<![CDATA[AWS Discussion Forum - All Forums]]> https://letstalkaws.com/ Thu, 16 Apr 2026 05:40:09 +0000 MyBB <![CDATA[Best Practices for Securing AWS Lambda and API Gateway in a Serverless Architecture?]]> https://letstalkaws.com/thread-92.html Tue, 10 Oct 2023 09:10:04 +0000 kiroval479]]> https://letstalkaws.com/thread-92.html
Current Setup:

Services: Predominantly AWS Lambda, API Gateway, and DynamoDB.
Architecture: Microservices pattern with each service exposed via API Gateway and business logic handled by Lambda.
Traffic: Our applications receive moderate to high traffic, with expected spikes during product launches and sales.
Concerns and Questions:

How should I handle authentication and authorization efficiently in a serverless pattern, especially considering the stateless nature of Lambda?
Are there specific security best practices or patterns when interfacing API Gateway with Lambda?
How can I ensure secure data transit between services, especially when integrating with other AWS services or external APIs?
What monitoring and alerting mechanisms should I put in place to detect and respond to potential security threats?
Are there any tools or AWS services specifically geared towards enhancing security in a serverless environment?
I've gone through the AWS Well-Architected Framework and have a basic understanding of security pillars. However, real-world experiences and nuanced insights from this community would be invaluable.

Thank you in advance for your guidance and sharing your expertise!]]>
Current Setup:

Services: Predominantly AWS Lambda, API Gateway, and DynamoDB.
Architecture: Microservices pattern with each service exposed via API Gateway and business logic handled by Lambda.
Traffic: Our applications receive moderate to high traffic, with expected spikes during product launches and sales.
Concerns and Questions:

How should I handle authentication and authorization efficiently in a serverless pattern, especially considering the stateless nature of Lambda?
Are there specific security best practices or patterns when interfacing API Gateway with Lambda?
How can I ensure secure data transit between services, especially when integrating with other AWS services or external APIs?
What monitoring and alerting mechanisms should I put in place to detect and respond to potential security threats?
Are there any tools or AWS services specifically geared towards enhancing security in a serverless environment?
I've gone through the AWS Well-Architected Framework and have a basic understanding of security pillars. However, real-world experiences and nuanced insights from this community would be invaluable.

Thank you in advance for your guidance and sharing your expertise!]]> <![CDATA[Purchasing Windows Server Reserved Instance]]> https://letstalkaws.com/thread-87.html Fri, 17 Mar 2023 18:54:43 +0000 rnrstar]]> https://letstalkaws.com/thread-87.html <![CDATA[AWS VPN]]> https://letstalkaws.com/thread-85.html Sat, 04 Mar 2023 10:27:43 +0000 Tucix]]> https://letstalkaws.com/thread-85.html  
I totally disagree with the following sentence, because by definition a VPN provides a private connection based on FAI requirements (private IP addresses) :

"
a VPG is the AWS-side of an AWS VPN. A VPN does not provide a private connection and is not reliable as you can never guarantee the latency over the internet
"
 Is there something wrong in my reasoning ?

Thanks,]]>  
I totally disagree with the following sentence, because by definition a VPN provides a private connection based on FAI requirements (private IP addresses) :

"
a VPG is the AWS-side of an AWS VPN. A VPN does not provide a private connection and is not reliable as you can never guarantee the latency over the internet
"
 Is there something wrong in my reasoning ?

Thanks,]]> <![CDATA[session policy]]> https://letstalkaws.com/thread-84.html Sat, 04 Mar 2023 09:04:52 +0000 Tucix]]> https://letstalkaws.com/thread-84.html
What is a session policy in the context of the IAM ?
 I know what Resource-based policy and Identity-based policy are, but not session policy.

Regards,]]>
What is a session policy in the context of the IAM ?
 I know what Resource-based policy and Identity-based policy are, but not session policy.

