Tamás Sallai

Something went wrong. Please try your request again later.
Follow to get new release updates and improved recommendations
OK
About Tamás Sallai
Tamás Sallai is a software developer specializing in web technologies and cloud computing. He's a blogger, writing about various technology-related topics on his blog since 2014. He is an AWS certified security specialist and he holds a Master's degree in Computer Sciences, graduated in 2012.
Customers Also Bought Items By
Are you an author?
Help us improve our Author Pages by updating your bibliography and submitting a new or current image and biography.
Author Updates
-
Blog postI waited a few months to try out the new version of the AWS Javascript SDK to give the maintainers some time to iron out the initial issues. But since it is likely to be the de-facto way to write code that interfaces with AWS APIs, it’s finally time to start the migration.
This article is about my initial impressions and thoughts after using the new version for a small project. It has parts that are similar to Michael Wittig’s experiences who has written about them not long ago.
M2 days ago Read more -
Blog postMigrating to v3 Two months ago, AWS released the v3 of the Javascript SDK. It brings quite a few updates and unfortunately it needs a different structure than the v2, so a migration is in order for all applications that use that. But since it’s the new version and it’s likely that in the future this will be the mainstream way of writing Javascript code interfacing with the AWS APIs, I started using it for new projects.
As usual, I started with a “Hello world”-style program, just to h1 week ago Read more -
Blog postConfiguring EC2 instances CloudFormation is AWS’s Infrastructure-as-Code tool that lets you deploy multiple resources based on a template file that you write. It can create and manage nearly every type of resources in AWS, such as VPCs, Lambda functions, DynamoDB tables, and EC2 instances. A well-architected application is ready to run after its deployment with CloudFormation, without requiring any additional manual steps.
This works for serverless applications, permissions, and stor2 weeks ago Read more -
Blog postVPC The VPC is the central container element in EC2 networking. It holds all the other building blocks and provides a separate environment where you can launch instances and define how they can connect to each other and the internet.
VPC stands for “Virtual Private Cloud” and the cloud part is in a sense that it’s like multiple virtual data centers with routing, servers, and all the other things you’d find in a cluster of real data centers.
A VPC is region-specific. There are3 weeks ago Read more -
Blog postGuaranteeing uniqueness Let’s say an application stores user objects and as part of the item it records email addresses. A table with a single user might look like this:
Users tableIDemaillFr1Dtest@example.com
When other users come and register to the app, they can specify their email address as well. But that means they possibly use one that is already taken:
Users tableIDemaillFr1Dtest@example.comvHPZLtest@example.com
This is usually a problem, as an email a1 month ago Read more -
Blog postWhile Promises and async/await are increasingly the primary way to write asynchronous code in Javascript, callbacks are still used in many places. Several libraries that adopted that style are slow to migrate to the more modern alternative, and browser (and Node) APIs are also slow to change.
For example, marked, a markdown compiler needs a callback when it’s used in asynchronous mode:
marked(text, options, (err, result) => { // result is the compiled markdown }); Similarl1 month ago Read more -
Blog postScraping with Puppeteer A typical scraping job gets a bunch of URLs and it needs to open a page, interact with the site, possibly by logging in and navigating around, and extract a piece of data. Puppeteer is the perfect choice for this, as it uses an actual browser that solves a whole array of edge cases.
The trivial solution is to run a loop that gets the next item, run the browser to interact with the site, and write its result to some collection value. For example, the following1 month ago Read more -
Blog postDeleting all items Especially during testing, it’s a common requirement to clear the database. There is a handy command in SQL for this: DELETE FROM table, which clears all items in the table. But DynamoDB does not support this statement and there is no direct alternative either.
How to delete all items in a DynamoDB table then?
It turns out there is no easy way to do this and reliably deleting all items requires quite a bit of coding. But there is an alternative way too: del1 month ago Read more -
Blog postWhat is end-to-end encryption Let’s say you sit in a coffee shop and want to check something. You connect to the local WiFi, open up a browser, and use the Google search. Conceptually, your phone is communicating with the Google servers and all you notice is that the search results appear. Internet protocols do a good job of hiding all the complexity of routing to a remote machine.
browsergoogle.comcommunicationThe browser communicates with a Google server
But in reality, thi2 months ago Read more -
Blog postThe batchWriteItem operation DynamoDB supports the batchWriteItem function that consolidates multiple item writes in a single request. It’s a great performance improvement as network overhead is a significant factor with DynamoDB and sending fewer requests reduce the CPU (and network) utilization of the caller. And especially with Lambda, where you are billed for the running time of the function, this translates into savings on the infrastructure.
