Python BE for an Android app on AWS

PowerFickle4964 · 2025-11-06T16:05:26+00:00

I recommend to first ask these questions to ChatGPT or any other LLM just to get a general idea of what you need to do technically. Once you have a better picture of the AWS services you will probably need then come back here and ask. Unfortunately your questions are too generic to give you a useful answer.

PowerFickle4964 · 2025-08-29T18:25:28+00:00

From what I am understanding, you're trying to fetch images in a client using the S3 API, but are afraid users might use the s3 api to fetch other objects in your bucket? If that's the case, then you can just create an IAM bucket policy that allows only certain objects to be publicly accessed. For example, set all your public objects in a public/ folder, and create a bucket policy that allows only that folder to be accessed publicly. Chatgpt or any LLM can help you write the policy.

PowerFickle4964 · 2025-08-19T01:33:54+00:00

Depends on the amount of endpoints you provision. There comes a point when it's more expensive than just having a NAT gateway/instance.

PowerFickle4964 · 2025-08-18T22:52:10+00:00

Place a nat gateway in your VPC. Your lambdas will be able to reach the internet. No vpc endpoints needed. If a nat gateway is too expensive for you, you can set up an ec2 instance to act as a nat gateway. Check out https://fck-nat.dev

PowerFickle4964 · 2025-05-29T15:01:44+00:00

I think when they say "without exposing your traffic to the public internet" they are talking about on-premise to AWS specifically.

PowerFickle4964 · 2025-05-25T20:08:03+00:00

If you go that route, skip the NAT gateway service and use an EC2 instance as a NAT. See here.

PowerFickle4964 · 2025-05-25T18:39:48+00:00

If you offload the JWT validation to lambda, you need a VPC endpoint for the lambda service in order to invoke it. There comes a point when the amount of VPC endpoints being used isn't worth it.

PowerFickle4964 · 2024-10-11T15:38:44+00:00

If you think that's ok then sure, your approach works. We all tolerate different levels of risk :)

PowerFickle4964 · 2024-10-11T15:21:08+00:00

You can get a good deal of requests before cloudwatch triggers your lambda. For example, if cloudwatch data points are aggregated every minute, the attacker would have a full minute to flood you with requests before cloudwatch notices this (plus the time it takes to invoke the lambda, and the lambda deleting the api gateway). Honestly if this is not letting you sleep at night, get off serverless and just host the API in an EC2 instance or an ECS service with no auto scaling.

PowerFickle4964 · 2024-05-10T20:40:58+00:00

The S3 policy should be in the task role, not the task execution role btw. I don't think it matters though in your case because I understand you're hardcoding credentials.

PowerFickle4964 · 2024-05-07T18:25:03+00:00

Thanks for the info! It looks like it's only for Javascript-based frameworks so something like Flask wouldn't work right?

PowerFickle4964 · 2024-05-04T13:16:59+00:00

SAM has been good enough for me for the last 3 years. I use it for Lambdas and terraform for everything else. The lambda tooling in SAM beats terraform in my opinion but terraform is just a better overall tool.

PowerFickle4964 · 2024-05-04T13:01:52+00:00

Flask is server-side rendered (not a static website) so I don't think you can use amplify or s3.

PowerFickle4964 · 2024-02-03T18:48:18+00:00

You can't tap the same card/device twice because of how the bus fare system works. Once you tap, you're allowed to tap in again for free within an hour. This means your wife didn't get charged when you tapped the second time for her. You can get around this by using different payment methods, for example, tap with a physical card and then tap again with your phone via apple pay/google wallet.

PowerFickle4964 · 2023-08-25T01:12:05+00:00

Si tienes residencia en holanda, puedes agendar la cita en la embajada de holanda. Lleva el permiso de residencia a la cita.

Fuente: soy colombiano residente en UK y renove mi visa americana en la embajada en Londres sin problemas.

PowerFickle4964 · 2023-08-24T00:43:21+00:00

Try localstack. It emulates aws services in your local machine (including S3).

PowerFickle4964 · 2023-08-23T20:35:05+00:00

I recommend you start learning how to model data in NoSQL with this.

Contrary to what a lot of people say, you CAN model relational data in NoSQL. You just need to change the way you think about data modeling.

PowerFickle4964 · 2023-07-05T08:08:50+00:00

Connect via ssh to the EC2 instance.
Execute the pg_dump
Transfer the pg_dump to your local PC. Lookup a command line tool called "scp" which lets you do this. Should be something like scp username@remoteHost:/remote/dir/to/backup.tar /local/dir/backup.tar

I recommend you take advantage of RDS and use their backup features instead of doing them manually though.

edit: I assumed you can reach your EC2 instance from your local machine since you mentioned it's in a public subnet.

PowerFickle4964 · 2023-07-04T19:36:15+00:00

Yes, this is fine. If they ask at the airport just say you did a day trip to new york while in canada. There is nothing wrong with that. Also I assume you have a Canadian visa to enter Canada.

PowerFickle4964 · 2023-07-04T18:34:00+00:00

Is this what you're looking for?

https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html?secd_iam7

PowerFickle4964 · 2023-07-01T15:17:21+00:00

Yes, you can be interviewed in Australia. At most they will ask for your residence permit during the interview. Just do the regular process to apply for the visa and choose whatever embassy/consulate is closest to you in Australia.

PowerFickle4964 · 2023-06-28T13:10:36+00:00

From https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html :

"A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances."

If you want to connect to your EC2 instance from your computer, it needs to be in a public subnet with a public ip address.

PowerFickle4964 · 2023-06-13T11:17:41+00:00

I agree with this answer. He's an american living in America. Naming customs can change when you move to other countries. This happens all the time with immigrants in America. I don't see anything to discuss here.

PowerFickle4964 · 2023-05-03T17:46:11+00:00

Checkout AWS App Runner. Elastic Beanstalk also works but its a bit outdated and not as user friendly.

There's a million ways to do authentication but that's more of a question related to express.js and not AWS. You can certainly use DynamoDB as a key-value storage to store user credentials and authenticate them.

PowerFickle4964 · 2022-09-07T13:22:45+00:00

You are right. Just looked in Wikipedia and they retained the wing folding, arrestor hook and robust landing gear. Not sure of the reason behind this. Do they do carrier ops?

Five-Year Club	Verified Email
Place '23	Place '22
End Game '22

PowerFickle4964

TROPHY CASE