each tenant. This approach (and others like it) works great when the tenants are isolated. But what if they are …

Building a custom IAM system has made me appreciate AWS IAM even more Read More »

How to model one-to-many relationships with AppSync and DynamoDB

Thank you to Josh for asking this question on the AppSync Masterclass forum. His original question goes like this: Let’s say I want to add a one-to-many relationship from Profile to a new property called “Tag” (a complex object with “name” and “color” properties) so a user can define their own Tags. I would also like a …

How to model one-to-many relationships with AppSync and DynamoDB Read More »

How to secure multi-tenant applications with AppSync and Cognito

One of the most common questions I get is “How do I build a multi-tenant application with AppSync and Cognito?”. If you google this topic on the internet you will no doubt come across many different opinions. It’s a topic that we’ll soon explore in the AppSync Masterclass but I want to take this opportunity …

How to secure multi-tenant applications with AppSync and Cognito Read More »

The case for and against Amazon Cognito

In light of recent news of Okta’s pending acquisition of Auth0 there’s been renewed discussion about where Amazon Cognito fits into the picture. It’s a question my clients often ask me, so here are my two cents. The case for Cognito Integration with other AWS services Cognito’s tight integration with other AWS services such as API Gateway, …

The case for and against Amazon Cognito Read More »

How to configure environment specific parameters with Vue.js and Amplify

When you start a new Vue.js project that needs to interface with APIs running in AWS, there’s a good chance you will have these lines of code: import Amplify from ‘aws-amplify’ Amplify.configure({ Auth: { region: ‘us-east-1’, userPoolId: ‘xxx’, userPoolWebClientId: ‘xxx’, mandatorySignIn: true } }) These few lines of code let you use the aws-amplify library …

How to configure environment specific parameters with Vue.js and Amplify Read More »

Weekly update 49

Hi, welcome to another weekly update! Real-World Serverless podcast Since the last update, we have had quite a few new episodes, covering a wide range of topics: #41: The future of JVM on Lambda with Vadym Kazulkin #42: Real-World Serverless with Ant Stanley (part 1) #43: Real-World Serverless with Ant Stanley (part 2) #44: Real-World …

Weekly update 49 Read More »

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close