קטגוריה: Serverless Code

Serverless and AWS Lambda Tips and Tools

  1. Use services that allow integration of feature flags through out your application to dynamically test, activate or suspend features that (some) your users should be using. Here is one such service: https://github.com/launchdarkly/featureflags/blob/master/README.md
  2. Track your external libraries through services that can alert of issues or vulnerabilities in those libraries – here is one such service called "Synk" – https://serverless.com/blog/4-ways-to-secure-prevent-vulnerabilities-in-serverless-applications/
  3. Store all your external libraries as a local copy in your internal repositories so that your are not affected by mistakes or vulnerabilities that affect the public code repositories ( such as NPM public repository for java – see details here on how it badly affected many applications https://www.theregister.co.uk/AMP/2016/03/23/npm_left_pad_chaos/ )
  4. Using a bigger memory tier could cause allocation of better CPU allocation which can bring your transaction processing speed from seconds to sub seconds
  5. Monitor performance metrics of your application to determine when it changed and why
  6. You must monitor for errors in your code. Don't assume its working well
  7. Using Lambda inside VPC requires attention to security groups same as for an EC2 instance
  8. Make sure your Lambda function has the least privileges required in its IAM policy
  9. AWS Toolkit for Eclipse: Support for Creating Maven Projects for AWS, Lambda, and Serverless Applications http://bit.ly/2muxucL

AWS IAM Nirvana: AWS API Gateway hooks with AWS Lambda and IAM

What I liked:

  1. Complete walk through AWS Cognito flow: Authorise with DynamoDB, ask Cognito for token and ID, ask Cognito for AWS credentials derived from an AWS role that lasts an hour.
  2. Independent IAM checkup that is run by AWS: The APP tries to act without running any authorisation logic in itself. The authorization logic is embedded in the AWS policy on each resource the APP tries to reach and cross checked with the AWS role the session got via Cognito.
  3. Strong anti data theft system: The access policy allows access to items only if the item's user ID attribute matches the current Cognito session ID. So user A cannot dump details of user B…
  4. AWS API Gateway can automatically create a client SDK based on your app for many program languages.
  5. You can hide the fact your SDK uses AWS credentials.
  6. Integration with Swagger.io as a source repository for API document spec.