Tamás Sallai

Follow to get new release updates and improved recommendations

About Tamás Sallai

Tamás Sallai is a software developer specializing in web technologies and cloud computing. He's a blogger, writing about various technology-related topics on his blog since 2014. He is an AWS certified security specialist and he holds a Master's degree in Computer Sciences, graduated in 2012.

David Flanagan

Are you an author?

Help us improve our Author Pages by updating your bibliography and submitting a new or current image and biography.

Learn more at Author Central

1 11 1

$9.99

Kindle Edition
$6.99

Kindle Edition
$2.99

Kindle Edition
$9.99

Kindle Edition
$5.99

Kindle Edition

Author Updates

Books By Tamás Sallai

All Formats Kindle Edition

Asynchronous Programming Patterns in Javascript: How to Use Async/Await and Promises to Solve Programming Problems Feb 1, 2021

by Tamás Sallai

$9.99

Asynchronous programming is everywhere in Javascript. This is the result of the fundamental choices that define how it works. In other languages, you can use multiple threads and that allows synchronous waiting, a crucial feature missing from Javascript. It is by design single-threaded and a wait operation stops everything, just think of the case where a long calculation freezes the UI.

Without a way to wait for a later result synchronously, Javascript needs to use callbacks. Even simple things like waiting for a given duration requires a function that will be run when the time is up.

You can find this pattern everywhere, as most of the things are asynchronous in nature. Using fetch to make an HTTP call to a server is an async operation. Just like getting information about the available cameras and microphones with the getUserMedia call, as it needs to get permission from the user. Same with reading and writing files. While these have synchronous versions for now, they are terrible for performance. Or want to do some web scraping with Puppeteer? Every single instruction is asynchronous as all of them communicate with a remote process. Or for backend applications, reading or writing data to a database is also inherently async.

And not only that some functions are async but all the other functions that call them need to be async too. A piece of functionality that requires making a network call, for example, is asynchronous, no matter how insignificant that call is compared to what other things the function is doing. Because of this, almost all Javascript applications consist of mostly asynchronous operations.

Over the years, the language got a lot of features that make writing async code easier. Gone are the days of the so-called callback hell where a series of callback-based async calls made the program's structure very hard to understand and easy to inadvertently silence errors.

But asynchronous programming is inherently hard. While the language helps with the syntax to make understanding and writing code easier, asynchronicity introduces a lot of potential errors, most of them so subtle they only occur in special circumstances.

Even though I've been working for many years with asynchronous code, some of the problems in this book took me a week to reach a solution I'm happy with. My goal with this book is that you'll have an easier time when you encounter similar problems by knowing what are the hard parts. This way you won't need to start from zero but you'll have a good idea of what are the roadblocks and the best practices.

This book is divided into two parts.

The first chapter is an introduction to async/await and Promises and how each piece of the async puzzle fit together. The primary focus is async functions as they are the mainstream way to program asynchronously in Javascript. But async/await is a kind of magic without knowing about Promises, so you'll learn about them too.

By the end of the first chapter, you'll have a good understanding of how to use async functions and how they work under the hood.

The second part of the book consists of several common programming tasks and problems. You'll learn when that particular problem is important, how to solve it, and what are the edge cases. This gives you a complete picture so that when you encounter a similar problem you'll know how to approach it.

This book is not meant to be read from cover to cover but to be used as a reference guide. With the patterns described in this book, my hope is that you'll see the underlying difficulty with async programming so when you work on your own solutions you'll know the pitfalls and best practices so you'll end up with more reliable code.

A Practical Guide to AWS IAM: How to Write Policies, Control Access, and Secure an AWS Account Jan 19, 2021

by Tamás Sallai

( 1 )

$6.99

Given a task to make a security incident in an AWS account less likely and less impactful, an expert configures tighter access control. This book shows you the tools to do just that.

IAM is a complicated service, there is no sugarcoating that. There are tons of configuration options and each service integrates with it differently. Nobody knows all the quirks and exceptions, and every situation requires a lot of experimentation.

I remember when I started out with AWS I felt it was an obstacle, making everything a lot harder than necessary. Everything was hidden behind some technical jargon and it wasn't intuitive at all where to configure things. Then its JSON policy structure required a lot of searching for solutions. IAM was in my way whatever I wanted to do.

It was much later when I become interested in security and that was when I realized how essential IAM is to secure an AWS account. There are a lot of other services for security, such as Config, Security Hub, CloudTrail, and GuardDuty, but they all play a secondary role. The security of an account lies in the configuration of IAM.

After a bit of learning, I started to see the underlying logic behind all those obscure terminology that felt so distant at first. The identities, the types and structure of the policies all fit into a bigger picture that defines the security posture of an account.

This book focuses on what is common in setting up access control in AWS: not how to fine-tune permissions for an S3 bucket but how resource-based policies work, which are used in S3, KMS, and several other services. Similarly, instead of detailing all the available condition keys, you'll learn where to find them and how to use them in the policy language.

Unfortunately, there is no magic formula that works in all situations. So this book does what I believe is the next best thing: it shows how IAM and its components work so you'll be able to better decide on a solution for your security-related tasks. You'll learn what is common so that you'll have an easier time figuring out the solutions for specific problems.

