Lambda

How to invalidate Cognito-issued JWT tokens

The ability to invalidate a user’s session with immediate effect is a common enterprise requirement.

However, this goes against how token-based authentication is designed to work. JWT tokens are stateless and are typically short-lived (for security reasons) but can be refreshed with refresh tokens.

So, is it possible to invalidate Cognito-issued JWT tokens?

The short answer is no.

The long answer is yes, you can achieve this effect with some work and some performance overhead.

How? Well, come in and find out!

Biggest pre:Invent 2024 serverless announcements

DynamoDB cuts on-demand price by 50% Announcement DynamoDB has reduced on-demand pricing by 50% and global tables by up to 67%. Amazing! Lambda SnapStart is now available for Python and .Net Announcement Previously, SnapStart was only available for Java. It makes sense to add support for .Net. But why Python and not Node.js? I guess …

Biggest pre:Invent 2024 serverless announcements Read More »

Here is one of the most misunderstood aspects of AWS Lambda

One of the most misunderstood aspects of Lambda is how throttling applies to async invocations. Or rather, how it doesn’t!

The TL;DR is that you will never experience throttling when you invoke a function asynchronously.

It also means that despite SNS and EventBridge having longer retry periods than Lambda’s internal queue, these have no practical impact in the case of Lambda throttling.

Read the full post to understand why.

When to use Step Functions vs. doing it all in a Lambda function

I’m a big fan of Step Functions, but it’s yet another AWS service you must learn and pay for.

It also introduces additional complexities. My application is harder to test; my business logic is split between configuration (ASL) and code; and I have new decision points, such as whether to use Express Workflows or Standard Workflows.

So it’s fair to ask, “Why should we even bother with Step Functions?”. Why not just do everything in code, inside a Lambda function?

Let’s break down the pros and cons and look at the trade-offs of each.

When to use API Gateway vs. Lambda Function URLs

“Lambdalith” is a monolithic approach to building serverless applications where a single Lambda function serves an entire API, instead of having one function per endpoint. It’s an increasingly popular approach and provides portability between Lambda and containers and lets you use familiar web frameworks.

Tools like the AWS Lambda Web Adapter have made this approach more accessible, and it also works well with Lambda Function URLs.

But don’t be too hasty to get rid of API Gateway just yet!

In this post, let’s look at the pros and cons of API Gateway vs. Lambda Function URLs, and let me explain why I still prefer API Gateway.

What’s the best way to migrate Cognito users to a new user pool?

The challenge with a Cognito User Pool migration is that the user password cannot be extracted from Cognito. This is a good thing. It shows that Cognito follows security best practices and does not store user passwords in plain text.

But it makes our lives more difficult during a Cognito User Pool migration.

In this post, let’s consider three approaches for migrating users to a new Cognito User Pool.

The one mistake everyone makes when using Kinesis with Lambda

AWS Kinesis and Lambda are a great combo for processing large amounts of data in real-time. However, there’s a common oversight that many developers make when integrating these two services. There are established best practices for configuring Lambda’s EventSourceMapping [1] for Kinesis: Configure an OnFailure destination for failed records. Enable BisectBatchOnFunctionError. Override MaximumRetryAttempts. Choose a …

The one mistake everyone makes when using Kinesis with Lambda Read More »

Amplify: how to share code without Lambda Layers or private NPM

Sharing code efficiently across different parts of an application can be challenging with AWS Lambda, especially when using Amplify. Today, I’ll walk you through a solution to this common problem, without relying on Lambda Layers or private NPM repositories. The Context In my previous post about Lambda Layers [1], I delved into its limitations, especially …

Amplify: how to share code without Lambda Layers or private NPM Read More »

How I built an affiliate tracking system in a weekend with serverless

Having taught thousands of students to build serverless applications via my online courses and workshops, I felt it was time to kick-start an affiliate program to boost sales. Affiliates would receive 50% of the revenue and get a 15% discount code for their audience. It feels like a good deal but I would need a …

How I built an affiliate tracking system in a weekend with serverless Read More »

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close