The batch write supports up to 25 wr2 months ago Read more
There's a problem loading this menu right now.
Get free delivery with Amazon Prime
Prime members enjoy FREE Delivery and exclusive access to music, movies, TV shows, original audio series, and Kindle books.
Books By Tamás Sallai
by
Tamás Sallai
$9.99
Asynchronous programming is everywhere in Javascript. This is the result of the fundamental choices that define how it works. In other languages, you can use multiple threads and that allows synchronous waiting, a crucial feature missing from Javascript. It is by design single-threaded and a wait operation stops everything, just think of the case where a long calculation freezes the UI.
Without a way to wait for a later result synchronously, Javascript needs to use callbacks. Even simple things like waiting for a given duration requires a function that will be run when the time is up.
You can find this pattern everywhere, as most of the things are asynchronous in nature. Using fetch to make an HTTP call to a server is an async operation. Just like getting information about the available cameras and microphones with the getUserMedia call, as it needs to get permission from the user. Same with reading and writing files. While these have synchronous versions for now, they are terrible for performance. Or want to do some web scraping with Puppeteer? Every single instruction is asynchronous as all of them communicate with a remote process. Or for backend applications, reading or writing data to a database is also inherently async.
And not only that some functions are async but all the other functions that call them need to be async too. A piece of functionality that requires making a network call, for example, is asynchronous, no matter how insignificant that call is compared to what other things the function is doing. Because of this, almost all Javascript applications consist of mostly asynchronous operations.
Over the years, the language got a lot of features that make writing async code easier. Gone are the days of the so-called callback hell where a series of callback-based async calls made the program's structure very hard to understand and easy to inadvertently silence errors.
But asynchronous programming is inherently hard. While the language helps with the syntax to make understanding and writing code easier, asynchronicity introduces a lot of potential errors, most of them so subtle they only occur in special circumstances.
Even though I've been working for many years with asynchronous code, some of the problems in this book took me a week to reach a solution I'm happy with. My goal with this book is that you'll have an easier time when you encounter similar problems by knowing what are the hard parts. This way you won't need to start from zero but you'll have a good idea of what are the roadblocks and the best practices.
This book is divided into two parts.
The first chapter is an introduction to async/await and Promises and how each piece of the async puzzle fit together. The primary focus is async functions as they are the mainstream way to program asynchronously in Javascript. But async/await is a kind of magic without knowing about Promises, so you'll learn about them too.
By the end of the first chapter, you'll have a good understanding of how to use async functions and how they work under the hood.
The second part of the book consists of several common programming tasks and problems. You'll learn when that particular problem is important, how to solve it, and what are the edge cases. This gives you a complete picture so that when you encounter a similar problem you'll know how to approach it.
This book is not meant to be read from cover to cover but to be used as a reference guide. With the patterns described in this book, my hope is that you'll see the underlying difficulty with async programming so when you work on your own solutions you'll know the pitfalls and best practices so you'll end up with more reliable code.
Without a way to wait for a later result synchronously, Javascript needs to use callbacks. Even simple things like waiting for a given duration requires a function that will be run when the time is up.
You can find this pattern everywhere, as most of the things are asynchronous in nature. Using fetch to make an HTTP call to a server is an async operation. Just like getting information about the available cameras and microphones with the getUserMedia call, as it needs to get permission from the user. Same with reading and writing files. While these have synchronous versions for now, they are terrible for performance. Or want to do some web scraping with Puppeteer? Every single instruction is asynchronous as all of them communicate with a remote process. Or for backend applications, reading or writing data to a database is also inherently async.
And not only that some functions are async but all the other functions that call them need to be async too. A piece of functionality that requires making a network call, for example, is asynchronous, no matter how insignificant that call is compared to what other things the function is doing. Because of this, almost all Javascript applications consist of mostly asynchronous operations.
Over the years, the language got a lot of features that make writing async code easier. Gone are the days of the so-called callback hell where a series of callback-based async calls made the program's structure very hard to understand and easy to inadvertently silence errors.
But asynchronous programming is inherently hard. While the language helps with the syntax to make understanding and writing code easier, asynchronicity introduces a lot of potential errors, most of them so subtle they only occur in special circumstances.
