AWS Compute Blog
Category: AWS CloudTrail
Building AWS Lambda governance and guardrails
When building serverless applications using AWS Lambda, there are a number of considerations regarding security, governance, and compliance. This post highlights how Lambda, as a serverless service, simplifies cloud security and compliance so you can concentrate on your business logic. It covers controls that you can implement for your Lambda workloads to ensure that your […]
Securely retrieving secrets with AWS Lambda
AWS Lambda functions often need to access secrets, such as certificates, API keys, or database passwords. Storing secrets outside the function code in an external secrets manager helps to avoid exposing secrets in application source code. Using a secrets manager also allows you to audit and control access, and can help with secret rotation. Do […]
Building well-architected serverless applications: Implementing application workload security – part 2
This series of blog posts uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the introduction post for a table of contents and explanation of the example application. Security question SEC3: […]
Building well-architected serverless applications: Managing application security boundaries – part 2
This series uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the nine serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the introduction post for a table of contents and explanation of the example application. Security question SEC2: How do […]
Operating Lambda: Building a solid security foundation – Part 2
In this blog post, I explain how to secure workloads with public endpoints and the different authentication and authorization options available. I also show different approaches to exposing APIs publicly.
Using dynamic Amazon S3 event handling with Amazon EventBridge
The standard S3 to Lambda integration enables developers to deploy code that responds to bucket- or object-based events. Using Amazon EventBridge, you can employ even more sophisticated routing and filtering of events between S3 and Lambda.
Decoupling larger applications with Amazon EventBridge
This blog post shows how you can use an event-based architecture to decouple services and functional areas of applications. It uses the document repository solution as an example, to compare architecture after shifting to an event-based approach.