AWS Bites

Harken, good sir! Art thou aware of the arcane art of safeguarding thy AWS instances from malevolent threats whilst keeping them accessible for thy travels? There exists a mighty tool for such purpose, and it is hight the "bastion host." In this pamphlet, we shalt unravel the mysteries of the bastion host and showeth thee how to useth it to safeguard thy web space. We shall commence by presenting a shadowy example architecture and introducing thee to the definition of a bastion host. We shalt then delve into the question of whether bastion hosts could be a security liability and explore the enigmatic concept of port-knocking. We shalt also take thee on a valiant journey of how to provision a bastion host on AWS, and explaineth the cryptic basics of SSH and tunnels. Thou shalt discover the dark side of managing SSH keys and auditing SSH connections, and we shall reveal the secrets of AWS EC2 Instance Connect and AWS Session Manager (SSM) as solutions. Thou shalt learn how to accept connections without exposing a port on the public internet, and we shall introduce thee to a mysterious tool called "basti" that can make it easier to provision SSM-based bastion hosts and connect to thy databases. We shalt wrap up by revealing alternative security measures to the mysterious bastion host and provide thee with cryptic closing notes to summarize the key takeaways from this video. Heed our call to this intriguing guide to securing thy web space, and may the forces of the internet be in thy favor! 🛡️ SPONSORS 🛡️ Harken, good folk! We would like to offer our deepest gratitude to our noble sponsor, fourTheorem (https://fourtheorem.com), an AWS Consulting Partner that doth offer training, cloud migration, and modern application architecture. Thanks to their generosity, we are able to continue on our journey of imparting wisdom and knowledge regarding AWS. Verily, in this episode, we hath made mention of the following resources: ⁠⁠⁠An open-source implementation of the port-knocking technique Thee official guide to set up EC2 Instance Connect A list of AWS IPs Thee official docs on how to set up SSM SSM agent code on GitHub Thee inlets project on GitHub Basti on GitHub Tailscale Wireguard Hear ye, hear ye! AWS Bites is at thy disposal wherever thou mayest listen to thy podcasts: Apple Podcasts:⁠⁠⁠⁠⁠⁠ https://podcasts.apple.com/us/podcast/aws-bites/id1585489017⁠⁠⁠⁠⁠⁠ Spotify: ⁠⁠⁠⁠⁠⁠https://open.spotify.com/show/3Lh7PzqBFV6yt5WsTAmO5q⁠⁠⁠⁠⁠⁠ Google: ⁠⁠⁠⁠⁠⁠https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy82YTMzMTJhMC9wb2RjYXN0L3Jzcw==⁠⁠⁠⁠⁠⁠ Breaker:⁠⁠⁠⁠⁠⁠ https://www.breaker.audio/aws-bites⁠⁠⁠⁠⁠⁠ RSS:  ⁠⁠⁠⁠⁠⁠https://anchor.fm/s/6a3312a0/podcast/rss

27 Apr 202327min

Are you tired of waiting for your Lambda functions to finish before getting a response? Well, now you don't have to! In this episode of the AWS Bites podcast, we will talk about Lambda Response Streaming, a new feature recently added by AWS that lets you stream responses from your Lambda functions in real time. We'll start by explaining what Lambda Response Streaming is and how it differs from buffering. We'll also discuss HTTP Chunking and other benefits of streaming. If you're a Node.js developer, you'll be happy to know that we'll cover how to work with streams in Node.js and how the new Lambda Response Streaming API works with the Node.js runtime. But that's not all! We'll also discuss how to consume Lambda Response Streaming responses and compare that with S3 Object Response. And if you're wondering about pricing and quotas, we'll cover that too. Finally, we'll answer the question on everyone's mind: will we get streaming requests as well? You'll have to watch the video to find out! So if you're interested in learning more about Lambda Response Streaming and how it can improve the performance of your serverless applications, make sure to tune in. We promise it'll be worth your time. 💰 SPONSORS 💰 AWS Bites is sponsored by ⁠⁠⁠⁠⁠fourTheorem⁠⁠⁠⁠⁠, an AWS Consulting Partner offering training, cloud migration, and modern application architecture. In this episode, we mentioned the following resources: ⁠Official announcement blog post for Lambda Response Streaming Our previous episode about Lambda function URLs vs API GW vs LB HTTP Chunked transfer encoding protocol Luciano's free Node.js streams workshop on GitHub Node.js design patterns (the book) Streamify response functionality in Middy Lambda Rust Runtime codebase (support for Response Streaming) Similar evidence of Response Streaming feature support in the GoLang Runtime Our previous episode about S3 pre-signed URLs Lambda Response Streaming pricing Eoin's article about S3 Object Response Experimental Node.js custom Node.js streaming runtime You can listen to AWS Bites wherever you get your podcasts: Apple Podcasts:⁠⁠⁠⁠⁠ https://podcasts.apple.com/us/podcast/aws-bites/id1585489017⁠⁠⁠⁠⁠ Spotify: ⁠⁠⁠⁠⁠https://open.spotify.com/show/3Lh7PzqBFV6yt5WsTAmO5q⁠⁠⁠⁠⁠ Google: ⁠⁠⁠⁠⁠https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy82YTMzMTJhMC9wb2RjYXN0L3Jzcw==⁠⁠⁠⁠⁠ Breaker:⁠⁠⁠⁠⁠ https://www.breaker.audio/aws-bites⁠⁠⁠⁠⁠ RSS:  ⁠⁠⁠⁠⁠https://anchor.fm/s/6a3312a0/podcast/rss