Even though I've been working for many years with asynchronous code, some of the problems in this book took me a week to reach a solution I'm happy with. My goal with this book is that you'll have an easier time when you encounter similar problems by knowing what are the hard parts. This way you won't need to start from zero but you'll have a good idea of what are the roadblocks and the best practices.
This book is divided into two parts.
The first chapter is an introduction to async/await and Promises and how each piece of the async puzzle fit together. The primary focus is async functions as they are the mainstream way to program asynchronously in Javascript. But async/await is a kind of magic without knowing about Promises, so you'll learn about them too.
By the end of the first chapter, you'll have a good understanding of how to use async functions and how they work under the hood.
The second part of the book consists of several common programming tasks and problems. You'll learn when that particular problem is important, how to solve it, and what are the edge cases. This gives you a complete picture so that when you encounter a similar problem you'll know how to approach it.
This book is not meant to be read from cover to cover but to be used as a reference guide. With the patterns described in this book, my hope is that you'll see the underlying difficulty with async programming so when you work on your own solutions you'll know the pitfalls and best practices so you'll end up with more reliable code.
A Practical Guide to AWS IAM: How to Write Policies, Control Access, and Secure an AWS Account
Jan 19, 2021
by
Tamás Sallai
$6.99
Given a task to make a security incident in an AWS account less likely and less impactful, an expert configures tighter access control. This book shows you the tools to do just that.
IAM is a complicated service, there is no sugarcoating that. There are tons of configuration options and each service integrates with it differently. Nobody knows all the quirks and exceptions, and every situation requires a lot of experimentation.
I remember when I started out with AWS I felt it was an obstacle, making everything a lot harder than necessary. Everything was hidden behind some technical jargon and it wasn't intuitive at all where to configure things. Then its JSON policy structure required a lot of searching for solutions. IAM was in my way whatever I wanted to do.
It was much later when I become interested in security and that was when I realized how essential IAM is to secure an AWS account. There are a lot of other services for security, such as Config, Security Hub, CloudTrail, and GuardDuty, but they all play a secondary role. The security of an account lies in the configuration of IAM.
After a bit of learning, I started to see the underlying logic behind all those obscure terminology that felt so distant at first. The identities, the types and structure of the policies all fit into a bigger picture that defines the security posture of an account.
This book focuses on what is common in setting up access control in AWS: not how to fine-tune permissions for an S3 bucket but how resource-based policies work, which are used in S3, KMS, and several other services. Similarly, instead of detailing all the available condition keys, you'll learn where to find them and how to use them in the policy language.
Unfortunately, there is no magic formula that works in all situations. So this book does what I believe is the next best thing: it shows how IAM and its components work so you'll be able to better decide on a solution for your security-related tasks. You'll learn what is common so that you'll have an easier time figuring out the solutions for specific problems.
This book helps you to:
* Set up users and roles in an efficient way
* Write IAM policies
* Reason about what a given policy does
* Implement tighter access control
IAM is a complicated service, there is no sugarcoating that. There are tons of configuration options and each service integrates with it differently. Nobody knows all the quirks and exceptions, and every situation requires a lot of experimentation.
I remember when I started out with AWS I felt it was an obstacle, making everything a lot harder than necessary. Everything was hidden behind some technical jargon and it wasn't intuitive at all where to configure things. Then its JSON policy structure required a lot of searching for solutions. IAM was in my way whatever I wanted to do.
It was much later when I become interested in security and that was when I realized how essential IAM is to secure an AWS account. There are a lot of other services for security, such as Config, Security Hub, CloudTrail, and GuardDuty, but they all play a secondary role. The security of an account lies in the configuration of IAM.
After a bit of learning, I started to see the underlying logic behind all those obscure terminology that felt so distant at first. The identities, the types and structure of the policies all fit into a bigger picture that defines the security posture of an account.
This book focuses on what is common in setting up access control in AWS: not how to fine-tune permissions for an S3 bucket but how resource-based policies work, which are used in S3, KMS, and several other services. Similarly, instead of detailing all the available condition keys, you'll learn where to find them and how to use them in the policy language.
Unfortunately, there is no magic formula that works in all situations. So this book does what I believe is the next best thing: it shows how IAM and its components work so you'll be able to better decide on a solution for your security-related tasks. You'll learn what is common so that you'll have an easier time figuring out the solutions for specific problems.
This book helps you to:
* Set up users and roles in an efficient way
* Write IAM policies
* Reason about what a given policy does
* Implement tighter access control
by
Tamás Sallai
$2.99
Back in 2017 I made a challenge for myself: I wanted to collect 100 things that are useful and I encounter regularly during my work as a Javascript/web developer. To my surprise, I finished in about a week.
