I've recently started transitioning some of our monolithic applications to a serverless architecture using AWS Lambda and API Gateway. While I am amazed at the scalability and ease-of-use that comes with serverless, I'm also aware that new architectural patterns introduce new security considerations.

Current Setup:

Services: Predominantly AWS Lambda, API Gateway, and DynamoDB.
Architecture: Microservices pattern with each service exposed via API Gateway and business logic handled by Lambda.
Traffic: Our applications receive moderate to high traffic, with expected spikes during product launches and sales.
Concerns and Questions:

How should I handle authentication and authorization efficiently in a serverless pattern, especially considering the stateless nature of Lambda?
Are there specific security best practices or patterns when interfacing API Gateway with Lambda?
How can I ensure secure data transit between services, especially when integrating with other AWS services or external APIs?
What monitoring and alerting mechanisms should I put in place to detect and respond to potential security threats?
Are there any tools or AWS services specifically geared towards enhancing security in a serverless environment?
I've gone through the AWS Well-Architected Framework and have a basic understanding of security pillars. However, real-world experiences and nuanced insights from this community would be invaluable.

Thank you in advance for your guidance and sharing your expertise!

I'm looking to plunk down and buy a reserved instance for some Windows Server 2019 standard instances. I just want to make sure I'm selecting the right instance as my options appear to be Windows, Windows with SQL Server Standard, Windows with SQL Server Web, and Windows with SQL Server Enterprise. I don't need SQL server. I'm thinking that the Windows option is the correct one even though it doesn't say server.

Hello,
 
I totally disagree with the following sentence, because by definition a VPN provides a private connection based on FAI requirements (private IP addresses) :

"
a VPG is the AWS-side of an AWS VPN. A VPN does not provide a private connection and is not reliable as you can never guarantee the latency over the internet
"
 Is there something wrong in my reasoning ?

Thanks,

Hello,

What is a session policy in the context of the IAM ?
 I know what Resource-based policy and Identity-based policy are, but not session policy.

Regards,

Hello,

Based on my knowledge, there are two types of scaling : the up/down scaling and the out/in scaling.

I'm a bit surprised to see that in AWS Courses (so as in AWS Solution Architects Exam Preparation Book) I missed the up/down scaling !

Indeed, I always found that typical example :

- in the "Increase Group Size" Window in the "Take the action" item the CAPACITY UNIT is activated (that is to say, this represents the instance number).

In case of a up/down scaling, we are supposed to modify the CPU and/or the RAM.

But I never see such information in the "Take action" item, is that normal ?

Regards,

Folks we are facing the below issue , can anyone help me here? 

Issue: Target group health check failing .

We configured blue green ecs deployment . When we have a single ec2 instance in the cluster and when we create ECS service with desired task count as 1 - the task will place a container on port 8080. 

Next time when we do a deployment - the service fails since the port 8080 is already in use in the container instance . So we decided to use the dynamic port mapping in task definition but in that case the target group health check is failing with the settings like in the image.

Attached Files

Thumbnail(s)
   

Hi gurus.

I have an ec2 instance already with a Key-pair, is there a way I can have a second Key-pair for a user to use SSH tunnel to this ec2 that already exists?

Thanks gurus

Any ideas as to what may cause this Logstash error?

Error occurs after running this command

Hello, my name is James, and I am studying to become an Associate Solution Architect, at work my manager has tasked me to create an ELK Stack. I've run into some issues and hoping to get some assistance in this forum.

Trying to fetch header values from request using Access logging Variables($context.requestOverride.header.*) provided by AWS for an API Gateway. This Particular value is not Logging in CloudWatch.Please find attached document.

Please let me know if I need to do anything further.


Thanks & Regards
Jyotheesh K

Attached Files

  AWS CLoudWatchLogs-requestheader.docx (Size: 33.37 KB / Downloads: 324)