AWS Compute Blog

Category: AWS Identity and Access Management (IAM)

AWS Lambda service VPC with VPC-to-VPT NAT to customer VPC

Using AWS Lambda IAM condition keys for VPC settings

You can now control the Amazon Virtual Private Cloud (VPC) settings for your AWS Lambda functions using AWS Identity and Access Management (IAM) condition keys. IAM condition keys enable you to further refine the conditions under which an IAM policy statement applies. You can use the new condition keys in IAM policies when granting permissions […]

View API Gateway Method Request using Amazon Cognito authorization

Building well-architected serverless applications: Controlling serverless API access – part 3

This series of blog posts uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the nine serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the Introduction post for a table of contents and explanation of the example application. Security question […]

JSON web token decoded

Building well-architected serverless applications: Controlling serverless API access – part 2

This series of blog posts uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the nine serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the Introduction post for a table of contents and explanation of the example application. Security question […]

Lambda authorizers

Building well-architected serverless applications: Controlling serverless API access – part 1

This series of blog posts uses the AWS Well-Architected Tool with the Serverless Lens to help customers build and operate applications using best practices. In each post, I address the nine serverless-specific questions identified by the Serverless Lens along with the recommended best practices. See the Introduction post for a table of contents and explanation of the example application. Security question […]

RDS Proxy with IAM Authentication

Introducing the serverless LAMP stack – part 2 relational databases

Update – June 30, 2020: Amazon RDS Proxy support for MySQL and PostgreSQL is now generally available. The complete blog series and supporting GitHub repository is now available: Part 1: Introducing the new Serverless LAMP stack Part 2: Scaling relational databases Part 3: Replacing the web server Part 4: Building a serverless Laravel application Part 5: […]

Orchestrating a security incident response with AWS Step Functions

In this post I will show how to implement the callback pattern of an AWS Step Functions Standard Workflow. This is used to add a manual approval step into an automated security incident response framework. The framework could be extended to remediate automatically, according to the individual policy actions defined. For example, applying alternative actions, or […]

Introducing private registry authentication support for AWS Fargate

This post courtesy of Tiffany Jernigan, AWS Developer Advocate – Containers Private registry authentication support for Amazon Elastic Container Service (Amazon ECS) is now available with the AWS Fargate launch type! Now, in addition to Amazon Elastic Container Registry (Amazon ECR), you can use any private registry or repository of your choice for both EC2 and Fargate launch types. […]

Control access to your APIs using Amazon API Gateway resource policies

This post courtesy of Tapodipta Ghosh, AWS Solutions Architect Amazon API Gateway provides you with a simple, flexible, secure, and fully managed service that lets you focus on building core business services. API Gateway supports multiple mechanisms of access control using AWS Identity and Access Management (IAM), AWS Lambda authorizers, and Amazon Cognito. You may […]

Sharing Secrets with AWS Lambda Using AWS Systems Manager Parameter Store

This post courtesy of Roberto Iturralde, Sr. Application Developer- AWS Professional Services Application architects are faced with key decisions throughout the process of designing and implementing their systems. One decision common to nearly all solutions is how to manage the storage and access rights of application configuration. Shared configuration should be stored centrally and securely with […]

Serverless Automated Cost Controls, Part1

This post courtesy of Shankar Ramachandran, Pubali Sen, and George Mao In line with AWS’s continual efforts to reduce costs for customers, this series focuses on how customers can build serverless automated cost controls. This post provides an architecture blueprint and a sample implementation to prevent budget overruns. This solution uses the following AWS products: […]