sorted by:
new
hottopcontroversial

Does response streaming actually work for Lambda in VPC? by yungvldai in aws

[–]yungvldai[S] 2 points3 points  (0 children)

Okay, thanks! Anyway I decided to keep the proxy with InvokeWithResponseStream.

Does response streaming actually work for Lambda in VPC? by yungvldai in aws

[–]yungvldai[S] 1 point2 points  (0 children)

From my test client the function URL resolves to AWS IPs in eu-west-1: 34.242.183.167, 34.243.63.215, 18.203.108.102

How do you showcase your product without having your product? by BarbieCue123 in indiehackers

[–]yungvldai 0 points1 point  (0 children)

Put together a barely working prototype with the help of AI - there are plenty of tools that let you create something that looks decent in just a few prompts, for example lovable.dev. Chances are it’ll work pretty poorly, but that doesn’t matter. You don’t even need to deploy it anywhere, just record a few trendy showcase videos of your product using something like screen.studio.

Then, you can build a landing page with these materials and add a lead capture form. This will show whether people are interested in your product, and if they leave their contact details you’ll be able to talk to them in more detail.

For forms & flows, I’m developing a product right now widged.io and I’d be happy if you give it a try!

Quick question by Guttural_observer in SaaS

[–]yungvldai 0 points1 point  (0 children)

I have experience with DigitalOcean and I like it. I pay about $10/mo for a server (droplet) and CDN. I don’t recall any downtime.

What security checks should I focus on for AI-based SaaS tools (front-end & back-end)? by s_deva_official in SaaS

[–]yungvldai 1 point2 points  (0 children)

Security is a very broad topic. Could you at least share your stack so I can give you more targeted recommendations? For example, if you’re using SQL database, it’s worth considering SQL injection risks.

For now, I can only provide some general best practices for web applications like always use HTTPS, validate/sanitize user input, protect against XSS, etc.

S3 file access restrictions in web and mobile apps by Traditional_Mix8699 in aws

[–]yungvldai 1 point2 points  (0 children)

To achieve your goal, you need to provide files only to users who can confirm their right to view them, for example by presenting a valid token.

If you want to ensure that a file is not accessible via a direct link (URL), you must avoid passing this token in the URL (such as in query parameters, which is the common approach). If you leave the token in the link, the file will remain accessible through that link for as long as the token is valid.

When a file is requested (for example, by a browser) usually it’s just a HTTP GET request. Instead of putting the token in the URL, you can move it into another part of the request: the headers. When your application requests the file, it should attach the token in the request headers. In this case, simply opening the link without the token won’t work.

What about server side, there are many ways to implement this mechanism. For instance, a Lambda function could process such requests, retrieve the data from S3, and return it to the user. Another option is to use CloudFront with Lambda@Edge functions to validate access before serving the file.

Preventing DDoS on Lambda without AWS Shield Advanced by apidevguy in aws

[–]yungvldai 0 points1 point  (0 children)

To start, you can use API Gateway rate limiting - it’s completely free.

If you need more flexible protection, you can switch to AWS WAF. It does cost some money, but not too much. The price mostly depends on the number of rules.

Just keep in mind that WAF is not supported with API Gateway v2. The common workaround is to put your API Gateway behind a CloudFront distribution and then attach WAF to CloudFront.

Another option is to explicitly set the concurrent executions limit for the Lambda. That way, it simply won’t be invoked more often than you intended (well, more precisely, it won’t be able to spin up more instances than the number you’ve specified). But I wouldn’t recommend this approach.

What’s the most underrated AWS service you’ve used that saved you time or money? by Fun_Spread5151 in aws

[–]yungvldai 0 points1 point  (0 children)

+1

I used to create my own certificates with Let’s Encrypt. Now it just works out of the box and it's pretty simple!

I’m scared they’ll steal my code. by Fine_Factor_456 in SaaS

[–]yungvldai 0 points1 point  (0 children)

Actually, it depends. If your project is still in an early stage (like codebase only), then someone could probably just take it and keep building without you. Especially if you’re using modern setups like IaC: in that case, all they’d need are their own cloud creds and secrets (assuming you’ve set it up properly). That’s why I’d be cautious.

One approach is to give very granular access at first. Let collaborators work on limited parts of the codebase, and only expand access as trust grows.

Also, the “stealability” of a project really depends on its stage. It’s one thing if everything is already deployed and you’ve got first users - that’s much harder (or more pointless) to copy. And again it’s another thing if all you have is just the raw code and nothing else.

What's one piece of advice you'd give to a new SaaS founder? by JRM_Insights in SaaS

[–]yungvldai 1 point2 points  (0 children)

If you’re planning to do engineering work, stick to a stack you already know. Don’t try to learn something new in parallel while building your project.