AWS Compute Blog

Category: AWS CloudTrail

Serverless application shared responsibility

Building AWS Lambda governance and guardrails

When building serverless applications using AWS Lambda, there are a number of considerations regarding security, governance, and compliance. This post highlights how Lambda, as a serverless service, simplifies cloud security and compliance so you can concentrate on your business logic. It covers controls that you can implement for your Lambda workloads to ensure that your […]

Retrieving secret during function initialization.

Securely retrieving secrets with AWS Lambda

AWS Lambda functions often need to access secrets, such as certificates, API keys, or database passwords. Storing secrets outside the function code in an external secrets manager helps to avoid exposing secrets in application source code. Using a secrets manager also allows you to audit and control access, and can help with secret rotation. Do […]

Secrets Manager password change

Building well-architected serverless applications: Implementing application workload security – part 2

This series of blog posts uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the introduction post for a table of contents and explanation of the example application. Security question SEC3: […]

IAM last used

Building well-architected serverless applications: Managing application security boundaries – part 2

This series uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the nine serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the introduction post for a table of contents and explanation of the example application. Security question SEC2: How do […]

Multiple buckets with multiple Lambda subscribers

Using dynamic Amazon S3 event handling with Amazon EventBridge

The standard S3 to Lambda integration enables developers to deploy code that responds to bucket- or object-based events. Using Amazon EventBridge, you can employ even more sophisticated routing and filtering of events between S3 and Lambda.

Decoupled architecture

Decoupling larger applications with Amazon EventBridge

This blog post shows how you can use an event-based architecture to decouple services and functional areas of applications. It uses the document repository solution as an example, to compare architecture after shifting to an event-based approach.