When building event-driven architectures and data streaming workloads on AWS, two services often appear in the same conversation: Amazon Kinesis Data Streams and Amazon MSK, which is AWS managed Apache Kafka. At first glance, they solve a similar problem. Producers…
Often when we hear that app would need login, it often sounds as simple feature: a user opens application, enters credentials and gets access. But in real AWS applications, especially enterprise applications, login is usually only the first part of…
When API Gateway invokes a Lambda function, the simplest setup is to point the API directly to the Lambda function. Since we often deploy new version of Lambdas as they change over time, every time we deploy Lambda can publish…
User-uploaded files are a common security risk. If an application allows users to upload PDFs, images, or any documents into S3, those files should be scanned before they are trusted by downstream services. Instead of building a custom pipeline with…
When working with a Terraform VPC Lambda setup, you will not always be creating AWS accounts and networking from scratch. In many projects, the client already has an AWS Landing Zone in place, with much of the foundational infrastructure and…
Sometimes we just need frontend to simply place files into S3, so routing every upload through API Gateway and maybe Lambda adds extra latency, extra cost and extra code to maintain. Also there is API upload size limit of 10MB.…
When working with asynchronous systems in AWS solutions usually include SQS without thinking too much about long-term architecture and structure. Regardless that SQS is generally easy to deploy and use when you start deploying multiple services and solution gets on…
Backup and restore strategies are something we usually configure it just in case anything bad happen but we never actually test it and try it out to see in more details how it works.In AWS environment when using RDS cluster…
Exposing services through custom domains for API Gateway and CloudFront with Terraform is an architectural decision that defines how users, clients, and systems discover and access your application. Without a structured approach, domain configuration often ends up fragmented — certificates…
Authentication in modern applications is an architectural boundary. It defines how users prove their identity, how applications obtain tokens, how APIs validate incoming requests, and how permissions are enforced across services. When authentication is configured manually in the AWS console…
