You don’t need network security to keep your DynamoDB data safe. However, adding network security on top of IAM authentication and authorization is not a bad thing. Sometimes, it’s even necessary to meet regulatory requirements.
In this post, let’s see how to put DynamoDB in VPC so your data can only be accessed from within a VPC. We will look at what works best for feature teams and what works best for platform teams.
In this post, let’s discuss a radical idea – if the API layer is not adding any value besides authentication and calling the AWS SDK, then why not just remove it and let the frontend talk to your AWS resources directly? It will be the cheapest way to build a full-stack application, and there are similar precedents in the IoT space already.
It’s not the way that I’d recommend for most of you. But it’s possible to do it safely so that a user can only access his/her data. All you need is a little bit of IAM policy and a Cognito Identity Pool.
Performing a database migration while continuing to serve user requests can be challenging. It’s a question that many students have asked during the Production-Ready Serverless [1] workshop. So here’s my tried-and-tested approach to migrating a live service to a new database without downtime. I’m going to use DynamoDB as an example, but it should work …
How to perform database migration for a live service with no downtime Read More »
AWS Kinesis and Lambda are a great combo for processing large amounts of data in real-time. However, there’s a common oversight that many developers make when integrating these two services. There are established best practices for configuring Lambda’s EventSourceMapping [1] for Kinesis: Configure an OnFailure destination for failed records. Enable BisectBatchOnFunctionError. Override MaximumRetryAttempts. Choose a …
The one mistake everyone makes when using Kinesis with Lambda Read More »
A month ago, I shared how I built an affiliate tracking system in a weekend [1]. Since then, I’ve enhanced the system by integrating analytics reporting, enabling affiliates to gauge the performance of their URLs. This post will describe how the system works and why I chose Amazon Timestream over DynamoDB. How it works 1. …
How I implemented web analytics reporting with Amazon Timestream Read More »
The Serverless Framework remains a top choice for serverless development, as evidenced by the recent State of Serverless report [1]. Yet, its appeal has waned over time due to the lack of innovation in recent years, prompting users to explore other options. Recently, they announced [2] significant updates for Serverless v4: Fees will be introduced …
Serverless v4 will start charging users, but that’s a good thing Read More »
Sharing code efficiently across different parts of an application can be challenging with AWS Lambda, especially when using Amplify. Today, I’ll walk you through a solution to this common problem, without relying on Lambda Layers or private NPM repositories. The Context In my previous post about Lambda Layers [1], I delved into its limitations, especially …
Amplify: how to share code without Lambda Layers or private NPM Read More »
Having taught thousands of students to build serverless applications via my online courses and workshops, I felt it was time to kick-start an affiliate program to boost sales. Affiliates would receive 50% of the revenue and get a 15% discount code for their audience. It feels like a good deal but I would need a …
How I built an affiliate tracking system in a weekend with serverless Read More »
It’s a good practice to use CloudFormation’s deletion policy to protect stateful resources such as DynamoDB tables or RDS databases from accidental deletions. Such as when someone accidentally deletes a CloudFormation stack! As I discussed previously [1], this is a much better way to guard against these accidental data losses than separating stateful and stateless …
CloudFormation: How to set Deletion Policy to Retain for production only? Read More »
Many vendors require you to have a static IP address for your application. Such that all requests to their API must originate from an allow-list of IP addresses. This means we need to force egress traffic from our Lambda functions through a static IP address. Sometimes, they even mandate that you use a static IP …
Static IP for Lambda: ingress, egress and bypassing the dreaded NAT Gateway Read More »
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.