Tropeçando 102

OWASP TOP 10

Each year, OWASP (the Open Web Application Security Project) publishes the top ten security vulnerabilities. It represents a broad consensus about the most critical security risks to web applications. Click through on the lessons below to learn more about how to protect against each security risk.

Your Product Owner Is Not Your Product Manager

Your Product Owner Is Not Your Product Manager. Product management has evolved to encompass numerous roles and responsibilities. Leaders looking to hire a product professional must consider what skills and knowledge their business needs demand.

While the market has evolved and will continue to evolve, there remains a need for both a product owner’s and a product manager’s skills and expertise. By considering the nature and scale of a project and understanding the skills and responsibilities associated with each of these distinct roles, leaders can ensure they hire the right person to help them develop and launch products successfully.

Insert-Only Tables and Autovacuum Issues Prior to PostgreSQL 13

If you have write-only tables (or heavy, heavy writes), you may need to check this post. Autovacuum has some issues before PostgreSQL 13, and you might have some great workarounds to use until upgrading your database version.

Enterprise CI/CD best practices

Free book with 23 best practices to apply to your CI/CD pipeline. Those best practices aim to help you design (or use as a checklist) a solid pipeline for your software.

A war story about COVID, cloud, and cost. And why serverless wins.

Nice story about serverless outcomes and potential. Based on COVID-19 pushing of infrastructure and computing services, billing is an important subject. The article has an excellent example of how both scale environment and low bill costs work together on a serverless tech stack.

Tropeçando 98

(Operating Lambda: Debugging code – Part 1)[https://aws.amazon.com/blogs/compute/operating-lambda-debugging-code-part-1/]
(Operating Lambda: Debugging configurations – Part 2)[https://aws.amazon.com/blogs/compute/operating-lambda-debugging-configurations-part-2/]
(Operating Lambda: Debugging configurations – Part 3)[https://aws.amazon.com/blogs/compute/operating-lambda-debugging-integrations-part-3/

In the Operating Lambda series, I cover important topics for developers, architects, and systems administrators who are managing AWS Lambda-based applications. This three-part series discusses core debugging concepts for Lambda-based applications.

(Those pesky pull request reviews)[https://jessitron.com/2021/03/27/those-pesky-pull-request-reviews/]

They’re everywhere. In Slack: “hey, can I get a review on this?” In email: “Your review is requested!” In JIRA: “8 user stories In-Progress” (but code-complete). In your repository: 5 open pull requests. They’re slowing your delivery. They’re interrupting your developers.

How can we get people to review pull requests faster??

(Operating Lambda: Using CloudWatch Logs Insights)[https://aws.amazon.com/blogs/compute/operating-lambda-using-cloudwatch-logs-insights/]

In the Operating Lambda series, I cover important topics for developers, architects, and systems administrators who are managing AWS Lambda-based applications. This three-part series discusses monitoring and observability for Lambda-based applications and covers:

  • Using Amazon CloudWatch, CloudWatch Logs Insights, and AWS X-Ray to apply monitoring
    across services.
  • How existing monitoring concepts apply to Lambda-based applications.
  • Troubleshooting application issues in an example walkthrough.
    This post explains how to use CloudWatch Logs Insights in your serverless applications.

(CDK Lambda Deployment takes about a minute - how about sub second Function Code Deployment?)[https://aws-blog.de/2021/04/cdk-lambda-deployment-takes-about-a-minute-how-about-sub-second-function-code-deployment.html]

Creation of Lambda infrastructure with the CDK is really powerful. Updating the Function code is really slow. Here is a fix for that to get to a sub-second Lambda function deployment time.

(Best practices for developing cloud applications with AWS CDK)[https://aws.amazon.com/blogs/devops/best-practices-for-developing-cloud-applications-with-aws-cdk/]

In this post, we discuss strategies for organizing the development of complex cloud applications with large teams, using the AWS Cloud Development Kit (AWS CDK) as a central technology. AWS CDK allows developers and administrators to define their cloud applications using a familiar programming language, such as TypeScript, Python, Java, or C#. Applications are organized into stages, stacks, and constructs, which allows for modular design techniques in both runtime logic (such as AWS Lambda code or containerized services) and infrastructure components such as Amazon Simple Storage Service (Amazon S3) buckets, Amazon Relational Database Service (Amazon RDS) databases, and network infrastructure.

Tropeçando 97

The Missing Guide to AWS API Gateway Access Logs

In this post, we’re continuing the deep dive on API Gateway. Here, we’ll be looking at API Gateway access logging. Access logging can save your bacon when debugging a gnarly API Gateway issue, but you need to understand some nuance before you can use it correctly. We’ll dig into the details here so that you’ll be logging like Paul Bunyan in no time.

Ready for changes with Hexagonal Architecture

Netflix considerations related to the decisions of using Hexagonal Architecture

OAuth Patterns and Anti-Patterns RefCard

Modern, more secure recommendations continue to replace some of OAuth's original elements as the protocol evolves. Securing access to APIs and other resources and data effectively under OAuth 2.0 requires first learning the components and tools it involves.

Can auto_explain (with timing) have low overhead?

Some benchmarks for use of auto_explain. It seems great to be enabled on production.

Here we’ll be looking into the overhead of auto_explain. Many places warn about its overhead, but I’ve found concrete information difficult to come by.

Setting up SSL authentication for PostgreSQL

PostgreSQL is a secure database and we want to keep it that way. It makes sense, then, to consider SSL to encrypt the connection between client and server. This posting will help you to set up SSL authentication for PostgreSQL properly, and hopefully also to understand some background information to make your database more secure.

Tropeçando 95

Windy - TailwindCSS

Transform every element on any website into Tailwind CSS

AWS Workshops

This website lists workshops created by the teams at Amazon Web Services (AWS). Workshops are hands-on events designed to teach or introduce practical skills, techniques, or concepts which you can use to solve business problems.

Well-Architected AWS

The Well-Architected framework has been developed to help cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications. This framework provides a consistent approach for customers and partners to evaluate architectures, and provides guidance to help implement designs that will scale with your application needs over time.

This repository contains documentation and code in the format of hands-on labs to help you learn, measure, and build using architectural best practices. The labs are categorized into levels, where 100 is introductory, 200/300 is intermediate and 400 is advanced.

Fallacies of distributed computing

false assumptions that programmers new to distributed applications invariably make.

Understanding DynamoDB Condition Expressions

Some use cases to understand this powerful yet misunderstood feature of DynamoDB. There are also examples of bad use of it.