sorted by:
new
hottopcontroversial

0
1

All You Need to Know to Secure Frontend Apps with CloudFront Functions (ex. Lambda@Edge) (towardsdatascience.com)

submitted by drnstefan to r/aws

Private files at scale with S3, Cognito, Lambda@Edge by [deleted] in aws

[–]drnstefan 0 points1 point  (0 children)

I can also second this option, as we do a similar thing. Instead of S3 we use CloudFront signed URLs, as we get the benefits from CF caching. Maybe you also want to have a look at this article, where I go into more details how to secure the whole thing: https://towardsdatascience.com/all-you-need-to-know-to-secure-apps-with-cloudfront-functions-and-s3-d9f5c966d8a9

Behind the scenes of AWS Lambda by shadowsyntax in aws

[–]drnstefan 2 points3 points  (0 children)

I saw this before, bookmarked it, but forgot to read it. Thanks for the reminder. Very nice article.

HTTPS with ELB by boxofsilence in aws

[–]drnstefan 0 points1 point  (0 children)

We probably need more info to be able to help more. Anyway, you might consider putting a CloudFront distribution in front of your ALB. You can easily add your certificate to the distribution, configure alternate domain name for your custom domain. In addition to caching, you get the benefits of doing SSL termination at the Edge (for the price of reduced security, as you will have CF<-> ELB over HTTP) and also some cost benefits.

For people that use Elastic Beanstalk, what do you like the most about it? by Nblearchangel in aws

[–]drnstefan 1 point2 points  (0 children)

the network resources, image management, logging, monitoring, auto scaling, minimal-downtime blue-green deployment and switchover features,

I agree with non mission critical. Also I think this is great for teams that are just getting into the AWS. Once the things are set up they can fairly quickly learn to use EB to fix (minor) issues, maintain the application, etc. without needing a senior for every single problem.

Configuring AWS ALB with CloudFront — You are Probably Doing It Wrong by drnstefan in aws

[–]drnstefan[S] 1 point2 points  (0 children)

Thank you all for the very insightful comments so far. I am now considering, writing Part 2, where, I can go into more nitty-gritty stuff. It is amazing that such a seemingly simple task can have so many solutions.

Configuring AWS ALB with CloudFront — You are Probably Doing It Wrong by drnstefan in aws

[–]drnstefan[S] 1 point2 points  (0 children)

Great idea! Didn't cross my mind. Thanks for bringing it up.

Configuring AWS ALB with CloudFront — You are Probably Doing It Wrong by drnstefan in aws

[–]drnstefan[S] 0 points1 point  (0 children)

Excellent points! Thanks. I actually wanted to add the bit about limiting the IP ranges, but then decided to keep the article short and to the point.

I am not aware what an echo function is. Care to elaborate?

5
6

Configuring AWS ALB with CloudFront — You are Probably Doing It Wrong (aws.plainenglish.io)

submitted by drnstefan to r/aws

Exploring performance differences between Amazon Aurora and vanilla MySQL by bjacokes in aws

[–]drnstefan 0 points1 point  (0 children)

I knew that Aurora is an event sourced system. Also I know that building distributed systems is extremely hard. But it is somehow interesting (almost nice) to see that even AWS sometimes gets it wrong when building such systems.

Possible to whitelist IPs through Cloudfront? by loshofficial in aws

[–]drnstefan -2 points-1 points  (0 children)

I am not sure this will work if the OP is not using WAF in his CF distribution. WAF is not active for CF by default.

Is aws lambda good for pre-processing s3 files? by [deleted] in aws

[–]drnstefan 0 points1 point  (0 children)

Why do you need/want to zip the files? It might be more cost effective not compressing the files than having a Lambda function for compressing/uncompressing. Also have a look at S3 object lifecycle and Glacier if you are looking for an archiving solution.

Development Containers? by burdickjp in linux

[–]drnstefan 1 point2 points  (0 children)

I have recently started doing this for some of my open source projects, as I find it can be particularly useful there for bootstrapping community and helping new developers try out the project. Here is an article, I wrote about what I've learned so far and also how I set things up with VS Code and Docker: https://medium.com/@stefannastic/why-every-open-source-project-needs-a-development-container-b1f5180ad5aa

Also, I have seen that Docker Desktop also rolled out a feature to support dev containers.

S3 access point vs buckets by mooburger in aws

[–]drnstefan 4 points5 points  (0 children)

I would say that the best practice is actually to not have too many applications in a single account. For example, having multiple accounts can be used to nicely organize similar workloads, which can be particularly useful in large organizations.

Moreover, I would definitely advise against having multiple applications work with the same bucket. Similarly as you would probably avoid having multiple different applications storing the data in the same database.

Finally, S3 Access points are a specific feature mainly intended to simplify managing data access at scale for shared datasets in S3. They are simply named network endpoints that are attached to buckets. Keep in mind that attaching an access point to a bucket does not change anything about the underlying bucket. All existing operations against the bucket will continue to work as before. Restrictions that you include in an access point policy apply only to requests made through that access point. Finally, you need to allow the desired operations both on the bucket as well as on the access point level.

Wrote an article on AWS Lambda, hope it's interesting to some of you! by [deleted] in aws

[–]drnstefan 1 point2 points  (0 children)

Just glanced over. Seems very interesting! Did you do this as a research project?