Serverless

How to invalidate Cognito-issued JWT tokens

API Gateway, AWS, Cognito, Lambda, Serverless

The ability to invalidate a user’s session with immediate effect is a common enterprise requirement.

However, this goes against how token-based authentication is designed to work. JWT tokens are stateless and are typically short-lived (for security reasons) but can be refreshed with refresh tokens.

So, is it possible to invalidate Cognito-issued JWT tokens?

The short answer is no.

The long answer is yes, you can achieve this effect with some work and some performance overhead.

How? Well, come in and find out!

Biggest pre:Invent 2024 serverless announcements

AWS, CloudFormation, Cognito, DynamoDB, Lambda, Serverless, Step Functions

DynamoDB cuts on-demand price by 50% Announcement DynamoDB has reduced on-demand pricing by 50% and global tables by up to 67%. Amazing! Lambda SnapStart is now available for Python and .Net Announcement Previously, SnapStart was only available for Java. It makes sense to add support for .Net. But why Python and not Node.js? I guess …

Biggest pre:Invent 2024 serverless announcements Read More »

Here is one of the most misunderstood aspects of AWS Lambda

AWS, Lambda, Serverless

One of the most misunderstood aspects of Lambda is how throttling applies to async invocations. Or rather, how it doesn’t!

The TL;DR is that you will never experience throttling when you invoke a function asynchronously.

It also means that despite SNS and EventBridge having longer retry periods than Lambda’s internal queue, these have no practical impact in the case of Lambda throttling.

Read the full post to understand why.

Should “serverless” just mean “function-as-a-service”?

AWS, Serverless

Gregor Hohpe said something that has me mulling over for some time now. Essentially, he asked, “Should we narrow the definition of serverless to mean just function-as-a-service (FaaS)?” “Serviceful” For context, I’m firmly in the “serverless means serviceful” camp: a) Serverless is a mindset: To leverage managed services to deal with undifferentiated heavy lifting so …

Should “serverless” just mean “function-as-a-service”? Read More »

How to handle execution timeouts in AWS Step Functions

AWS, Serverless, Step Functions

Step Functions lets you set a timeout on both Task states and the whole execution. By default, an execution can run for a year if TimeoutSeconds is not configured. To a user, the execution would appear as “stuck”. Which is why AWS best practices recommend using timeouts to avoid such scenarios. But once you have configured a timeout for the execution, it’s then important to consider what happens when you experience a timeout.

In this post, let’s explore 3 ways you can handle an execution timeout and use a Lambda function to perform automated remediation (e.g. applying rollbacks).

How to apply the TDD mindset to serverless

AWS, Serverless, Testing

Testing is an integral part of software development, and serverless is no different.

Test Driven Development, or TDD, is long regarded as a leading practice in software development. And yet, one of the most misunderstood parts of Test-Driven Development (TDD) is the “Driven” part of the name. It’s not just about “writing tests before you write the code”. If your tests do not inform and drive your API design, then you’re not really doing TDD.

In this post, let’s look at how we can apply the TDD mindset to serverless and use our tests to drive the design of our serverless application.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close