This book helps you to:

* Set up users and roles in an efficient way
* Write IAM policies
* Reason about what a given policy does
* Implement tighter access control

100 Javascript & Web Development Tips: Bite-sized Solutions to Common Problems Feb 8, 2021

by Tamás Sallai

$2.99

Back in 2017 I made a challenge for myself: I wanted to collect 100 things that are useful and I encounter regularly during my work as a Javascript/web developer. To my surprise, I finished in about a week.

Looking at that list I realized that many of them are far from trivial and required in-depth understanding of the technology to solve it. So I wrote short articles about each of them, detailing when that particular problem happens and how to solve it. This was the foundation of a weekly tips newsletter.

Ever since it went online, I've been keeping the content up-to-date, so that when some new version is released or a service goes offline it is reflected in a timely manner. Because of this ongoing maintenance, these tips are as relevant as ever.

This book is the collection of all 100 tips I wrote and polished over the years. It spans a range of topics from elementary Javascript, such as the array destructuring operator and regular expressions, to some more targeted technologies such as RxJS streams and immutable collections. I'm sure you'll find at least some of them that you didn't know about.

AWS S3 Signed URLs Handbook: How to Handle Files in a Serverless Environment Dec 6, 2020

by Tamás Sallai

$9.99

Don't get fooled by the apparent simpleness of signed URLs. Whomever you want to protect your files from knows how they work under the hood. An implementation that "seems to work" is insecure and gives a false sense of security.

This book teaches you everything you need to know about S3 signed URLs. You'll learn what signed URLs are, why they are needed for serverless applications, how to implement them securely, and how they work with other AWS services. All this, with a special eye for security.

It contains the background knowledge so that you'll know the cases where signed URLs are the solution. It comes with almost a dozen deploy-to-try examples to allow easy experimentation with the different aspects.

When I initially started experimenting with signed URLs I quickly realized how easy it is to end up with a solution that is unreliable and insecure. I spent several months to figure out what is missing from the documentations so that you don't need to.

You'll learn:

* How S3 signed URLs work and why they are essential for a serverless stack
* How to solve common problems and how to secure the implementation
* How to use them with other services, such as CloudFront and KMS

This book is written in a handbook style. It dives deep into a single technology and provides help when you need it. It features analyses how each choice or piece of technology affects the security of signed URLs.

Is in-depth knowledge of AWS required?

This book assumes some technical knowledge and a basic understanding of the AWS platform. If you've already written a Lambda function and you've seen Terraform code you should be fine.

Introduction

Chapter 1: Overview
Use cases
From servers to serverless
  3-tier architecture
  Serverless architecture
Signed URLs for S3
  Credentials
  URL structure
  Expiration time
Security of S3 signed URLs
  Algorithm
  Bandwidth control
  Implementation disclosure
  Revocation

Chapter 2: Implementation
  Sample code
Infrastructure
  Bucket
  Object
  Function
  Execution role
Backend with Node.js
  S3 service
  Sign URLs
Frontend

Chapter 3: Specific use-cases
Least privilege with dedicated roles
CORS
Using HTTP redirects
How to check if a file exists before signing
How to set the filename
Integrate with CloudFront
Caching
Uploading files
Handling encrypted data
Permanent URLs
Troubleshooting
AccessDenied
NoSuchKey
ExpiredToken
PermanentRedirect
InvalidRequest

Security checklist

Javascript on AWS Lambda: How to use Node.js in a serverless architecture Nov 5, 2020

by Tamás Sallai

( 2 )

$5.99

This books helps you bring what you already know --- programming in Javascript with Node.Js --- to AWS Lambda.

Developing serverless applications is frustrating at first. Up until the "Hello world" everything is easy, but then a lot of small differences come to the surface. Things like why some requests are way slower than others, how to set the available memory, and why a sensible timeout is important. These are the results of how the Lambda execution environment works, and it is markedly different from running Node.Js on a server.

And it's not just how the function is run, but also what other services it interacts with. CloudWatch and Logs, IAM, and API Gateway, not to mention a database most functions will use. It's overwhelming at first.

This book systematically walks you through the configuration options and gives just the right amount of background information so that you'll know what parts are important. With it, you'll be able to set up your Lambda functions using best practices and avoid the common problems.

You'll:
* Understand how the Lambda execution environment works
* Learn how to write Javascript serverless functions
* And walk away with knowledge about debuggers and HTTP APIs

Introduction

Chapter 1: The Lambda execution model
Serverless functions
Limits
The cost model
At-least-once execution
Caching in /tmp
Cold start
Memory

Chapter 2: Setup
Node versions
The Lambda permission model
How to define code
Inline code
File interpolation
Adding packages with npm
Handler argument

Chapter 3: Programming model
Async handler
Async programming patterns
Background tasks
Input and output
The event object
The context object
Output
The AWS SDK
Pagination
Environment variables
Timeout
Cause of timeouts
Mitigating timeouts
  AWS SDK timeouts
  Promise-based timeout handling

Chapter 4: Debugging
Logging
X-Ray
Custom segments

Chapter 5: Other topics
Storing secrets
Using SSM
Caching
  Cache time
HTTP API
OpenAPI backend
  Request parameters
  Special handlers
Express backend

More Information

Are you an author? Visit Author Central to change your photo, edit your biography, and more

See Author Pages Frequently Asked Questions

Anything else? Provide feedback about this page

Similar authors to follow

About Tamás Sallai

Customers Also Bought Items By

Are you an author?

Author Updates

Table of contents

Table of contents

More Information