profile

Master Serverless

by Yan Cui, AWS Serverless Hero

Join 7500+ readers and get weekly tips, tutorials and practical advice on building serverless applications for the real world.

PostsLinks
Featured Post

How to handle execution timeouts in AWS Step Functions

Step Functions lets you set a timeout on Task states and the whole execution. By default, a Task state times out after 60 seconds. But an execution can run for a year if no TimeoutSeconds is configured. To a user, the execution would appear as “stuck”. AWS best practices recommend using timeouts to avoid such scenarios [1]. So it’s important to consider what happens when you experience a timeout You can use the Catch clause to handle the States.Timeout error when a Task state times out. You...

5 days ago • 2 min read

How to apply the TDD mindset to serverless Read on my blog Read time: 3 minutes. Testing is an integral part of software development. Your tests are a living documentation of your system. They inform others how to use your system, but they are so much more than that. One of the most understood parts of Test-Driven Development (TDD) is the "Driven" part of the name. It's not just about "writing tests before you write the code". If your tests do not inform and drive your API design, then you're...

18 days ago • 3 min read

Here are four ways you can implement WebSockets using serverless Read on my blog Read time: 6 minutes. The myth that “you can’t do WebSockets with serverless” still persists today, even though we have some very good ways to implement WebSockets without needing to manage any servers. Part of the problem is that many still falsely equate “serverless” with Lambda. But serverless is much more than that. To me, it describes any technology that: No need to manage servers. Scale to zero. Usage-based...

24 days ago • 5 min read

DynamoDB now supports resource-based policies. But is that a good idea? Read on my blog Read time: 5 minutes. DynamoDB announced support for resource-based policies [1] a few days ago. It makes cross-account access to DynamoDB tables easier. You no longer need to assume an IAM role in the target table’s account. I was confused by this update and wondered if it was even a good idea. If you need cross-account access to DynamoDB, then it’s surely a sign you’re breaking service boundaries, right?...

about 1 month ago • 4 min read

When to use Step Functions vs. doing it all in a Lambda function Read on my blog Read time: 6 minutes I’m a big fan of AWS Step Functions. I use it to orchestrate all sorts of workflows, from payment processing to map-reduce jobs. Why it’s yet another AWS service you need to learn and pay for. And it introduces additional complexities, such as: It’s hard to test [1]. Your business logic is split between configuration and code. New decision points. Such as whether to use Express Workflows or...

about 2 months ago • 5 min read

When to use API Gateway vs. Lambda Function URLs Read on my blog Read time: 4 minutes “Lambdalith” is a monolithic approach to building serverless applications where a single Lambda function serves an entire API, instead of one function per endpoint. It’s an increasingly popular approach. It provides portability between Lambda functions and container applications. You can lift and shift an existing application into Lambda without rewriting it. You can use web frameworks you are already...

about 2 months ago • 3 min read

First impressions of the fastest JavaScript runtime for Lambda Read on my blog Read time: 4 minutes I thought Lambda needed a specialised runtime. One that works well with its resource-constraint execution environment. I even floated a few ideas in the past but sadly I don’t have the chops to make them happen myself. So I was pleasantly surprised when AWS open-sourced the LLRT runtime for JavaScript [1]! What is LLRT? LLRT, or Low Latency Runtime, is a new and experimental JavaScript runtime...

about 2 months ago • 4 min read

What’s the best way to migrate Cognito users to a new user pool? Read on my blog Read time: 4 minutes I shared on Linkedin [1] the other day that you should avoid using Cognito subs as the user ID for your system. One of the reasons is that a user’s sub does not carry over when you migrate to a new user pool. Someone responded by asking “Is this type of migration really that common that it necessitates consideration?” It’s a great question, so let’s dive into it. When should you consider a...

2 months ago • 3 min read

How to secure CI/CD roles without burning production to the ground Read on my blog Read time: 4 minutes By now, most of us have moved away from using IAM users for CI/CD pipelines. Instead, we’d use dedicated CI/CD roles, one for each pipeline. This forces us to consider who can assume this role. Identity federation is widely supported by 3rd-party providers such as GitHub Actions [1]. So, no more putting IAM credentials in CI/CD tools and worry that they might be compromised in a security...

2 months ago • 6 min read

First impressions of CloudFormation's IaC generator and CDK migrate Read on my blog Read time: 4 minutes CloudFormation recently announced the IaC generator [1]. It lets you: Scan your AWS account and catalogue manually recreated resources. Select manually created resources and capture them in a generated CloudFormation template. Concurrently, CDK announced [2] a new cdk migrate command. Which lets you generate a CDK application from CloudFormation. On paper, these sound amazing! It solves...

3 months ago • 2 min read
Share this page