20 Apr 202326min

In this episode, we're doing something different! Join us for a special screen-sharing edition of our podcast series, as we take a deep dive into AWS Copilot, a service designed to simplify container application deployment on AWS. During this video, we'll be sharing our screens as we walk through the AWS Copilot landing page and documentation, and demonstrate how to use the service to deploy a container application. We highly recommend watching the video version of this episode, as we'll be providing a lot of visual guidance and examples. Starting with the basics, we'll learn about the differences between copilot init and copilot app init, and how to prepare our environment using a custom domain. We'll then walk through the deployment process step-by-step, examining the generated configuration file, manifest.yml, and testing our deployed application. Next, we'll explore the networking resources created by AWS Copilot, including a VPC, subnets, and a load balancer, and review the automation capabilities of CodePipeline. We'll also discuss the options available for rolling out new changes, and demonstrate how to make changes and re-deploy through the pipeline. Throughout the video, we will share their thoughts and opinions on AWS Copilot, including a failed attempt with AppRunner and a review of the pipeline execution and timing. 💰 SPONSORS 💰 AWS Bites is sponsored by ⁠⁠⁠⁠fourTheorem⁠⁠⁠⁠, an AWS Consulting Partner offering training, cloud migration, and modern application architecture. In this episode, we mentioned the following resources: AWS Copilot landing page AWS Copilot documentation AWS App2Container tool AWS AppRunner Our previous episode "Do you use CodePipeline or GitHub Actions?" Gurarpit Singh's blog post "Blue/Green Deployments with AWS CodeDeploy and Terraform" Additional guides and resources on AWS Copilot You can listen to AWS Bites wherever you get your podcasts: Apple Podcasts:⁠⁠⁠⁠ https://podcasts.apple.com/us/podcast/aws-bites/id1585489017⁠⁠⁠⁠ Spotify: ⁠⁠⁠⁠https://open.spotify.com/show/3Lh7PzqBFV6yt5WsTAmO5q⁠⁠⁠⁠ Google: ⁠⁠⁠⁠https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy82YTMzMTJhMC9wb2RjYXN0L3Jzcw==⁠⁠⁠⁠ Breaker:⁠⁠⁠⁠ https://www.breaker.audio/aws-bites⁠⁠⁠⁠ RSS:  ⁠⁠⁠⁠https://anchor.fm/s/6a3312a0/podcast/rss

