Similar authors to follow
Manage your follows
About Tamás Sallai
Tamás Sallai is a software developer specializing in web technologies and cloud computing. He's a blogger, writing about various technology-related topics on his blog since 2014. He is an AWS certified security specialist and he holds a Master's degree in Computer Sciences, graduated in 2012.
Customers Also Bought Items By
Titles By Tamás Sallai
IAM is a complicated service, there is no sugarcoating that. There are tons of configuration options and each service integrates with it differently. Nobody knows all the quirks and exceptions, and every situation requires a lot of experimentation.
I remember when I started out with AWS I felt it was an obstacle, making everything a lot harder than necessary. Everything was hidden behind some technical jargon and it wasn't intuitive at all where to configure things. Then its JSON policy structure required a lot of searching for solutions. IAM was in my way whatever I wanted to do.
It was much later when I become interested in security and that was when I realized how essential IAM is to secure an AWS account. There are a lot of other services for security, such as Config, Security Hub, CloudTrail, and GuardDuty, but they all play a secondary role. The security of an account lies in the configuration of IAM.
After a bit of learning, I started to see the underlying logic behind all those obscure terminology that felt so distant at first. The identities, the types and structure of the policies all fit into a bigger picture that defines the security posture of an account.
This book focuses on what is common in setting up access control in AWS: not how to fine-tune permissions for an S3 bucket but how resource-based policies work, which are used in S3, KMS, and several other services. Similarly, instead of detailing all the available condition keys, you'll learn where to find them and how to use them in the policy language.
Unfortunately, there is no magic formula that works in all situations. So this book does what I believe is the next best thing: it shows how IAM and its components work so you'll be able to better decide on a solution for your security-related tasks. You'll learn what is common so that you'll have an easier time figuring out the solutions for specific problems.
This book helps you to:
* Set up users and roles in an efficient way
* Write IAM policies
* Reason about what a given policy does
* Implement tighter access control
This book teaches you everything you need to know about S3 signed URLs. You'll learn what signed URLs are, why they are needed for serverless applications, how to implement them securely, and how they work with other AWS services. All this, with a special eye for security.
It contains the background knowledge so that you'll know the cases where signed URLs are the solution. It comes with almost a dozen deploy-to-try examples to allow easy experimentation with the different aspects.
When I initially started experimenting with signed URLs I quickly realized how easy it is to end up with a solution that is unreliable and insecure. I spent several months to figure out what is missing from the documentations so that you don't need to.
* How S3 signed URLs work and why they are essential for a serverless stack
* How to solve common problems and how to secure the implementation
* How to use them with other services, such as CloudFront and KMS
This book is written in a handbook style. It dives deep into a single technology and provides help when you need it. It features analyses how each choice or piece of technology affects the security of signed URLs.
Is in-depth knowledge of AWS required?
This book assumes some technical knowledge and a basic understanding of the AWS platform. If you've already written a Lambda function and you've seen Terraform code you should be fine.
Table of contentsIntroduction
Chapter 1: Overview
From servers to serverless
Signed URLs for S3
Security of S3 signed URLs
Chapter 2: Implementation
Backend with Node.js
Chapter 3: Specific use-cases
Least privilege with dedicated roles
Using HTTP redirects
How to check if a file exists before signing
How to set the filename
Integrate with CloudFront
Handling encrypted data
You can find this pattern everywhere, as most of the things are asynchronous in nature. Using fetch to make an HTTP call to a server is an async operation. Just like getting information about the available cameras and microphones with the getUserMedia call, as it needs to get permission from the user. Same with reading and writing files. While these have synchronous versions for now, they are terrible for performance. Or want to do some web scraping with Puppeteer? Every single instruction is asynchronous as all of them communicate with a remote process. Or for backend applications, reading or writing data to a database is also inherently async.
Over the years, the language got a lot of features that make writing async code easier. Gone are the days of the so-called callback hell where a series of callback-based async calls made the program's structure very hard to understand and easy to inadvertently silence errors.
But asynchronous programming is inherently hard. While the language helps with the syntax to make understanding and writing code easier, asynchronicity introduces a lot of potential errors, most of them so subtle they only occur in special circumstances.
Even though I've been working for many years with asynchronous code, some of the problems in this book took me a week to reach a solution I'm happy with. My goal with this book is that you'll have an easier time when you encounter similar problems by knowing what are the hard parts. This way you won't need to start from zero but you'll have a good idea of what are the roadblocks and the best practices.
This book is divided into two parts.
By the end of the first chapter, you'll have a good understanding of how to use async functions and how they work under the hood.
The second part of the book consists of several common programming tasks and problems. You'll learn when that particular problem is important, how to solve it, and what are the edge cases. This gives you a complete picture so that when you encounter a similar problem you'll know how to approach it.
This book is not meant to be read from cover to cover but to be used as a reference guide. With the patterns described in this book, my hope is that you'll see the underlying difficulty with async programming so when you work on your own solutions you'll know the pitfalls and best practices so you'll end up with more reliable code.
Looking at that list I realized that many of them are far from trivial and required in-depth understanding of the technology to solve it. So I wrote short articles about each of them, detailing when that particular problem happens and how to solve it. This was the foundation of a weekly tips newsletter.
Ever since it went online, I've been keeping the content up-to-date, so that when some new version is released or a service goes offline it is reflected in a timely manner. Because of this ongoing maintenance, these tips are as relevant as ever.
Developing serverless applications is frustrating at first. Up until the "Hello world" everything is easy, but then a lot of small differences come to the surface. Things like why some requests are way slower than others, how to set the available memory, and why a sensible timeout is important. These are the results of how the Lambda execution environment works, and it is markedly different from running Node.Js on a server.
And it's not just how the function is run, but also what other services it interacts with. CloudWatch and Logs, IAM, and API Gateway, not to mention a database most functions will use. It's overwhelming at first.
This book systematically walks you through the configuration options and gives just the right amount of background information so that you'll know what parts are important. With it, you'll be able to set up your Lambda functions using best practices and avoid the common problems.
* Understand how the Lambda execution environment works
* And walk away with knowledge about debuggers and HTTP APIs
Table of contentsIntroduction
Chapter 1: The Lambda execution model
The cost model
Caching in /tmp
Chapter 2: Setup
The Lambda permission model
How to define code
Adding packages with npm
Chapter 3: Programming model
Async programming patterns
Input and output
The event object
The context object
The AWS SDK
Cause of timeouts
AWS SDK timeouts
Promise-based timeout handling
Chapter 4: Debugging
Chapter 5: Other topics