AWS Bites

Dive into the nitty-gritty of AWS Lambda, featuring insights on cold starts and warm starts. Discover the distinctions between synchronous, asynchronous, and event-based invocations, along with tips on performance and cost optimization. Learn about the pricing structure and the impact of memory allocation on expenses. Explore effective structuring practices for Lambda functions, including minimal handler functions. Plus, uncover the balance between simplicity and testability in development, utilizing middleware for enhanced security.

In this episode, we provide commentary and analysis on the 2024 AWS Community Survey results. We go through the key findings for each area including infrastructure as code, CI/CD, serverless, containers, NoSQL databases, event services, and AI/ML. While recognizing potential biases, we aim to extract insights from the data and share our perspectives based on experience. Overall, we see increased adoption across many services, though some pain points remain around developer experience. We hope this format provides value to listeners interested in cloud technology trends. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, an AWS Partner that does CLOUD stuff really well, check us out on ⁠fourtheorem.com⁠! In this episode, we mentioned the following resources: The 2024 Answers for AWS Survey results: https://answersforaws.com/2024 "GitHub Actions Feels Bad" by fasterthanlime (video): https://www.youtube.com/watch?v=9qljpi5jiMQ "Doing serverless with Terraform": https://serverless.tf/ Our event services series (YouTube playlist): https://www.youtube.com/playlist?list=PLAWXFhe0N1vLHkGO1ZIWW_SZpturHBiE_ Our previous episode about machine learning and SageMaker "How to automate transcripts with Amazon Transcribe and OpenAI Whisper": https://awsbites.com/63-how-to-automate-transcripts-with-amazon-transcribe-and-openai-whisper/ Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

Explore the world of managing AWS infrastructure with multiple accounts, which boosts operational excellence, security, and cost-effectiveness. Discover the foundational concept of a 'landing zone' and dive into practical strategies for account management. Learn about key tools like IAM Identity Center and Control Tower, and see how OrgFormation simplifies orchestration with YAML templates. Additionally, tackle the challenges of navigating credential management across different AWS organizations for a seamless experience.

In this episode, we provide an overview of Amazon EBS, which stands for Elastic Block Storage. We explain what block storage is and how EBS provides highly available and high-performance storage volumes that can be attached to EC2 instances. We discuss the various EBS volume types, including GP3, GP2, provisioned IOPS, and HDD volumes, and explain how they differ in performance characteristics like IOPS and throughput. We go over important concepts like IOPS, throughput, and volume types so listeners can make informed decisions when provisioning EBS. We also cover EBS features like snapshots, encryption, direct API access, and ECS integration. Overall, this is a comprehensive guide to understanding EBS and choosing the right options based on your workload needs. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, an AWS Partner that does CLOUD stuff really well. Go to fourtheorem.com to read about our case studies! In this episode, we mentioned the following resources: EBS Official Documentation: https://docs.aws.amazon.com/ebs/latest/userguide/what-is-ebs.html EBS Direct Access API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-accessing-snapshot.html EBS internal configuration is implemented as “millions of tiny databases” (paper): https://www.amazon.science/publications/millions-of-tiny-databases EBS Pricing examples: https://aws.amazon.com/ebs/pricing/#Pricing_examples Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

In this episode, we discuss AWS Resource Access Manager (RAM) and how it can be used to securely share AWS resources like VPC subnets, databases, and SSM parameters across accounts. We explain the benefits of using RAM over other options like resource policies and assumed roles. Some key topics covered include how to get started with RAM, how it works from the resource owner and resource participant side, and common use cases like sharing VPC subnets, Aurora databases, and SSM parameters. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, the AWS consulting partner with lots of experience with AWS, Serverless, and Lambda. If you are looking for a partner that can help you deliver your next Serverless workload successfully, look no further and reach out to us at ⁠⁠⁠⁠⁠https://fourTheorem.com⁠⁠⁠⁠⁠ In this episode, we mentioned the following resources: Sharing Aurora Databases with RAM (Conor Maher's article): https://fourtheorem.com/using-aws-resource-access-manager-for-development/ Blog post "VPC Lattice: The Future of AWS Networking Explained": https://fourtheorem.com/vpc-lattice/ Our previous episode dedicated to VPC Lattice: https://awsbites.com/88-what-is-vpc-lattice/ VPC Lattice sample code base: https://github.com/fourTheorem/vpc-lattice-demo Sharing AWS Systems Manager Parameters official announcement: https://aws.amazon.com/about-aws/whats-new/2024/02/aws-systems-manager-parameter-store-cross-account-sharing/ Official documentation for what can be shared with RAM: https://docs.aws.amazon.com/ram/latest/userguide/shareable.html Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

