I'm a big fan of vervain-free technologies and almost always prefer them over more traditional methods. Cloud Run instead of GKE, Fargate instead of EKS, Pub/Sub instead of Kafka, and Aurora instead of RDS. It's cheaper, easier to manage, less infrastructure... But what about security? Is it really possible to be sure that your serverless processes (and data) are secure?
In this talk, we will consider what can be done from the developer's point of view, what security tools exist at the organizational level, and how the approach to security differs in different clouds and services.
Let's talk about:
How serverless products change your attack surface
Vulnerabilities in serverless architecture and how to deal with them
Best practices in the protection of serverless technologies
"Building a cloud-native data platform with security in mind", Natalie Godec Fwdays
In today's world data is king. It is everywhere, collected seemingly by everyone, yet so many industries lack a good data platform. Cloud technologies enable us to build robust, scalable, and easy-to-use platforms fast, but one might wonder whether it is safe to store sensitive data in the cloud. In this talk, we will explore technical principles of securing a cloud data platform, look at examples in AWS and GCP, and discuss regulatory and compliance requirements.
Публічне API — вже не тренд, а реальність. Використовуйте наявні рішення API Management для надання публічного доступу до API. Для захищеності й зручності користування вашим API використовуйте наявні стандарти: OAuth 2.0 та OpenID Connect.
Відео виступу: https://www.youtube.com/watch?v=gbQgYBD_PAA
"What I learned through reverse engineering", Yuri ArtiukhFwdays
In recent years, I have gained most of my knowledge through reverse engineering, how I did it and what I learned during this period, I decided to share. All this concerns graphic programming, performance, best practices in the frontend.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
"Micro frontends: Unbelievably true life story", Dmytro PavlovFwdays
A real life story about the experience of using Micro frontends in an existing Enterprise product. Problems and their solutions on the way from the integration of a separate component to an extensible No-code platform.
"Building a cloud-native data platform with security in mind", Natalie Godec Fwdays
In today's world data is king. It is everywhere, collected seemingly by everyone, yet so many industries lack a good data platform. Cloud technologies enable us to build robust, scalable, and easy-to-use platforms fast, but one might wonder whether it is safe to store sensitive data in the cloud. In this talk, we will explore technical principles of securing a cloud data platform, look at examples in AWS and GCP, and discuss regulatory and compliance requirements.
Публічне API — вже не тренд, а реальність. Використовуйте наявні рішення API Management для надання публічного доступу до API. Для захищеності й зручності користування вашим API використовуйте наявні стандарти: OAuth 2.0 та OpenID Connect.
Відео виступу: https://www.youtube.com/watch?v=gbQgYBD_PAA
"What I learned through reverse engineering", Yuri ArtiukhFwdays
In recent years, I have gained most of my knowledge through reverse engineering, how I did it and what I learned during this period, I decided to share. All this concerns graphic programming, performance, best practices in the frontend.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
"Micro frontends: Unbelievably true life story", Dmytro PavlovFwdays
A real life story about the experience of using Micro frontends in an existing Enterprise product. Problems and their solutions on the way from the integration of a separate component to an extensible No-code platform.
"Objects validation and comparison using runtime types (io-ts)", Oleksandr SuhakFwdays
A common task in modern JS is parsing, validating and then comparing JSON objects. In this talk I will quickly go through most common ways to parse/validate and compare objects we use today and then focus more on how runtime types (based on io-ts) can help make such tasks easier and quicker to implement.
"JavaScript. Standard evolution, when nobody cares", Roman SavitskyiFwdays
Should we take a look at JavaScript when everyone is writing in TypeScript? What happens to the standard? What did we get last year? What new features can we expect this and next year? And most importantly, when will Observer be standardized?
Let's try to answer all these questions and even a little more, dream about the future, and enjoy that Observer is alive (or not).
"How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y...Fwdays
Case study of how small team in Preply started with inheriting an existing ranking model to being able to produce a model per day. In this talk we'll cover steps to take if you find yourself in a similar situation: what kind of technology and processes can you introduce in order to achieve a great speedup in a development speed.
