Yan Cui articles - 133 total
Is it safe to use ID tokens with Cognito authorizers?
A common narrative is that one should always use access tokens to call your APIs, while ID tokens are...
Fine-grained access control in API Gateway with Cognito groups & Lambda authorizer
In security and access control, authentication and authorization mean two distinct but related...
What’s the best way to do fan-out/fan-in serverlessly in 2024?
Back in 2018, I shared [1] several ways to implement fan-out/fan-in with Lambda. A lot has changed...
How to handle execution timeouts in AWS Step Functions
Step Functions lets you set a timeout on Task states and the whole execution. By default, a Task...
How to apply the TDD mindset to serverless
Testing is an integral part of software development. Your tests are a living documentation of your...
Here are four ways you can implement WebSockets using serverless
The myth that “you can’t do WebSockets with serverless” still persists today, even though we have...
DynamoDB now supports resource-based policies. But is that a good idea?
DynamoDB announced support for resource-based policies [1] a few days ago. It makes cross-account...
When to use Step Functions vs. doing it all in a Lambda function
I’m a big fan of AWS Step Functions. I use it to orchestrate all sorts of workflows, from payment...
When to use API Gateway vs. Lambda Function URLs
“Lambdalith” is a monolithic approach to building serverless applications where a single Lambda...
First impressions of the fastest JavaScript runtime for Lambda
I thought Lambda needed a specialised runtime. One that works well with its resource-constraint...
What’s the best way to migrate Cognito users to a new user pool?
I shared on Linkedin [1] the other day that you should avoid using Cognito subs as the user ID for...
How to secure CI/CD roles without burning production to the ground
By now, most of us have moved away from using IAM users for CI/CD pipelines. Instead, we’d use...
First impressions of CloudFormation’s IaC generator and CDK migrate
CloudFormation recently announced the IaC generator [1]. It lets you: Scan your AWS account and...
How would you reprocess Lambda dead-letter queue messages on demand?
Imagine this… You have followed AWS best practices and set up a dead-letter queue (DLQ) or an...
How to create Private DynamoDB tables accessible only within a VPC
DynamoDB is a fully managed NoSQL database service known for its low latency and high...
Year in review, 2023
2023 has been a bittersweet year. It started with unpleasant medical news and the subsequent...
Direct Access for Frontend Apps to AWS Services: Secure and Cost-Effective
Lean manufacturing focuses on minimizing waste while simultaneously maximizing productivity. If you...
How to perform database migration for a live service with no downtime
Migrating the database while continuing to serve user requests can be challenging. It’s a question...
The one mistake everyone makes when using Kinesis with Lambda
AWS Kinesis and Lambda are a great combo for processing large amounts of data in real-time. However,...
How I implemented web analytics reporting with Timestream
A month ago, I shared how I built an affiliate tracking system in a weekend [1]. Since then, I’ve...
Serverless v4 will start charging users, but that’s a good thing
The Serverless Framework remains a top choice for serverless development, as evidenced by the recent...
Amplify: how to share code without Lambda Layers or private NPM
Sharing code efficiently across different parts of an application can be challenging with AWS Lambda,...
How I built an affiliate tracking system in a weekend with serverless
Having taught thousands of students to build serverless applications via my online courses and...
Help! How do I set DeletionPolicy to Retain for production only?
It’s a good practice to use CloudFormation’s DeletionPolicy to protect stateful resources such as...
Monthly roundup – September 2023
Hi, here’s a quick round-up of everything I have done in September 2023. Podcast The...
Static IP for Lambda: ingress, egress and bypassing the dreaded NAT Gateway
Many vendors require you to have a static IP address for your application. Such that all requests to...
Combine Step Functions Standard and Express workflows for fun & profit
Step Functions’ state machines come in two flavours. By understanding their strengths and...
Monthly roundup – August 2023
Hi, here’s a quick round-up of everything I have done in August 2023. Real-World Serverless...
What’s the most serverless way to wait for a slow HTTP response?
During the last cohort of my Production-Ready Serverless workshop, a student asked: If I have to...
SNS to Lambda or SNS to SQS to Lambda, what are the trade-offs?
I had a really good question from one of my students at the Production-Ready Serverless workshop the...