13 Apr 202348min

In this special episode of AWS Bites, we drop all our opinions about the sudden growth of AI and how it is going to change the future as we know it! We begin by taking a trip down memory lane and discovering the types of AI tools that have been used in the past and how they have helped us. Then, we'll dive into ChatGPT, a language model that can assist us in writing and even creating code. We're especially excited to discuss how ChatGPT can be used to create slide decks or even write a book or a blog post. But wait, there's more! We'll also explore the utility of other AI tools such as Grammarly and OpenAI Whisper for improving our writing and transcribing spoken words into text. Moving forward, we'll examine how we tried to use AI to develop cloud applications on platforms like AWS. We'll also consider the impact of AI on the education system and how it can be used to modernize complex systems, or for learning, including programming languages that are new to developers. Now, we know there might be some concerns about using AI, such as whether it takes away the fun of software engineering or reduces creativity. But fear not! We'll address these concerns head-on and explore how AI can actually make us more productive and lead to exciting new discoveries. Finally, we'll discuss the exciting possibilities for AI and its potential to democratize access to the job market and society in general. 💰 SPONSORS 💰 AWS Bites is sponsored by ⁠⁠⁠fourTheorem⁠⁠⁠, an AWS Consulting Partner offering training, cloud migration, and modern application architecture. In this episode, we mentioned the following resources: Our episode about OpenAI Whisper for generating transcripts David Boyne's AI-powered story generation tool (AWS Blog post) The Fission project for simplifying monolith to microservices migrations 🎁 BONUS CONTENT A Limerick by ChatGPT On the Amazon Cloud far away, Where businesses went to play, The costs grew so vast, Their budgets were trashed, As their dollars all floated away! You can listen to AWS Bites wherever you get your podcasts: Apple Podcasts:⁠⁠⁠ https://podcasts.apple.com/us/podcast/aws-bites/id1585489017⁠⁠⁠ Spotify: ⁠⁠⁠https://open.spotify.com/show/3Lh7PzqBFV6yt5WsTAmO5q⁠⁠⁠ Google: ⁠⁠⁠https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy82YTMzMTJhMC9wb2RjYXN0L3Jzcw==⁠⁠⁠ Breaker:⁠⁠⁠ https://www.breaker.audio/aws-bites⁠⁠⁠ RSS:  ⁠⁠⁠https://anchor.fm/s/6a3312a0/podcast/rss

6 Apr 202350min

How can you use a Lambda to respond to an HTTP request? There are more ways than ever to do it. We have API Gateway REST APIs, Lambda support for Application Load Balancer, and now Function URLs. But which one should you use, and when? In this episode of AWS Bites podcast, we will give you a quick and simple guide to picking the best way to build APIs with Lambda. In this video, we're going to pitch Function URLs against API Gateway in a battle for the ages! Function URLs offer a simple and quick way to get a public URL to invoke a Lambda function, with fewer configuration options and cheaper pricing. They are suitable for private webhooks, simple backend functions, and machine learning inference backend. However, they lack authorization and DDoS protection, making them unsuitable for public webhooks. On the other hand, API Gateway offers more features and control, making it suitable for public APIs. API Gateway comes in two flavors: REST and HTTP with some subtle differences. Finally, we will also cover Application Load balancer and explore when and why it can be a convenient alternative to both Function URLs and API Gateway. 💰 SPONSORS 💰 AWS Bites is sponsored by ⁠⁠fourTheorem⁠⁠, an AWS Consulting Partner offering training, cloud migration, and modern application architecture. In this episode, we mentioned the following resources: Article by AJ Stuyvenberg reporting that Function URLs have a latency of 8.35ms GitHub repository with all the material we used in our evaluation You can listen to AWS Bites wherever you get your podcasts: Apple Podcasts:⁠⁠ https://podcasts.apple.com/us/podcast/aws-bites/id1585489017⁠⁠ Spotify: ⁠⁠https://open.spotify.com/show/3Lh7PzqBFV6yt5WsTAmO5q⁠⁠ Google: ⁠⁠https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy82YTMzMTJhMC9wb2RjYXN0L3Jzcw==⁠⁠ Breaker:⁠⁠ https://www.breaker.audio/aws-bites⁠⁠ RSS:  ⁠⁠https://anchor.fm/s/6a3312a0/podcast/rss