"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil TopchiiFwdays
In my talk, I will tell about the world of GenAI services beyond GPT-wrappers and how we developed and scaled GenAI-centric applications. I'll share personal experiences about the obstacles, lessons, and strategic tools and methodologies that were key in taking GenAI applications from 0 to 1. I'll talk about the challenges we faced when launching LLM-based and image generative applications and delivering them to end users, and what conclusions and solutions were made.
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
Python engineers are introduced to the transformative potential of Large Language Models (LLMs) in the realm of advanced data analysis and the application of Semantic Kernel techniques. We will talk about how LLMs like ChatGPT can be integrated into Python environments to automate data processing, enhance predictive modeling, and unlock deeper insights from complex datasets. The session will delve into practical strategies for embedding Semantic Kernel methods within Python projects, illustrating how these advanced techniques can refine the accuracy of machine learning models by embedding domain-specific knowledge directly into the analysis process. Attendees will leave with a clear roadmap for leveraging the combined power of LLMs and Semantic Kernels, equipped with actionable knowledge to drive innovation in their data analysis projects and beyond, marking a significant leap forward in the evolution of Python engineering practices.
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
Federated learning. Algorithmic solution to the problem of privacy preserving ML. Pieces involved to support the training with NVIDIA Flare as example. How newest legislation affects federated learning.
"What is a RAG system and how to build it",Dmytro SpodaretsFwdays
Today, large language models are becoming an integral part of almost every IT solution. However, their use is often accompanied by certain limitations, such as the relevance of information or its depth and specificity. One of the ways to overcome these limitations is the method of working with LLMs - RAG (Retrieval Augmented Generation).
In an ideal world, you would write Python code and then it would work perfectly. But unfortunately, it doesn't work in this manner. In my talk, I'll cover how to efficiently debug your programs, especially in cloud environments or inside Kubernetes.
MLOps (Machine Learning Operations) is a recent buzzword, that trends a lot. Let's figure out together how maintaining applications with machine learning components is significantly different from maintaining applications without them.
We will look into MLOps best practices and typical problems and their implementations/solutions in real world production.
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
Ever seen a code base where understanding a simple method meant jumping through tangled class hierarchies? We all have! And while "Favor composition over inheritance!" is almost as old as object-oriented programming, strictly avoiding all types of subclassing leads to verbose, un-Pythonic code. So, what to do?
The discussion on composition vs. inheritance is so frustrating because far-reaching design decisions like this can only be made with the ecosystem in mind – and because there's more than one type of subclassing!
Let's take a dogma-free stroll through the types of subclassing through a Pythonic lens and untangle some patterns and trade-offs together. By the end, you'll be more confident in deciding when subclassing will make your code more Pythonic and when composition will improve its clarity.
"Distributed graphs and microservices in Prom.ua", Maksym KindritskyiFwdays
The current architecture of Prom.ua is built on microservices and GraphQL API, but it was not always like that. In this talk, I'll tell you how far we've come and how we've made using graphs in a microservice architecture convenient and simple. I will talk about the problems we faced and how we overcame them, made our development process more accessible, deployments faster, and the remains of the monolith less loaded.
"Rethinking the existing data loading and processing process as an ETL exampl...Fwdays
ETL stands for extract, transform, load. It's a process that combines data from different sources into a single repository for further processing, analysis, and utilization.
This talk provides an example of how pandas can be used to solve ETL tasks as a stage in the evolution of the data intake component. This involves preliminary validation, filtering, and conversion of data according to a set of business rules and internal representation, with intermediate combination with other sources.
"How Ukrainian IT specialist can go on vacation abroad without crossing the T...Fwdays
I’m confident that many IT professionals are currently facing the same situation I was in a few months ago. Mobilization, uncertainty. How can I be maximally beneficial to the country with my experience and continue professional development in such circumstances? Since the onset of the full-scale invasion, I've been actively volunteering and assisting the army. Mobilization became the next logical step.
I want to share:
My journey in IT, volunteering, and the beginning of my service in the Armed Forces
Impressions from the first few months
Which Soft Skills are helpful in this context
I aim to dispel myths about the mobilization process and projects of the Armed Forces. Address your questions
And yes, military personnel can travel abroad during their leave.