Regards,]]> <![CDATA[Auto-Scaling Group ASG]]> https://letstalkaws.com/thread-83.html Thu, 02 Mar 2023 19:30:10 +0000 Tucix]]> https://letstalkaws.com/thread-83.html
Based on my knowledge, there are two types of scaling : the up/down scaling and the out/in scaling.

I'm a bit surprised to see that in AWS Courses (so as in AWS Solution Architects Exam Preparation Book) I missed the up/down scaling !

Indeed, I always found that typical example :

- in the "Increase Group Size" Window in the "Take the action" item the CAPACITY UNIT is activated (that is to say, this represents the instance number).

In case of a up/down scaling, we are supposed to modify the CPU and/or the RAM.

But I never see such information in the "Take action" item, is that normal ?

Regards,]]>
Based on my knowledge, there are two types of scaling : the up/down scaling and the out/in scaling.

I'm a bit surprised to see that in AWS Courses (so as in AWS Solution Architects Exam Preparation Book) I missed the up/down scaling !

Indeed, I always found that typical example :

- in the "Increase Group Size" Window in the "Take the action" item the CAPACITY UNIT is activated (that is to say, this represents the instance number).

In case of a up/down scaling, we are supposed to modify the CPU and/or the RAM.

But I never see such information in the "Take action" item, is that normal ?

Regards,]]> <![CDATA[Target group health check failed]]> https://letstalkaws.com/thread-82.html Fri, 24 Feb 2023 10:54:35 +0000 sreekarachanta]]> https://letstalkaws.com/thread-82.html
Issue: Target group health check failing .

We configured blue green ecs deployment . When we have a single ec2 instance in the cluster and when we create ECS service with desired task count as 1 - the task will place a container on port 8080. 

Next time when we do a deployment - the service fails since the port 8080 is already in use in the container instance . So we decided to use the dynamic port mapping in task definition but in that case the target group health check is failing with the settings like in the image.

.jpg   PHOTO-2023-02-24-10-43-39.jpg (Size: 35.77 KB / Downloads: 513) ]]>
Issue: Target group health check failing .

We configured blue green ecs deployment . When we have a single ec2 instance in the cluster and when we create ECS service with desired task count as 1 - the task will place a container on port 8080. 

Next time when we do a deployment - the service fails since the port 8080 is already in use in the container instance . So we decided to use the dynamic port mapping in task definition but in that case the target group health check is failing with the settings like in the image.

.jpg   PHOTO-2023-02-24-10-43-39.jpg (Size: 35.77 KB / Downloads: 513) ]]> <![CDATA[EC2 key pair]]> https://letstalkaws.com/thread-79.html Thu, 29 Sep 2022 00:33:51 +0000 fborges5555]]> https://letstalkaws.com/thread-79.html
I have an ec2 instance already with a Key-pair, is there a way I can have a second Key-pair for a user to use SSH tunnel to this ec2 that already exists?

Thanks gurus]]>
I have an ec2 instance already with a Key-pair, is there a way I can have a second Key-pair for a user to use SSH tunnel to this ec2 that already exists?

Thanks gurus]]> <![CDATA[Working on creating an ELK Stack]]> https://letstalkaws.com/thread-77.html Tue, 20 Sep 2022 19:53:18 +0000 semajlions]]> https://letstalkaws.com/thread-77.html
Error occurs after running this command


Code:
# /usr/share/logstash/bin/logstash -f /etc/logstash --config.test_and_exit

[2022-09-20T19:41:49,063][FATAL][logstash.runner          ] The given configuration is invalid. Reasod one of [ \t\r\n], "#", "input", "filter", "output" at line 6, column 1 (byte 132) after

[2022-09-20T19:41:49,066][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of anystemExit) exit


I've modified line 6 numerous times and even eliminated the filter, same error.]]>
Error occurs after running this command


Code:
# /usr/share/logstash/bin/logstash -f /etc/logstash --config.test_and_exit

[2022-09-20T19:41:49,063][FATAL][logstash.runner          ] The given configuration is invalid. Reasod one of [ \t\r\n], "#", "input", "filter", "output" at line 6, column 1 (byte 132) after