Looking at that list I realized that many of them are far from trivial and required in-depth understanding of the technology to solve it. So I wrote short articles about each of them, detailing when that particular problem happens and how to solve it. This was the foundation of a weekly tips newsletter.
Ever since it went online, I've been keeping the content up-to-date, so that when some new version is released or a service goes offline it is reflected in a timely manner. Because of this ongoing maintenance, these tips are as relevant as ever.
This book is the collection of all 100 tips I wrote and polished over the years. It spans a range of topics from elementary Javascript, such as the array destructuring operator and regular expressions, to some more targeted technologies such as RxJS streams and immutable collections. I'm sure you'll find at least some of them that you didn't know about.
Looking at that list I realized that many of them are far from trivial and required in-depth understanding of the technology to solve it. So I wrote short articles about each of them, detailing when that particular problem happens and how to solve it. This was the foundation of a weekly tips newsletter.
Ever since it went online, I've been keeping the content up-to-date, so that when some new version is released or a service goes offline it is reflected in a timely manner. Because of this ongoing maintenance, these tips are as relevant as ever.
This book is the collection of all 100 tips I wrote and polished over the years. It spans a range of topics from elementary Javascript, such as the array destructuring operator and regular expressions, to some more targeted technologies such as RxJS streams and immutable collections. I'm sure you'll find at least some of them that you didn't know about.
by
Tamás Sallai
$9.99
Don't get fooled by the apparent simpleness of signed URLs. Whomever you want to protect your files from knows how they work under the hood. An implementation that "seems to work" is insecure and gives a false sense of security.
This book teaches you everything you need to know about S3 signed URLs. You'll learn what signed URLs are, why they are needed for serverless applications, how to implement them securely, and how they work with other AWS services. All this, with a special eye for security.
It contains the background knowledge so that you'll know the cases where signed URLs are the solution. It comes with almost a dozen deploy-to-try examples to allow easy experimentation with the different aspects.
When I initially started experimenting with signed URLs I quickly realized how easy it is to end up with a solution that is unreliable and insecure. I spent several months to figure out what is missing from the documentations so that you don't need to.
You'll learn:
* How S3 signed URLs work and why they are essential for a serverless stack
* How to solve common problems and how to secure the implementation
* How to use them with other services, such as CloudFront and KMS
This book is written in a handbook style. It dives deep into a single technology and provides help when you need it. It features analyses how each choice or piece of technology affects the security of signed URLs.
Is in-depth knowledge of AWS required?
This book assumes some technical knowledge and a basic understanding of the AWS platform. If you've already written a Lambda function and you've seen Terraform code you should be fine.
Chapter 1: Overview
Use cases
From servers to serverless
3-tier architecture
Serverless architecture
Signed URLs for S3
Credentials
URL structure
Expiration time
Security of S3 signed URLs
Algorithm
Bandwidth control
Implementation disclosure
Revocation
Chapter 2: Implementation
Sample code
Infrastructure
Bucket
Object
Function
Execution role
Backend with Node.js
S3 service
Sign URLs
Frontend
Chapter 3: Specific use-cases
Least privilege with dedicated roles
CORS
Using HTTP redirects
How to check if a file exists before signing
How to set the filename
Integrate with CloudFront
Caching
Uploading files
Handling encrypted data
Permanent URLs
Troubleshooting
AccessDenied
NoSuchKey
ExpiredToken
PermanentRedirect
InvalidRequest
Security checklist
This book teaches you everything you need to know about S3 signed URLs. You'll learn what signed URLs are, why they are needed for serverless applications, how to implement them securely, and how they work with other AWS services. All this, with a special eye for security.
It contains the background knowledge so that you'll know the cases where signed URLs are the solution. It comes with almost a dozen deploy-to-try examples to allow easy experimentation with the different aspects.
When I initially started experimenting with signed URLs I quickly realized how easy it is to end up with a solution that is unreliable and insecure. I spent several months to figure out what is missing from the documentations so that you don't need to.
You'll learn:
* How S3 signed URLs work and why they are essential for a serverless stack
* How to solve common problems and how to secure the implementation
* How to use them with other services, such as CloudFront and KMS
This book is written in a handbook style. It dives deep into a single technology and provides help when you need it. It features analyses how each choice or piece of technology affects the security of signed URLs.
