CDK doesn’t offer every type of resource by default. Custom Resources allow us to overcome this limitation. Anything that can be created within a Lambda function, can be deployed as a Custom Resource, with its lifecycle being managed by CDK/CloudFormation. This blog posts explains how to set this up using the example of an user in a SimpleAD.
DynamoDB allows us to store complex data structures and deeply nested objects, but this complexity isn’t free. In this post we take a look at how different Lambda configurations impact the read times from boto3. We examine how different resource configurations can improve the read time of the same item by more than a factor of 12.
Many Lambda functions are written in Python and use the AWS SDK boto3. Initializing your first boto3 client or resource can take a long time after a Lambda cold start. In this article we explore how much exactly and why it’s up to 10x faster on Lambdas with more memory.
Keeping accounts decoupled is important in cross account scenarios. Setting permissions in the wrong way can lead to unwanted behavior. Better avoid setting a principal in a resource policy to a specific ARN as it may lead to ‘Invalid Principal’-errors. Using conditions provides you a more reliable and least privileged architecture.
The case of the missing bucket notifications A few days ago I was trying to do something quite simple. I wanted to send S3 Put-Events to multiple Lambda functions for processing. This is a pretty common pattern. To implement it you have to use an architecture such as the one you can see in the title image above. This is because S3 has a limit on the event handlers (notification targets) per event type of exactly one.
Dissecting Serverless Stacks (IV) After we figured out how to implement a sls command line option to switch between the usual behaviour and a way to conditionally omit IAM in our deployments, we will get deeper into it and build a small hack on how we could hand over all artefacts of our project to somebody who does not even know SLS at all.
Dissecting Serverless Stacks (III) The third post of this series showed how to make IAM statements an external file, so we can deploy that one but still work with the sls command. It still involved commenting out things in the configuration, so this post will show how to solve that issue.
Dissecting Serverless Stacks (II) With the output of the last post of this series, we established the base to be able to deliver a Serverless application independent of its needed IAM privileges. So let’s see how this will work out.
