<![CDATA[AWS Discussion Forum

<![CDATA[AWS Discussion Forum - Portal]]> https://letstalkaws.com/ Tue, 14 Apr 2026 13:41:32 +0000 MyBB <![CDATA[Best Practices for Securing AWS Lambda and API Gateway in a Serverless Architecture?]]> https://letstalkaws.com/thread-92.html Tue, 10 Oct 2023 09:10:04 +0000 kiroval479]]> https://letstalkaws.com/thread-92.html
Current Setup:

Services: Predominantly AWS Lambda, API Gateway, and DynamoDB.
Architecture: Microservices pattern with each service exposed via API Gateway and business logic handled by Lambda.
Traffic: Our applications receive moderate to high traffic, with expected spikes during product launches and sales.
Concerns and Questions:

How should I handle authentication and authorization efficiently in a serverless pattern, especially considering the stateless nature of Lambda?
Are there specific security best practices or patterns when interfacing API Gateway with Lambda?
How can I ensure secure data transit between services, especially when integrating with other AWS services or external APIs?
What monitoring and alerting mechanisms should I put in place to detect and respond to potential security threats?
Are there any tools or AWS services specifically geared towards enhancing security in a serverless environment?
I've gone through the AWS Well-Architected Framework and have a basic understanding of security pillars. However, real-world experiences and nuanced insights from this community would be invaluable.

Thank you in advance for your guidance and sharing your expertise!]]>
Current Setup:

Services: Predominantly AWS Lambda, API Gateway, and DynamoDB.
Architecture: Microservices pattern with each service exposed via API Gateway and business logic handled by Lambda.
Traffic: Our applications receive moderate to high traffic, with expected spikes during product launches and sales.
Concerns and Questions:

How should I handle authentication and authorization efficiently in a serverless pattern, especially considering the stateless nature of Lambda?
Are there specific security best practices or patterns when interfacing API Gateway with Lambda?
How can I ensure secure data transit between services, especially when integrating with other AWS services or external APIs?
What monitoring and alerting mechanisms should I put in place to detect and respond to potential security threats?
Are there any tools or AWS services specifically geared towards enhancing security in a serverless environment?
I've gone through the AWS Well-Architected Framework and have a basic understanding of security pillars. However, real-world experiences and nuanced insights from this community would be invaluable.

Thank you in advance for your guidance and sharing your expertise!]]> <![CDATA[Purchasing Windows Server Reserved Instance]]> https://letstalkaws.com/thread-87.html Fri, 17 Mar 2023 18:54:43 +0000 rnrstar]]> https://letstalkaws.com/thread-87.html <![CDATA[AWS VPN]]> https://letstalkaws.com/thread-85.html Sat, 04 Mar 2023 10:27:43 +0000 Tucix]]> https://letstalkaws.com/thread-85.html
I totally disagree with the following sentence, because by definition a VPN provides a private connection based on FAI requirements (private IP addresses) :

"
a VPG is the AWS-side of an AWS VPN. A VPN does not provide a private connection and is not reliable as you can never guarantee the latency over the internet
"
Is there something wrong in my reasoning ?

Thanks,]]>
I totally disagree with the following sentence, because by definition a VPN provides a private connection based on FAI requirements (private IP addresses) :

"
a VPG is the AWS-side of an AWS VPN. A VPN does not provide a private connection and is not reliable as you can never guarantee the latency over the internet
"
Is there something wrong in my reasoning ?

Thanks,]]> <![CDATA[session policy]]> https://letstalkaws.com/thread-84.html Sat, 04 Mar 2023 09:04:52 +0000 Tucix]]> https://letstalkaws.com/thread-84.html
What is a session policy in the context of the IAM ?
I know what Resource-based policy and Identity-based policy are, but not session policy.

Regards,]]>
What is a session policy in the context of the IAM ?
I know what Resource-based policy and Identity-based policy are, but not session policy.

Regards,]]> <![CDATA[Auto-Scaling Group ASG]]> https://letstalkaws.com/thread-83.html Thu, 02 Mar 2023 19:30:10 +0000 Tucix]]> https://letstalkaws.com/thread-83.html
Based on my knowledge, there are two types of scaling : the up/down scaling and the out/in scaling.

I'm a bit surprised to see that in AWS Courses (so as in AWS Solution Architects Exam Preparation Book) I missed the up/down scaling !

Indeed, I always found that typical example :

- in the "Increase Group Size" Window in the "Take the action" item the CAPACITY UNIT is activated (that is to say, this represents the instance number).

