AWS Posts

Orchestrating AWS Lambda Functions Using AWS Step Functions

Orchestrating AWS Lambda functions with AWS Step Functions

While our serverless applications grow day by day; the need to orchestrate our Lambda functions may become an issue. We might need to execute some functions sequentially and one of our functions might get output of another function as input. Similarly, some functions might require to be executed in parallel. In these cases, AWS Step Functions can help us to coordinate our Lambda executions as components of our distributed applications and microservices.

In this blog post, I will make an introduction to AWS Step functions with a simple case. I will try to show how we can define sequential and parallel executions, as well as intermediary states to transform one state’s output to pass another state as input. Read more at Orchestrating AWS Lambda Functions Using AWS Step Functions post.

Provisioning Custom AWS CloudFormation Resources With AWS Lambda Functions

AWS CloudFormation is the foundation of operational excellence on AWS. We code our infrastructure as JSON or YAML templates and test it as much as we need before deploying to production. We manage our infrastructure as code.

However, some new AWS resources may not be supported by AWS CloudFormation at the time they are launched. As of today, an example of this is the Elastic GPU resource. The solution is to define a custom CloudFormation resource and attach it to an AWS Lambda function which launches these resources. The Lambda function should also be in the same template. So let’s talk about how to do this in this blog post. Read more at Provisioning Custom AWS CloudFormation Resources With AWS Lambda Functions post.

Transferring Domain Registrations from GoDaddy to Amazon Route 53

Amazon Route 53 offers domain registration services, and if you would like to keep your domains together as I do, you can easily transfer your current domain names to Route 53.

In the past, I bought some domains from GoDaddy, and today, I generally use Amazon Route 53 as my DNS service. It is time to renew some of our domain names, and I decided to move them to AWS as they are extended one year automatically after the transfer. This will allow me to manage my domain names and the services behind them all together on AWS. I will describe the process as a reference. Read more at Transferring Domain Registrations from GoDaddy to Amazon Route 53 post.

Controlling API Usage with API Keys and Usage Plans on AWS API Gateway

Contolling API Usage with API Keys and Usage Plans on AWS API Gateway

AWS API Gateway lets us develop our own RESTful APIs and trigger AWS Lambda functions upon HTTP requests. I often use this architecture in serverless applications and developed many APIs for my clients. With the help of API Keys and Usage Plans, we can define maximum request quotas and manage request rates while sharing our API with others.

API keys can never be considered a complete security measure as we often store these keys in client applications calling the API. Still, usage plans can help us limit the API access and ensure that usage does not exceed the thresholds we define. Read more at Controlling API Usage with API Keys and Usage Plans on AWS API Gateway post.

AWS IAM Policy Conditions and Restricting Access by Availability Zones

AWS Identity and Access Management (IAM) is the foundation service to manage security of your resources on AWS. Custom IAM policies feature allows us to define our own policies according to our needs instead of using AWS Managed Policies. Normally, it is a best practice to use managed policies whenever possible, because AWS updates them automatically when a new service is launched. However, assigning least privileges is the most important principle in terms of security and sometimes it is better to prepare custom policies.

Conditions in IAM policies allow us to tailor permissions and grant access to users if the resource meets specific conditions. In this post, I will show you how to use conditions in an IAM policy to grant users permissions to start/stop EC2 instances if the instance is in a specific availability zone. Read more at AWS IAM Policy Conditions and Restricting Access by Availability Zones post.