I recently had the opportunity to explore building custom CloudFormation resource types as a mechanism to support a stream-aligned team. It was intriguing to play with this new-to-me tool and see how it could reduce complexity for the team.

I had an AWS STS AssumeRole problem today when I was working with the AWS SDK; digging in it turned out the problem was that AssumeRole was not actually being invoked. Poking around I was unsurprised to find that @ben11kehoe had already clearly stated the problem and GitHub user petitout had example Go code with the right way to do it (link).

Recently one of the teams I work with had a fun time (note: it was not fun in the moment) with Amazon Simple Queue Service (SQS), dead-letter queues (DLQs), and AWS Key Management Service (KMS). I thought I’d share because we learned something pretty important.

I had the amazing opportunity to co-present a session at AWS re:Inforce 2022. My co-presenter was Suresh Sridharan, a product manager on the Amazon Cognito team. Suresh talked about a variety of options that Cognito customers have for managing multi-tenant solutions, and I talked about the particular choices that our team has made and what took us down this path. For the full details, check out the slides and the recording.

I read a great post about protecting Amazon Cognito with an Amazon CloudFront proxy and wondered if using an Amazon API Gateway proxy instead would work better. It really really did. Being able to use the full power of Lambda was fantastic, and the performance was improved significantly. I got in touch with the author of the original post and he was generous enough to offer a collaboration on a follow-up post on the AWS architecture blog.

Sometimes Lambda doesn’t cut it when you’re trying to create a custom resource.

The other day I got halfway through writing a very irate support ticket to AWS, stopped to do some fact checking, and learned something deeply annoying.

If I had to pick one word to describe AWS re:Invent 2017, it would be “popular”. There were over 43 000 attendees this year. The conference organizers and staff did an amazing job rising to the challenge, keeping folks corralled and working hard to manage expectations. I had a fun time; it was great to meet up with old friends, make a few new ones, and learn stuff at the same time.

How much networking do you need to understand when your primary focus is serverless development?

A good friend of mine has a habit of throwing gauntlets around like they’re nothing. “So, Geoff,” he’ll start casually, “did you know there are some new AWS specialty certifications in beta now?” This is usually about the time that I realize I’m in for a world of pain, uh, learning. It turns out that this time AWS has come up with three exams that I’ll conservatively call pro-level. I’ve been learning a lot over the past year and a bit, negotiating a career transition from telecom to security, so I’d consider myself a firm novice when it comes to all this stuff, but it’s not like we were doing nothing over in the old world, so I figured I’d check out the landscape for the security certification.