Is in-depth knowledge of AWS required?
This book assumes some technical knowledge and a basic understanding of the AWS platform. If you've already written a Lambda function and you've seen Terraform code you should be fine.
Table of contents
IntroductionChapter 1: Overview
Use cases
From servers to serverless
3-tier architecture
Serverless architecture
Signed URLs for S3
Credentials
URL structure
Expiration time
Security of S3 signed URLs
Algorithm
Bandwidth control
Implementation disclosure
Revocation
Chapter 2: Implementation
Sample code
Infrastructure
Bucket
Object
Function
Execution role
Backend with Node.js
S3 service
Sign URLs
Frontend
Chapter 3: Specific use-cases
Least privilege with dedicated roles
CORS
Using HTTP redirects
How to check if a file exists before signing
How to set the filename
Integrate with CloudFront
Caching
Uploading files
Handling encrypted data
Permanent URLs
Troubleshooting
AccessDenied
NoSuchKey
ExpiredToken
PermanentRedirect
InvalidRequest
Security checklist
by
Tamás Sallai
$5.99
This books helps you bring what you already know --- programming in Javascript with Node.Js --- to AWS Lambda.
Developing serverless applications is frustrating at first. Up until the "Hello world" everything is easy, but then a lot of small differences come to the surface. Things like why some requests are way slower than others, how to set the available memory, and why a sensible timeout is important. These are the results of how the Lambda execution environment works, and it is markedly different from running Node.Js on a server.
And it's not just how the function is run, but also what other services it interacts with. CloudWatch and Logs, IAM, and API Gateway, not to mention a database most functions will use. It's overwhelming at first.
This book systematically walks you through the configuration options and gives just the right amount of background information so that you'll know what parts are important. With it, you'll be able to set up your Lambda functions using best practices and avoid the common problems.
You'll:
* Understand how the Lambda execution environment works
* Learn how to write Javascript serverless functions
* And walk away with knowledge about debuggers and HTTP APIs
Chapter 1: The Lambda execution model
Serverless functions
Limits
The cost model
At-least-once execution
Caching in /tmp
Cold start
Memory
Chapter 2: Setup
Node versions
The Lambda permission model
How to define code
Inline code
File interpolation
Adding packages with npm
Handler argument
Chapter 3: Programming model
Async handler
Async programming patterns
Background tasks
Input and output
The event object
The context object
Output
The AWS SDK
Pagination
Environment variables
Timeout
Cause of timeouts
Mitigating timeouts
AWS SDK timeouts
Promise-based timeout handling
Chapter 4: Debugging
Logging
X-Ray
Custom segments
Chapter 5: Other topics
Storing secrets
Using SSM
Caching
Cache time
HTTP API
OpenAPI backend
Request parameters
Special handlers
Express backend
Developing serverless applications is frustrating at first. Up until the "Hello world" everything is easy, but then a lot of small differences come to the surface. Things like why some requests are way slower than others, how to set the available memory, and why a sensible timeout is important. These are the results of how the Lambda execution environment works, and it is markedly different from running Node.Js on a server.
And it's not just how the function is run, but also what other services it interacts with. CloudWatch and Logs, IAM, and API Gateway, not to mention a database most functions will use. It's overwhelming at first.
This book systematically walks you through the configuration options and gives just the right amount of background information so that you'll know what parts are important. With it, you'll be able to set up your Lambda functions using best practices and avoid the common problems.
You'll:
* Understand how the Lambda execution environment works
* Learn how to write Javascript serverless functions
* And walk away with knowledge about debuggers and HTTP APIs
Table of contents
IntroductionChapter 1: The Lambda execution model
Serverless functions
Limits
The cost model
At-least-once execution
Caching in /tmp
Cold start
Memory
Chapter 2: Setup
Node versions
The Lambda permission model
How to define code
Inline code
File interpolation
Adding packages with npm
Handler argument
Chapter 3: Programming model
Async handler
Async programming patterns
Background tasks
Input and output
The event object
The context object
Output
The AWS SDK
Pagination
Environment variables
Timeout
Cause of timeouts
Mitigating timeouts
AWS SDK timeouts
Promise-based timeout handling
Chapter 4: Debugging
Logging
X-Ray
Custom segments
Chapter 5: Other topics
Storing secrets
Using SSM
Caching
Cache time
HTTP API
OpenAPI backend
Request parameters
Special handlers
Express backend
More Information
Anything else? Provide feedback about this page