[2022-09-20T19:41:49,066][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of anystemExit) exit


I've modified line 6 numerous times and even eliminated the filter, same error.]]> <![CDATA[Working on creating an ELK Stack]]> https://letstalkaws.com/thread-76.html Tue, 20 Sep 2022 18:57:33 +0000 semajlions]]> https://letstalkaws.com/thread-76.html <![CDATA[AWS CLOUDWATCH LOGS_$context.requestOverride.header.*]]> https://letstalkaws.com/thread-75.html Wed, 24 Aug 2022 10:33:00 +0000 Jyotheesh_K]]> https://letstalkaws.com/thread-75.html
Please let me know if I need to do anything further.


Thanks & Regards
Jyotheesh K

.docx   AWS CLoudWatchLogs-requestheader.docx (Size: 33.37 KB / Downloads: 484) ]]>
Please let me know if I need to do anything further.


Thanks & Regards
Jyotheesh K

.docx   AWS CLoudWatchLogs-requestheader.docx (Size: 33.37 KB / Downloads: 484) ]]> <![CDATA[Solutions Architect certifications and associated roles]]> https://letstalkaws.com/thread-74.html Thu, 11 Aug 2022 08:19:15 +0000 fzs]]> https://letstalkaws.com/thread-74.html
Here's the way I'll put it. A Solutions Architect is ideally meant to be for a 'Systems Architect'. Someone who knows which 1 & 1 to put together to make 2. This know-how comes from years of working in different areas of tech like storage, networks, databases etc.  And a DevOps is ideally supposed be the person that actually makes that possible by doing the development & integration of those 1s to get 2.

If you have been following so far, you would see that a Solutions Architect is more of a hands off role designing the solutions but not necessarily doing the implementation rather supervising it. Granted that nowadays many organizations especially startups have mixed roles regardless of your actual designation or certification, a Solutions Architect has multiple DevOps reporting/working for them where as an SA, you design & oversee implementations.

If have already crossed 8+ yrs of experience in IT in roles that included different areas of tech, then go for the Solutions side as your future with regards to jobs will otherwise be along the lines of Individual Contributor. Solutions side will eventually open up roles into project management and higher executive business roles. DevOps side after those many years would sometimes mean you have to take a step down/salary cut to build up your career again as it's highly competitive and require eyes closed coding skills. But this can be highly rewarding if you are the person that gets satisfaction from getting their hands dirty and actually building things. IC roles will be what you most likely fit into for the rest of your career if you choose this route.

The individual certifications like ML, DB etc. are in it's true form meant for those who are going to be working on the actual implementation, i.e developer/admins. As an Solutions Architect, it will add credibility for you to design solutions in that area but not a requirement since you are only designing the solution, not implementing it.

What are your thoughts on this?]]>
Here's the way I'll put it. A Solutions Architect is ideally meant to be for a 'Systems Architect'. Someone who knows which 1 & 1 to put together to make 2. This know-how comes from years of working in different areas of tech like storage, networks, databases etc.  And a DevOps is ideally supposed be the person that actually makes that possible by doing the development & integration of those 1s to get 2.

If you have been following so far, you would see that a Solutions Architect is more of a hands off role designing the solutions but not necessarily doing the implementation rather supervising it. Granted that nowadays many organizations especially startups have mixed roles regardless of your actual designation or certification, a Solutions Architect has multiple DevOps reporting/working for them where as an SA, you design & oversee implementations.

If have already crossed 8+ yrs of experience in IT in roles that included different areas of tech, then go for the Solutions side as your future with regards to jobs will otherwise be along the lines of Individual Contributor. Solutions side will eventually open up roles into project management and higher executive business roles. DevOps side after those many years would sometimes mean you have to take a step down/salary cut to build up your career again as it's highly competitive and require eyes closed coding skills. But this can be highly rewarding if you are the person that gets satisfaction from getting their hands dirty and actually building things. IC roles will be what you most likely fit into for the rest of your career if you choose this route.