In case of a up/down scaling, we are supposed to modify the CPU and/or the RAM.

But I never see such information in the "Take action" item, is that normal ?

Regards,]]>
Based on my knowledge, there are two types of scaling : the up/down scaling and the out/in scaling.

I'm a bit surprised to see that in AWS Courses (so as in AWS Solution Architects Exam Preparation Book) I missed the up/down scaling !

Indeed, I always found that typical example :

- in the "Increase Group Size" Window in the "Take the action" item the CAPACITY UNIT is activated (that is to say, this represents the instance number).

In case of a up/down scaling, we are supposed to modify the CPU and/or the RAM.

But I never see such information in the "Take action" item, is that normal ?

Regards,]]> <![CDATA[Target group health check failed]]> https://letstalkaws.com/thread-82.html Fri, 24 Feb 2023 10:54:35 +0000 sreekarachanta]]> https://letstalkaws.com/thread-82.html
Issue: Target group health check failing .

We configured blue green ecs deployment . When we have a single ec2 instance in the cluster and when we create ECS service with desired task count as 1 - the task will place a container on port 8080.

Next time when we do a deployment - the service fails since the port 8080 is already in use in the container instance . So we decided to use the dynamic port mapping in task definition but in that case the target group health check is failing with the settings like in the image.

.jpg

PHOTO-2023-02-24-10-43-39.jpg (Size: 35.77 KB / Downloads: 512) ]]>
Issue: Target group health check failing .

We configured blue green ecs deployment . When we have a single ec2 instance in the cluster and when we create ECS service with desired task count as 1 - the task will place a container on port 8080.

Next time when we do a deployment - the service fails since the port 8080 is already in use in the container instance . So we decided to use the dynamic port mapping in task definition but in that case the target group health check is failing with the settings like in the image.

.jpg

PHOTO-2023-02-24-10-43-39.jpg (Size: 35.77 KB / Downloads: 512) ]]> <![CDATA[EC2 key pair]]> https://letstalkaws.com/thread-79.html Thu, 29 Sep 2022 00:33:51 +0000 fborges5555]]> https://letstalkaws.com/thread-79.html
I have an ec2 instance already with a Key-pair, is there a way I can have a second Key-pair for a user to use SSH tunnel to this ec2 that already exists?

Thanks gurus]]>
I have an ec2 instance already with a Key-pair, is there a way I can have a second Key-pair for a user to use SSH tunnel to this ec2 that already exists?

Thanks gurus]]> <![CDATA[Working on creating an ELK Stack]]> https://letstalkaws.com/thread-77.html Tue, 20 Sep 2022 19:53:18 +0000 semajlions]]> https://letstalkaws.com/thread-77.html
Error occurs after running this command

Code:
# /usr/share/logstash/bin/logstash -f /etc/logstash --config.test_and_exit

[2022-09-20T19:41:49,063][FATAL][logstash.runner          ] The given configuration is invalid. Reasod one of [ \t\r\n], "#", "input", "filter", "output" at line 6, column 1 (byte 132) after

[2022-09-20T19:41:49,066][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of anystemExit) exit

I've modified line 6 numerous times and even eliminated the filter, same error.]]>
Error occurs after running this command

Code:
# /usr/share/logstash/bin/logstash -f /etc/logstash --config.test_and_exit

[2022-09-20T19:41:49,063][FATAL][logstash.runner          ] The given configuration is invalid. Reasod one of [ \t\r\n], "#", "input", "filter", "output" at line 6, column 1 (byte 132) after

[2022-09-20T19:41:49,066][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of anystemExit) exit

I've modified line 6 numerous times and even eliminated the filter, same error.]]> <![CDATA[Working on creating an ELK Stack]]> https://letstalkaws.com/thread-76.html Tue, 20 Sep 2022 18:57:33 +0000 semajlions]]> https://letstalkaws.com/thread-76.html <![CDATA[AWS CLOUDWATCH LOGS_$context.requestOverride.header.*]]> https://letstalkaws.com/thread-75.html Wed, 24 Aug 2022 10:33:00 +0000 Jyotheesh_K]]> https://letstalkaws.com/thread-75.html
Please let me know if I need to do anything further.

Thanks & Regards
Jyotheesh K

.docx

AWS CLoudWatchLogs-requestheader.docx (Size: 33.37 KB / Downloads: 484) ]]>
Please let me know if I need to do anything further.

Thanks & Regards
Jyotheesh K

.docx

AWS CLoudWatchLogs-requestheader.docx (Size: 33.37 KB / Downloads: 484) ]]>