AWS

Fine-grained access control in API Gateway with Cognito groups & Lambda authorizer

API Gateway, AWS, Cognito, Security

Authentication and authorization are two distinct things.
API Gateway has built-in integration with Cognito, which handles authentication, but no fine-grained authorization.

There are many ways to implement a fine-grained authorization with API Gateway. In this new post, I will show you one of these ways and give you the pros & cons and when to use it.

This is a cost-efficient approach that leverages Cognito, but without needing its more expensive Advanced Security Features.

Do you know your Fan-Out/Fan-In from Map-Reduce?

AWS

Many students and clients have asked me how to implement Map-Reduce workloads serverlessly. In most cases, they are actually asking about Fan-Out/Fan-In!

At a glance, the two patterns look very similar and they are often used interchangeably in conversations. So in this post, let’s compare them and see how they differ.

CDK: how to customize 3rd-party L3 constructs

AWS, CDK, Programming

If you’re using CDK, you should use L3 constructs to encapsulate common patterns and best practices in your architecture.

However, sometimes you’d find a 3rd-party L3 construct that does most of what you want, but you need to customize how it configures some of its resources. That can be tricky because you don’t own the source code, and the construct author might not be willing to make the changes you want.

In this article, let me show you an easy and effective way to do this without having to clone and maintain a copy of the construct yourself.

How to handle execution timeouts in AWS Step Functions

AWS, Serverless, Step Functions

Step Functions lets you set a timeout on both Task states and the whole execution. By default, an execution can run for a year if TimeoutSeconds is not configured. To a user, the execution would appear as “stuck”. Which is why AWS best practices recommend using timeouts to avoid such scenarios. But once you have configured a timeout for the execution, it’s then important to consider what happens when you experience a timeout.

In this post, let’s explore 3 ways you can handle an execution timeout and use a Lambda function to perform automated remediation (e.g. applying rollbacks).

How to apply the TDD mindset to serverless

AWS, Serverless, Testing

Testing is an integral part of software development, and serverless is no different.

Test Driven Development, or TDD, is long regarded as a leading practice in software development. And yet, one of the most misunderstood parts of Test-Driven Development (TDD) is the “Driven” part of the name. It’s not just about “writing tests before you write the code”. If your tests do not inform and drive your API design, then you’re not really doing TDD.

In this post, let’s look at how we can apply the TDD mindset to serverless and use our tests to drive the design of our serverless application.

DynamoDB now supports cross-account access. But is that a good idea?

AWS, DynamoDB, Security

DynamoDB now supports resource-based policies, which simplified cross-account access to tables.

But just because you can, doesn’t mean you should!

Cross-account access to DynamoDB tables is almost always a smell. But as with everything, there are exceptions and edge cases. You should think carefully before you use resource-based policies to enable cross-account access to your DynamoDB tables.

In this post, let’s explore some legitimate use cases for cross-account access to DynamoDB tables.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close