30 Mar 202323min

In this episode, we're going to be talking about AWS Application Composer - a FREE service that promises to help you build serverless applications with ease. With its simple drag-and-drop interface, it's supposed to make Infrastructure as Code a breeze. But the real question is - does it live up to the hype? We know a lot of you are probably struggling with building applications using CloudFormation. It's a real pain, right? So, we decided to take Application Composer for a spin and see if it's worth adding to your toolkit or giving it a hard pass. After covering a generic overview of the service, how it works, and the main concepts, we discuss our experience in creating a new simple serverless application from scratch only using API Gateway, Lambda, and S3. Then we cover what it looks like to import an existing project (a slightly more complicated one) into Application Composer and find out what works and what doesn't. We conclude by discussing some other things that didn't work as expected and by providing our general recommendation on whether you should be using this service today. 💰 SPONSORS 💰 AWS Bites is sponsored by ⁠fourTheorem⁠, an AWS Consulting Partner offering training, cloud migration, and modern application architecture. In this episode, we mentioned the following resources: ⁠Web platform filesystem Access API The current status of cross-browser support for the File System Access API Our first Application Composer demo source code Earthquake notifier serverless project Our previous episode on Fargate and how to optimize cost for it You can listen to AWS Bites wherever you get your podcasts: Apple Podcasts:⁠ https://podcasts.apple.com/us/podcast/aws-bites/id1585489017⁠ Spotify: ⁠https://open.spotify.com/show/3Lh7PzqBFV6yt5WsTAmO5q⁠ Google: ⁠https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy82YTMzMTJhMC9wb2RjYXN0L3Jzcw==⁠ Breaker:⁠ https://www.breaker.audio/aws-bites⁠ RSS:  ⁠https://anchor.fm/s/6a3312a0/podcast/rss

24 Mar 202327min

AWS ECS is a powerful service that allows you to run containerized applications at scale. It's suitable for a variety of use cases, including web applications, microservices, and background processing. In this episode, we'll provide an introduction to the main concepts of ECS and then dive into cost-optimization strategies. We'll explore the different options for running containers on ECS, including EC2, Fargate, and ECS Anywhere. We'll discuss various opportunities for saving money, such as using Arm (Graviton) instances, Spot instances, Compute Savings Plans, and RIs or EC2 Saving Plans. Finally, we'll cover how to set up ECS to use Spot instances, including how to create capacity providers and specify a capacity provider strategy. We'll also discuss whether it's always best to use EC2 instead of Fargate for cost optimization and recommend some tools that can help you find other opportunities to save on container costs. 💰 SPONSORS 💰 AWS Bites is sponsored by fourTheorem, an AWS Consulting Partner offering training, cloud migration, and modern application architecture. In this episode, we mentioned the following resources: Saving Plan calculator EC2 instance selector Spot prices dashboard by Vantage Fargate Right Sizing dashboard AWS Cost Explorer rightsizing recommender for EC2 You can listen to AWS Bites wherever you get your podcasts: Apple Podcasts: https://podcasts.apple.com/us/podcast/aws-bites/id1585489017 Spotify: https://open.spotify.com/show/3Lh7PzqBFV6yt5WsTAmO5q Google: https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy82YTMzMTJhMC9wb2RjYXN0L3Jzcw== Breaker: https://www.breaker.audio/aws-bites RSS: https://anchor.fm/s/6a3312a0/podcast/rss

17 Mar 202321min

Join us as we explore the controversy surrounding serverless computing in this week's video! We'll be discussing David Heinemeier Hansson's recent blog post where he argues that serverless is a trap that only benefits cloud providers. While we respect DHH's opinion, we'll be providing an alternative perspective by analyzing his major points and discussing the benefits of using serverless computing, including Total Cost of Ownership (TCO) and increased agility. We'll also be highlighting how serverless can help teams focus on business logic instead of infrastructure management and enable easier integration with other cloud services, making it more efficient to build and deploy applications. Don't miss out on this informative and thought-provoking discussion! 💰 SPONSORS 💰 AWS Bites is sponsored by fourTheorem, an AWS Consulting Partner offering training, cloud migration, and modern application architecture. In this episode, we mentioned the following resources: "Don't be fooled by Serverless" (Original post by DHH) "Why are we leaving the cloud" (Previous post by DHH) "Why AWS Lambda pricing has to change for the enterprise" (our article on AWS Lambda pricing comparison) Our previous episode "What will serverless 2.0 look like" Kelsey Hightower's tweet on vendor lock-in Jeremy Daly's article "The cloud isn't the issue, you are using it wrong" You can listen to AWS Bites wherever you get your podcasts: Apple Podcasts: https://podcasts.apple.com/us/podcast/aws-bites/id1585489017 Spotify: https://open.spotify.com/show/3Lh7PzqBFV6yt5WsTAmO5q Google: https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy82YTMzMTJhMC9wb2RjYXN0L3Jzcw== Breaker: https://www.breaker.audio/aws-bites RSS: https://anchor.fm/s/6a3312a0/podcast/rss

10 Mar 202320min