In this episode, we discuss Permission Boundary policies in AWS IAM. A permissions boundary is an advanced feature in which you set the maximum permissions that an identity-based policy can grant to an IAM entity. When you set a permissions boundary for an entity, the entity can perform only the actions allowed by its identity-based policies and its permissions boundaries. In this episode, we discuss this concept a bit more in detail and we show how it can be used to give freedom to development teams while preventing privilege escalation. We also cover some of the disadvantages that come with using permission boundaries and other things to be aware of. Finally, we will give some practical advice on how to get the best out of Permissions Boundary Policy and get the best out of them. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, the AWS consulting partner with lots of experience with AWS, Serverless, and Lambda. If you are looking for a partner that can help you deliver your next Serverless workload successfully, look no further and reach out to us at ⁠⁠⁠⁠https://fourTheorem.com⁠⁠⁠⁠ In this episode, we mentioned the following resources: Episode 112. "What is a Service Control Policy (SCP)?": https://awsbites.com/112-what-is-a-service-control-policy-scp/ IAM Policy Simulator: https://policysim.aws.amazon.com/home/index.jsp?#roles The famous RSA paper that introduces Alice and Bob in the world of cryptography: https://web.williams.edu/Mathematics/lg5/302/RSA.pdf A biographical backstory on Alice and Bob: https://urbigenous.net/library/alicebob.html Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

In this episode, we discuss the new experimental AWS Lambda LLRT Low Latency runtime for JavaScript. We provide an overview of what a Lambda runtime is and how LLRT aims to optimize cold starts and performance compared to existing runtimes like Node.js. We outline the benefits of LLRT but also highlight concerns around its experimental status, lack of parity with Node.js, and reliance on dependencies like QuickJS. Overall, LLRT shows promise but needs more stability, support, and real-world testing before it can be recommended for production use. In the end, we also have an appeal for AWS itself when it comes to investing in the larger JavaScript ecosystem. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, the AWS consulting partner with lots of experience with AWS, Serverless, and Lambda. If you are looking for a partner that can help you deliver your next Serverless workload successfully, look no further and reach out to us at ⁠⁠⁠https://fourTheorem.com⁠⁠⁠ In this episode, we mentioned the following resources: Episode 104. "Explaining Lambda Runtimes": https://awsbites.com/104-explaining-lambda-runtimes/ LLRT official repository on GitHub: https://github.com/awslabs/llrt QuickJS official website: https://bellard.org/quickjs/ Lambda performance benchmark by Maxime David: https://maxday.github.io/lambda-perf/ Richard Davidson on GitHub: https://github.com/richarddavison Fabrice Bellard on Wikipedia: https://en.wikipedia.org/wiki/Fabrice_Bellard QuickJS-ng fork: https://github.com/quickjs-ng/quickjs QuickJS issue where users debate whether the project is dead or alive: https://github.com/bellard/quickjs/issues/188 WinterCG initiative: https://wintercg.org/ Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

In this episode, we discuss what to do if you accidentally leak your AWS credentials during a live stream. We explain the difference between temporary credentials and long-lived credentials, and how to revoke each type. For temporary credentials, we recommend using the AWS console to revoke sessions or creating an IAM policy to deny access. For long-lived credentials, you must deactivate and rotate the credentials. We also touch on using tools like HashiCorp Vault to manage credentials securely. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, the AWS consulting partner that doesn’t suck. Check us out at ⁠⁠https://fourTheorem.com⁠⁠ In this episode, we mentioned the following resources: Gist with example policy: https://gist.github.com/lmammino/02fef8ce0cc22a45f219fe4f47fcf20c Revoking IAM role temporary security credentials (official AWS docs): https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_revoke-sessions.html Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

Discover the fascinating world of Service Control Policies (SCPs) and their crucial role in AWS Organizations. Learn how SCPs help manage permissions and troubleshoot access issues effectively. The podcast dives into practical use cases, including how they enable regional service restrictions and data governance. Plus, explore tips for creating these policies using tools like AWS Control Tower and Terraform. It's a compact guide for anyone looking to enhance their AWS security and management strategies!

In this episode, we discuss how we work as a cloud consulting company, including our principles, engagement process, sprint methodology, and focus on agile development to deliver successful projects. We aim to be trusted partners, not just vendors, and enable our customers' business goals. By the end of this episode, you will know what working with a cloud consulting company like fourTheorem could look like and you might learn some strategies to make cloud projects a success! We will also digress a little into the history of software practices, common misconceptions, and what we believe should be the right way to build software. 💰 SPONSORS 💰 AWS Bites is sponsored by fourTheorem, an AWS Partner with plenty of experience delivering cloud projects to production. If you want to chat, reach out to us on social media or check out https://fourTheorem.com In this episode, we mentioned the following resources. Working with fourTheorem (blog post): https://fourtheorem.com/working-with-fourtheorem/ AI as a service, book by Peter Elger and Eoin Shanaghy: https://www.manning.com/books/ai-as-a-service Majority of developers spending half, or less, of their day coding, report finds (TechRepublic article): https://www.techrepublic.com/article/majority-of-developers-spending-half-or-less-of-their-day-codin g-report-finds/ 2023 software.com Future of Work Report: https://www.software.com/reports/future-of-work Managing the Development of Large Software Systems, Dr. WInston W. Royce, 1970: https://www.praxisframework.org/files/royce1970.pdf Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