The individual certifications like ML, DB etc. are in it's true form meant for those who are going to be working on the actual implementation, i.e developer/admins. As an Solutions Architect, it will add credibility for you to design solutions in that area but not a requirement since you are only designing the solution, not implementing it.

What are your thoughts on this?]]> <![CDATA[AWS Solution Architect Associate Certification Bootcamp]]> https://letstalkaws.com/thread-73.html Wed, 27 Jul 2022 19:38:48 +0000 sanchit_jain]]> https://letstalkaws.com/thread-73.html
We have created 14 weeks of Bootcamp to prep for AWS Solution Architect Associate Certification with hands demo. Please follow the below Youtube playlist

Playlist Link: https://youtube.com/playlist?list=PLs8Ya...ks2bbXdO0w.]]>
We have created 14 weeks of Bootcamp to prep for AWS Solution Architect Associate Certification with hands demo. Please follow the below Youtube playlist

Playlist Link: https://youtube.com/playlist?list=PLs8Ya...ks2bbXdO0w.]]> <![CDATA["Principle" error setting S3 Bucket Policy]]> https://letstalkaws.com/thread-72.html Mon, 11 Jul 2022 17:38:49 +0000 ConImp]]> https://letstalkaws.com/thread-72.html
This is my first post on this forum.  I'm relatively new to AWS and am setting up an S3 Bucket for a static website and when trying to set an S3 Bucket Policy generated from the policy generator, I am getting an error:


Unknown Error
An unexpected error occurred.

*API Response
Invalid principle in policy

Here is the JSON script I am using from out of the policy generator.  Note: I pasted into Notepad and recopied first for formatting purposes:

{
  "Id": "Policy1657559771298",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1657559769311",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:awsConfused3:::continuous-improvement.org",
      "Principal": {
        "AWS": [
          "admin-w"
        ]
      }
    }
  ]
}


Please let me know if you have any ideas...]]>
This is my first post on this forum.  I'm relatively new to AWS and am setting up an S3 Bucket for a static website and when trying to set an S3 Bucket Policy generated from the policy generator, I am getting an error:


Unknown Error
An unexpected error occurred.

*API Response
Invalid principle in policy

Here is the JSON script I am using from out of the policy generator.  Note: I pasted into Notepad and recopied first for formatting purposes:

{
  "Id": "Policy1657559771298",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1657559769311",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:awsConfused3:::continuous-improvement.org",
      "Principal": {
        "AWS": [
          "admin-w"
        ]
      }
    }
  ]
}


Please let me know if you have any ideas...]]> <![CDATA[Greetings]]> https://letstalkaws.com/thread-71.html Wed, 06 Jul 2022 00:11:43 +0000 ConImp]]> https://letstalkaws.com/thread-71.html
Glad to see an active community out there for AWS!]]>
Glad to see an active community out there for AWS!]]> <![CDATA[[Online] 15 Min Fridays - AWS IoT]]> https://letstalkaws.com/thread-68.html Sat, 17 Jul 2021 04:47:55 +0000 fzs]]> https://letstalkaws.com/thread-68.html


AWS User Group Hyderabad will be hosting 15min sessions on Fridays which will be demo sessions with a quick walk-through on how it's done.

The first session will be around using AWS IoT to control a Lamp using ESP32 Micro Controller.

Friday, July 23rd 8:30PM IST

Official Site Registration: https://bit.ly/3ejWGN5
Meetup Site: https://bit.ly/36FtPhW
Join the clubhouse group: https://bit.ly/3xKJDvW


Users registering on the site will have the opportunity to claim goodies in the near future.]]>


AWS User Group Hyderabad will be hosting 15min sessions on Fridays which will be demo sessions with a quick walk-through on how it's done.

The first session will be around using AWS IoT to control a Lamp using ESP32 Micro Controller.

Friday, July 23rd 8:30PM IST

Official Site Registration: https://bit.ly/3ejWGN5
Meetup Site: https://bit.ly/36FtPhW
Join the clubhouse group: https://bit.ly/3xKJDvW


Users registering on the site will have the opportunity to claim goodies in the near future.]]>