Envelope encryption in Lambda functions with DynamoDB and KMS

Here's a quick code snippet on how to implement field level encryption of data stored in DynamoDB using per-record encryption keys and the AWS Key management store (KMS).

Serverless content security policy

Add content security policy (CSP) to your site without changing your backends (or when you don't have backends and are using static site origins). Here's how!

Invalidate CloudFront with Lambda

I've written a little Serverless app that uses API Gateway and Lambda to expose an API to invalidate a CloudFront distribution. Handy to have something like this in a build pipeline. Code here

Programatically associating Lambda@Edge with a CloudFront distribution

Here's a little script which can be used to programatically associate Lambda@Edge functions with CloudFront.

Serverless blog HOWTO

Serverless content management

In this post, I will go over how to setup a completely serverless blog that runs with no servers and is for all intents and purposes free to run!

It leverages static content generation, will be served from a content delivery network, and has a browser based UI for managing content with a review/approval workflow.

It's also highly secure, as there is virtually no attack surface for the bad guys to get a hold of.

Bash Tips

Some odds and ends...

building a serverless analytics platform at lolscale

Hundreds of millions of events per month on the cheap

In this post, I'm going to go over the setup of infrastructure for creating an analytics platform capable of handling hundreds of millions of events per month. All without spinning up a single server.

benchmarking cinched

Now that a first version was cut, it seemed like a good time to start looking at how Cinched performs. And I must say, things are looking good so far... Test setup 3 nodes in the Cinched cluster (each 4 vCPUs 4GB RAM) 1 node running the test harness (4 vCPUs, 4GB RAM). My testing environment is extremely unreliable (VMs running in an overprovisioned cloud environment) so it's been hard to get an extremely clear picture.

introducing cinched

Given the frequency of rather embarrassing data breaches recently, I've had the opportunity to spend some time thinking about how to help developers protect the data they are storing. Getting encryption right is hard, and designing cryptographic applications is not something web developers typically have lots of experience with. To (hopefully) help bridge this knowledge gap, I've written a microservice which provides encryption and key management services. It's a cinch to use, and will keep your data cinched.

setting up a ca

Tired of creating your CA using openssl command line tools? Here's a whirlwind crash course on creating a functional web-based CA in a couple of minutes. Preparation I'm assuming you're running CentOS 7, because that's what I'm using. Also, the code is redhat-ish in that it's in the Fedora/RHEL pipeline and not terribly friendly to other distros as far as packaging goes. Also, I happen to like CentOS. We're going to be installing the Dogtag CA PKI solution.