2025-05-06
aws, authz, serverless
Taking our authorization system to the next level! In this third part of our series, we're enhancing our Amazon Verified Permissions (AVP) solution with Attribute-Based Access Control (ABAC). By combining RBAC and ABAC, we get a powerful authorization system that can enforce fine-grained access based on user attributes and context - perfect for multi-tenant applications where access control needs to account for more than just roles.
2025-04-10
Serverless EventDriven AWS Devops
This talk will explore how a fintech market leader in Sweden, created a serverless and event-driven integration with Slack on AWS. Creating a solution, to automate tasks across a multi-account setup. Learn how this journey optimized cost, enhanced productivity and security by eliminating repetitive tasks, by minimizing human error. A key aspect was integrating alarms and notifications directly into Slack, enabling developers to take immediate action on system alerts. We will look at the problems, deep dive into implementation, and the challenges we faced. Join us to gain valuable insights and practical tips for transforming your workflows.
2025-04-02
Serverless IoT AWS
In large-scale IoT systems, where thousands of devices are constantly communicating, data and control messages can flow unpredictably and at varying rates throughout the day. Serverless and event-driven architectures provide a dynamic and efficient solution to this challenge. In this session, we’ll explore why serverless is a great fit for IoT, particularly in handling data ingestion and management. We’ll dive into the key architectural patterns used in IoT systems, highlighting how event-driven design enables scalability, flexibility, and cost optimization. I’ll also walk you through an architecture I designed for an IoT use case, showcasing the integration of various AWS services tailored for data ingestion, processing, and analytics. Along the way, we’ll discuss the challenges encountered and lessons learned during development, offering actionable insights into the unique aspects of building serverless IoT solutions. Join me to understand how serverless and event-driven architectures can unlock the full potential of IoT, enabling resilient and scalable systems that are easy to manage and adapt to evolving demands.
2025-03-26
2025-02-20
As authorization needs evolve, managing access efficiently becomes even more crucial. In this follow-up post, we extend our Policy Decision Point (PDP) and Policy Enforcement Point (PEP) solution by introducing Amazon Verified Permissions (AVP) for fine-grained authorization. Instead of storing permissions in DynamoDB, we leverage AVP’s centralized policy engine and Cedar policy language to define and enforce access control dynamically.
2025-01-30
Authorization is a critical part of securing cloud applications, and understanding the best practices for implementing it can make all the difference. In this post, we dig deep on the concepts of Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs), and how they work together to manage user access efficiently. We dive into a serverless solution using AWS Lambda and API Gateway, implementing Role-Based Access Control (RBAC) for fine-grained access control based on Cognito User Groups. This solution ensures scalability, low latency, and efficient authorization in serverless environments.
2024-12-22
aws, iot, security, serverless
Secure communication is a important in IoT systems, where certificates and trust play a vital role. In this post we extend the API introduced in part 1, we will add functionality to create device certificates, introduce an inventory, add some event-driven parts, and the possibility to list and get certificates. This hands-on approach is great for learning purposes and development environments, production setups however require robust managed solutions.
2024-11-27
Secure communication is a important in IoT systems, where certificates and trust play a vital role. In this post, I explore the foundations of certificate management, including PKI, certificate chains, and trust. Also I introduce a serverless self-service API using Amazon API Gateway and Lambda for an easy way to create certificates. This hands-on approach is great for learning purposes and development environments, production setups however require robust managed solutions.
2024-11-06
serverless AWS analytics
Talk about the innovative approach of utilizing AWS Lambda@Edge to gather statistics for a static website, focusing on server-side data collection for page views.
2024-10-31
aws, ai, security, serverless
In this post, I extend the File Manager service I built previously by adding content moderation capabilities. The original service stores files in S3 and records them in a DynamoDB table, using a serverless, event-driven approach. Now, with AWS GuardDuty and Rekognition, I’ve enhanced the service with malware scanning and image moderation.
2024-09-20
serverless, aws, saas, IoT
In part four of the series about the world of BBQ, where tradition and technology rarely cross paths. The future of grilling is here, and it’s connected, smart, and runs on the cloud! We look at the key difference between Authentication and Authorization in a SaaS solution. We introduce a new authorization architecture with a centralized Policy Decision Point (PDP) and distributed Policy Enforcement Points (PEPs) implemented serverless with API Gateway and Lambda.
2024-09-11
2024-08-24
2024-08-23
In part three of the series about the world of BBQ, where tradition and technology rarely cross paths. The future of grilling is here, and it’s connected, smart, and runs on the cloud! I continue with tenant management using an serverless and event-driven approach with EventBridge, StepFunctions, API Gateway, Lambda, and Cognito User Pools.
2024-07-25
aws, event-driven, serverless
One of the major reason that I write all of these blog posts is to help people learn about cloud and AWS. How would you know that you understood what you read and learned from it? In this post I discuss how I introduced gamified learning by adding a quiz from kvist.ai on my blog posts, directly from my CI/CD pipeline running as an event-driven system using Amazon EventBridge and AWS StepFunctions.
2024-06-12
In part two of the series about the world of BBQ, where tradition and technology rarely cross paths. The future of grilling is here, and it’s connected, smart, and runs on the cloud! I continue with user management using an serverless and event-driven approach with Cognito User Pool together with Lambda, EventBridge, and StepFunctions.
2024-05-29
serverless, aws, IoT
In the world of BBQ, tradition and technology rarely cross paths. But what if I told you that the future of grilling is here, and it’s connected, smart, and runs on the cloud? In this blog series, I will explore how AWS IoT, serverless, and event-driven architecture enables an automated cooking experience. As a tech-savvy griller, I discover how cloud technology can elevate my grilling game to a whole new level.
2024-05-22
AWS, Serverless, Containers
Running containers in a serverless way, on Fargate, come with a lot of benefits. In this talk I share migration paths and benefits with moving to Fargate. I also share war stories from running containers on Fargate with several customers.
2024-05-16
serverless AWS
Talk about building an IoT connected smoker and how to use AWS and IoT to perfect your BBQ skills.
2024-05-07
Talk about building resilient serverless workloads, real life examples and good to know architecture patterns.
2024-04-26
serverless, aws
Serverless and event-driven workloads on AWS are well known for their inherent high availability and scalability, offering a robust platform right out of the box. In the world of cloud, it's well known that everything fails all the time. This reality becomes even more complex when serverless systems interact with non-serverless components. In this post, I'll dig into architecture concepts that can help you handle failures effectively.
2024-04-17
2024-04-10
In this post we'll look at Amazon Verified Permissions (AVP) a serverless service for easy management and enforcement of application permissions, and how to use it to secure Amazon API gateway API together with Cognito User Pools.
2024-03-19
AWS offers several great serverless services for data engineering and analytics. In this post I describe my serverless analytics setup for click stream analytics of a static webpage, using Amazon Glue, Athena, Managed Grafana for analytics. Data ingestion and storage with Lamba@Edge, StepFunctions and S3.