April 5, 2022

How I passed the AWS Security Speciality with mostly free content 🥇

Background I recently re-certified the AWS Security Speciality exam. To me, it remains one of my favourite exams, and also one of the most beneficial for anyone looking to improve their AWS knowledge. It doesn’t matter whether your interest is in containers or serverless, machine learning or data and analytics - you should understand topics like identity and access management, infrastructure security and data protection to deliver more secure solutions.

January 8, 2022

Lambda Powertools

Last week, AWS announced the beta release of AWS Lambda Powertools Typescript. This is a suite of TypeScript utilities for AWS Lambda functions to enable the adoption of best practices in areas such as structured logging, tracing and custom metrics. Over the past few years, serverless architectures on AWS have converged upon multiple individual AWS Lambda functions, with each one implementing least privilege and responsible for one task (single responsibility principle).

August 2, 2021

QLDB KMS Overview

Background When Amazon QLDB was first launched, it only supported AWS owned keys to encrypt data at rest. Amazon QLDB launched support for customer managed AWS KMS keys on July 22, 2021. For many organisations, especially those in regulated environments, this is a big deal. So let’s dive deeper into what this means by taking a look at the AWS KMS service Customer Master Keys (CMK) The primary resource in AWS KMS is a customer master key (CMK), which is sometimes referred to as the root or master key.

June 2, 2021

QLDB Access Control

When QLDB was first launched, it provided a set of actions for interacting with the control plane API to manage ledgers (see here), but only a single action for interacting with a ledger over the data plane API. This meant any user or role required the qldb:sendCommand permission for issuing a PartiQL command against a ledger. With this IAM permission, you were able to execute all PartiQL commands from simple lookups, to mutating current state with updates and deletes, and querying all revision history.

April 1, 2021

Concurrency Control in QLDB

Background Concurrency control is critical in any system where accuracy and trust in the record needs to be maintained. It is the way of ensuring that correct results are generated, even when multiple concurrent transactions are taking place. This blog post takes a closer look at how Amazon QLDB implements concurrency control. It includes a number of demos that you can try out for yourself, with more information and the code available at QLDB Concurrency Demo

March 4, 2021

Securely Access QLDB from a Private Subnet

Background The serverless demo applications I built out previously use AWS Lambda running in service VPCs to interact with QLDB. Historically, there were significant cold start penalties when Lambda was configured to connect to your own VPC. This was a result of setting up a new Elastic Network Interface (ENI) and creating a cross-account attachment. However, this changed dramatically with a new release at the end of 2019 described in this blog post.