Cloud

Authorization is a critical part of securing cloud applications, and understanding the best practices for implementing it can make all the difference. In this post, we dig deep on the concepts of Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs), and how they work together to manage user access efficiently. We dive into a serverless solution using AWS Lambda and API Gateway, implementing Role-Based Access Control (RBAC) for fine-grained access control based on Cognito User Groups. This solution ensures scalability, low latency, and efficient authorization in serverless environments.

Secure communication is a important in IoT systems, where certificates and trust play a vital role. In this post we extend the API introduced in part 1, we will add functionality to create device certificates, introduce an inventory, add some event-driven parts, and the possibility to list and get certificates. This hands-on approach is great for learning purposes and development environments, production setups however require robust managed solutions.

Secure communication is a important in IoT systems, where certificates and trust play a vital role. In this post, I explore the foundations of certificate management, including PKI, certificate chains, and trust. Also I introduce a serverless self-service API using Amazon API Gateway and Lambda for an easy way to create certificates. This hands-on approach is great for learning purposes and development environments, production setups however require robust managed solutions.

In this post, I extend the File Manager service I built previously by adding content moderation capabilities. The original service stores files in S3 and records them in a DynamoDB table, using a serverless, event-driven approach. Now, with AWS GuardDuty and Rekognition, I’ve enhanced the service with malware scanning and image moderation.

A re:Invent é uma das maiores, se não a maior, conferências de tecnologia do mundo. Participar da re:Invent pela primeira vez pode ser avassalador. Neste post, tento dar alguns conselhos sobre como sobreviver não apenas à re:Invent, mas também a Las Vegas como um participante de primeira viagem.

re:Invent is one of, if not the biggest, tech conferences in the world. Attending re:Invent for the first time can be overwhelming. In this post, I try to give you some advice on how to survive not only re:Invent but also Las Vegas as a first-time attendee.

re:Invent est l'une des plus grandes conférences technologiques au monde, sinon la plus grande. Assister à re:Invent pour la première fois peut être accablant. Dans cet article, j'essaie de vous donner quelques conseils pour survivre non seulement à re:Invent mais aussi à Las Vegas en tant que participant pour la première fois.

re:Invent es una de las conferencias tecnológicas más grandes del mundo, si no la más grande. Asistir a re:Invent por primera vez puede ser abrumador. En esta publicación, intento darte algunos consejos sobre cómo sobrevivir no solo a re:Invent sino también a Las Vegas como asistente por primera vez.

re:Invent ist eine der größten, wenn nicht sogar die größte Tech-Konferenz der Welt. Der erste Besuch bei re:Invent kann überwältigend sein. In diesem Beitrag versuche ich, Ihnen einige Ratschläge zu geben, wie Sie nicht nur re:Invent, sondern auch Las Vegas als Erstbesucher überleben können.

re:Invent is one of, if not the biggest, tech conferences in the world. Attending re:Invent for the first time can be overwhelming. In this post I try give you some advice how to survive not only re:Invent but also Las Vegas as a first time attendee.

In part four of the series about the world of BBQ, where tradition and technology rarely cross paths. The future of grilling is here, and it’s connected, smart, and runs on the cloud! We look at the key difference between Authentication and Authorization in a SaaS solution. We introduce a new authorization architecture with a centralized Policy Decision Point (PDP) and distributed Policy Enforcement Points (PEPs) implemented serverless with API Gateway and Lambda.

In part three of the series about the world of BBQ, where tradition and technology rarely cross paths. The future of grilling is here, and it’s connected, smart, and runs on the cloud! I continue with tenant management using an serverless and event-driven approach with EventBridge, StepFunctions, API Gateway, Lambda, and Cognito User Pools.

One of the major reason that I write all of these blog posts is to help people learn about cloud and AWS. How would you know that you understood what you read and learned from it? In this post I discuss how I introduced gamified learning by adding a quiz from kvist.ai on my blog posts, directly from my CI/CD pipeline running as an event-driven system using Amazon EventBridge and AWS StepFunctions.

Events are changes in a system’s state, often triggering specific actions, while data streams represent continuous flows of data elements over time. Events can form part of data streams, but not all data streams are composed of events, as they may include continuous data points like sensor readings. AWS offers services like Amazon EventBridge and SNS for managing events, Amazon Kinesis for, real-time data streams, and IoT Core that can handle both, making it possible to handle both concepts in cloud.

In part two of the series about the world of BBQ, where tradition and technology rarely cross paths. The future of grilling is here, and it’s connected, smart, and runs on the cloud! I continue with user management using an serverless and event-driven approach with Cognito User Pool together with Lambda, EventBridge, and StepFunctions.

In the world of BBQ, tradition and technology rarely cross paths. But what if I told you that the future of grilling is here, and it’s connected, smart, and runs on the cloud? In this blog series, I will explore how AWS IoT, serverless, and event-driven architecture enables an automated cooking experience. As a tech-savvy griller, I discover how cloud technology can elevate my grilling game to a whole new level.

Serverless and event-driven workloads on AWS are well known for their inherent high availability and scalability, offering a robust platform right out of the box. In the world of cloud, it's well known that everything fails all the time. This reality becomes even more complex when serverless systems interact with non-serverless components. In this post, I'll dig into architecture concepts that can help you handle failures effectively.

In this post we'll look at Amazon Verified Permissions (AVP) a serverless service for easy management and enforcement of application permissions, and how to use it to secure Amazon API gateway API together with Cognito User Pools.