Programming Archives

How to build a Leaderboard service with Momento: a step-by-step Guide

Many apps have leaderboards nowadays. From games to fitness apps that display step counts among friends. It’s a common way to gamify applications!

However, building a scalable leaderboard service can be challenging. A common approach is to model a leaderboard as a Redis sorted set, but that means managing infrastructure and paying for uptime for the Redis cluster.

Only if there’s a truly serverless caching solution that gives you pay-per-use pricing ;-)

Fine-grained access control in API Gateway with Cognito access token and scopes

API Gateway, AWS, Cognito, Security

In this post, we look at how you can implement fine-grained access control using Cognito access tokens and scopes. We will discuss the trade-offs of this approach and the cost implications of enabling Cognito’s Advanced Security Features (required for this approach to work).

Personally, I think this is too costly an approach and doesn’t offer enough upside in return.

Unless you’re using Advanced Security Features already, or your application has a high value per user (e.g. a B2B enterprise application), this approach may be difficult to justify in terms of return on investment.

Is it safe to use ID tokens with Cognito authorizers?

API Gateway, AWS, Cognito, Security

A common narrative is that one should always use access tokens to call your APIs, while ID tokens are strictly for identifying users.

But how much of that actually makes sense when you use Cognito authorizers with your API?

Are ID tokens inherently less secure?

What is the cost of using access tokens instead?

Ultimately, is it safe to use ID tokens, or should you switch to access tokens?

Fine-grained access control in API Gateway with Cognito groups & Lambda authorizer

API Gateway, AWS, Cognito, Security

Authentication and authorization are two distinct things.
API Gateway has built-in integration with Cognito, which handles authentication, but no fine-grained authorization.

There are many ways to implement a fine-grained authorization with API Gateway. In this new post, I will show you one of these ways and give you the pros & cons and when to use it.

This is a cost-efficient approach that leverages Cognito, but without needing its more expensive Advanced Security Features.

What’s the best way to do fan-out/fan-in serverlessly in 2024?

AWS, Serverless, Step Functions

Back in 2018, I shared several ways to implement fan-out/fan-in with Lambda. A lot has changed since, so let’s explore the solution space in 2024.

Remember, what’s “best” depends on your context. I will do my best to outline the trade-offs you should consider.

Do you know your Fan-Out/Fan-In from Map-Reduce?

AWS

Many students and clients have asked me how to implement Map-Reduce workloads serverlessly. In most cases, they are actually asking about Fan-Out/Fan-In!

At a glance, the two patterns look very similar and they are often used interchangeably in conversations. So in this post, let’s compare them and see how they differ.

CDK: how to customize 3rd-party L3 constructs

AWS, CDK, Programming

If you’re using CDK, you should use L3 constructs to encapsulate common patterns and best practices in your architecture.

However, sometimes you’d find a 3rd-party L3 construct that does most of what you want, but you need to customize how it configures some of its resources. That can be tricky because you don’t own the source code, and the construct author might not be willing to make the changes you want.

In this article, let me show you an easy and effective way to do this without having to clone and maintain a copy of the construct yourself.

I’m sorry, but the way you adopt serverless is wrong

AWS, Serverless

Here is the biggest mistake many teams make when they try to adopt serverless and why they ultimately fail.

Don’t make the same mistake.

AppSync’s new async Lambda resolver is great news for GenAI apps

AppSync, AWS, Serverless

AppSync now supports invoking Lambda resolvers asynchronously. This simplifies a common challenge in GenAI applications where we had to hand off the call to the LLM to a background function so we can stream the LLM response back to the caller.

How to handle execution timeouts in AWS Step Functions

AWS, Serverless, Step Functions

Step Functions lets you set a timeout on both Task states and the whole execution. By default, an execution can run for a year if TimeoutSeconds is not configured. To a user, the execution would appear as “stuck”. Which is why AWS best practices recommend using timeouts to avoid such scenarios. But once you have configured a timeout for the execution, it’s then important to consider what happens when you experience a timeout.

In this post, let’s explore 3 ways you can handle an execution timeout and use a Lambda function to perform automated remediation (e.g. applying rollbacks).