Keith is an architect by day, blogger by night. He’s responsible for all the content on this blog, and irresponsible for everything else.
What is the myth There’s a belief that people in IT, specifically software developers are generally anti-social, introverted, desk-loving curmudgeons who act like Sheldon from the Big Bang Theory. What’s more frustrating, is that this belief is prevalent even among those working in technology — that somehow great coders are silent geniuses who shun people, while coding in a dark...
As much as I love Serverless architectures, I find myself ‘locked-in’ to a server-ed WordPress blog. It’s a mixture of too much legacy content to migrate, lack of easy migration tools, and just the fact that WordPress for all it’s faults — just works! So rather than spend countless hours trying to migrate content, I decided to keep paying the $5/mo to DigitalOcean so...
After reading the awesome DynamoDBBook from Alex DeBrie, I was prompted to fix a long running design issue with Klayers (a separate project I maintain). Like everybody else that dives into DynamoDB headfirst, I made the mistake of using multiple tables, one for each data entity. After all, a single database consists of multiple tables — so DynamoDB would logically involve multiple DynamoDB...
Let’s look at AWS Access Keys inside a Lambda function, from how they are populated into the function’s execution context, how long they last, how to exfiltrate them out and use them, and how we might detect an compromised access keys. But before that, let’s go through some basics. Lambda functions run on Firecracker, a microVM technology developed by Amazon. MicroVMs are like...
I thought I’d write down my thoughts on contact tracing apps, especially since a recent BFM suggested 53% of Malaysians wouldn’t download a contact tracing app due to privacy concerns. It’s important for us to address this, as I firmly believe, that contact tracing is an important weapon in our arsenal against COVID-19, and having 54% of Malaysians dismiss outright is concerning...
Potassium40 was a project I started to see how fast Lambda could really go. The project attempts to download the robots.txt files from 1 million websites as fast as it can. I chose robots file because — well it’s supposed to be downloaded by robots anyway, so this was both great fun, but also completely ethical as I wasn’t scraping people’s websites. The goal is still to...
This post covers how to perform logging within AWS Lambda. Lambda has built-in integration to Cloudwatch logs, making it a default choice for logs, but the way a distributed system like lambda performs logging, is quite different from how you’d do in a monolithic app. For the brave folks still reading this — let’s dive in. Lambda Logging: 101 When building lambda functions...
A lambda function is a like a little island, surrounded by network. Unlike Fargate containers, of EC2 instances, they do not have EFS, EBS or some other fast storage support. Everything that goes into a lambda, goes in via the network interface (and network only). And hence, since Lambda’s are ephemeral, everything going in and out of the lambda has to transverse that network...
Last week I took the AWS Certified Security – Specialty exam — and I passed with a score of 930 (Woohoo!!) In this post I cover why I took it, what I did to pass, my overall exam experience, and some tips I learnt along the way. So let’s go. Why? Why would anybody pay good money, subject themselves to hours of studying, only to end up sitting in a cold exam room for hours...
GitHub actions is the new kid on the workflow block. It allows users to orchestrate workflows using familiar git commands like push & pull requests, and un-familiar GitHub events like gollum, issue creation and milestone closures. In this post, we’ll use GitHub actions to orchestrate a build pipeline that will deploy lambda functions using the Serverless framework. There’s a lot...