Versioning an API built with API Gateway and Lambda isn’t as straightforward as it sounds.
You need to support multiple live versions without piling up technical debt or duplicating infrastructure.
In this post, we look at practical strategies for managing API versions – from duplicating functions to routing by headers – and weigh the trade-offs so you can choose the right approach for your team.
“Lambdalith” refers to deploying monolithic applications using AWS Lambda. This is typically associated with (but not limited to) building serverless APIs.
With a Lambdalith, a single Lambda function handles all the routes in an API. You can use Lambda Function URLs [1] or put the function behind a greedy path in API Gateway.
This contrasts with the “function per endpoint” approach, where a different Lambda function handles each API route.
Lambdaliths has been the source of intense debate in the serverless community. While I generally prefer the “function per endpoint” approach, I have adopted Lambdaliths where it makes sense.
In this post, let’s discuss the pros and cons of Lambdaliths and the nuances that are often overlooked.
The ability to invalidate a user’s session with immediate effect is a common enterprise requirement.
However, this goes against how token-based authentication is designed to work. JWT tokens are stateless and are typically short-lived (for security reasons) but can be refreshed with refresh tokens.
So, is it possible to invalidate Cognito-issued JWT tokens?
The short answer is no.
The long answer is yes, you can achieve this effect with some work and some performance overhead.
How? Well, come in and find out!
In this post, we look at how you can implement fine-grained access control using Cognito access tokens and scopes. We will discuss the trade-offs of this approach and the cost implications of enabling Cognito’s Advanced Security Features (required for this approach to work).
Personally, I think this is too costly an approach and doesn’t offer enough upside in return.
Unless you’re using Advanced Security Features already, or your application has a high value per user (e.g. a B2B enterprise application), this approach may be difficult to justify in terms of return on investment.
A common narrative is that one should always use access tokens to call your APIs, while ID tokens are strictly for identifying users.
But how much of that actually makes sense when you use Cognito authorizers with your API?
Are ID tokens inherently less secure?
What is the cost of using access tokens instead?
Ultimately, is it safe to use ID tokens, or should you switch to access tokens?
Authentication and authorization are two distinct things.
API Gateway has built-in integration with Cognito, which handles authentication, but no fine-grained authorization.
There are many ways to implement a fine-grained authorization with API Gateway. In this new post, I will show you one of these ways and give you the pros & cons and when to use it.
This is a cost-efficient approach that leverages Cognito, but without needing its more expensive Advanced Security Features.
There are many ways you can implement WebSockets with serverless technologies nowadays.
In this post, let’s explore five options – API Gateway, AppSync, AppSync Events, IoT Core and Momento Topics. We will look at how they work, their pricing model and compare them.
“Lambdalith” is a monolithic approach to building serverless applications where a single Lambda function serves an entire API, instead of having one function per endpoint. It’s an increasingly popular approach and provides portability between Lambda and containers and lets you use familiar web frameworks.
Tools like the AWS Lambda Web Adapter have made this approach more accessible, and it also works well with Lambda Function URLs.
But don’t be too hasty to get rid of API Gateway just yet!
In this post, let’s look at the pros and cons of API Gateway vs. Lambda Function URLs, and let me explain why I still prefer API Gateway.
Having taught thousands of students to build serverless applications via my online courses and workshops, I felt it was time to kick-start an affiliate program to boost sales. Affiliates would receive 50% of the revenue and get a 15% discount code for their audience. It feels like a good deal but I would need a …
How I built an affiliate tracking system in a weekend with serverless Read More »
I previously wrote about five reasons you should consider AppSync over API Gateway. One thing that API Gateway supports but you can’t do with AppSync out-of-the-box yet is custom domain names. Your shiny new AppSync API is available at XYZ.appsync-api.us-east-1.amazonaws.com/graphql, but you really want people to use your own domain instead because dev.example.com/graphql is much …
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.