"The Strength of Being Vulnerable: the experience from CIA, Tesla and Uber", ...Fwdays
The leader must be strong all the time. The leader cannot afford to make mistakes, let alone fail in front of their team. Is that really true? Nick Gicinto, a cybersecurity leader with over 25 years of experience, who has worked for the CIA and has built security systems from scratch at Tesla and Uber, fully hiring teams for these projects, will talk about the importance of being vulnerable to build trust within a team.
"[QUICK TALK] Radical candor: how to achieve results faster thanks to a cultu...Fwdays
Sharing open feedback can be difficult because it equals much work on yourself. However, feedback needs attention and a special place in the corporate culture. It helps to grow dynamically, build a team of like-minded people and achieve powerful results.
In the presentation, I will talk about:
The ability to work with feedback as a soft, solid skill in developing technical specialists.
A list of difficulties that prevent quality work with feedback.
The 4A Framework is a tool for successful giving and receiving feedback.
I will also help specialists learn the following:
Form constructive feedback and understand how and when to give it.
Work analytically with the received feedback.
Feel free to share your thoughts and be heard.
"[QUICK TALK] PDP Plan, the only one door to raise your salary and boost care...Fwdays
Will discuss:
Current communication challenges, including mishaps and toxic versus productive interactions.
Ever wondered about PDP? It’s likely because its relevance to career planning, even outside your current company, hasn’t been fully spotlighted.
Exploring how PDP functions within career planning, applicable even if you’re eyeing an exit.
“Who do I aspire to become?”
Summarizing key points with a reference to a practical form you can download to use.
"4 horsemen of the apocalypse of working relationships (+ antidotes to them)"...Fwdays
This talk will reveal four destructive communication patterns that can undermine team spirit, reduce productivity and cause conflict, and offer effective strategies for neutralizing them.
Let's start with exciting storytelling about a fictional team of developers working on Scrum. You will learn about situations that their team member noticed during team meetings.
Next, we will analyze "The Gottman Four Horsemen" model, which describes the four "horsemen of the apocalypse" of work relationships: criticism, defensiveness, contempt, and stonewalling. For each of these patterns, specific "antidotes" will be offered that allow you to build healthier and more productive relationships in the team.
Finally, we'll look at why this topic is critical to team productivity, drawing on Google's "Project Aristotle" research. Special attention will be paid to the concept of psychological safety, which is a key factor in the success of high-performance teams.
This talk will not only provide valuable insights and tools for improving communication and management in Tech teams, but will also help each member better understand their own contribution to the overall success of the team.
"Reconnecting with Purpose: Rediscovering Job Interest after Burnout", Anast...Fwdays
We are all living in exceptionally turbulent times. Ukrainians are facing numerous crises and challenges, ranging from war to lay-offs. Work provides us with a sense of stability, which many of us deeply value and strive to maintain. However, there are times when we may not realize that our workload becomes overwhelming or that the stress we experience in our jobs becomes highly toxic. This often leads to burnout.
During our discussion, we will cover:
- The factors that contribute to burnout;
- How to identify it;
- Short-term strategies for addressing it;
- Long-term approaches to finding fulfillment and satisfaction in our work;
I will also share my personal experiences and insights, as well as those of my colleagues in the IT field.
- Burnout
- Stress
"Mentoring 101: How to effectively invest experience in the success of others...Fwdays
As you grow in experience as a tech specialist and close the needs of Maslow's hierarchy, you realize that you can help beginners in your specialization. But how to do it effectively? Where to look for future mentees? How to avoid mistakes that demotivate both sides? And, in general, how can you benefit from investing your time in the success of a mentee? I'll discuss this based on my 1.5 years of experience mentoring beginners.
It will be useful for professionals with at least six months of experience in IT and a willingness to share their knowledge with the community.
"Mission (im) possible: How to get an offer in 2024?", Oleksandra MyronovaFwdays
Will talk about:
Briefly about the IT labor market in 2024: numbers, rates, pain points.
The full cycle of job search and which stage is the most important?
How to stand out among other candidates and what skills would come in handy?
"Objects validation and comparison using runtime types (io-ts)", Oleksandr SuhakFwdays
A common task in modern JS is parsing, validating and then comparing JSON objects. In this talk I will quickly go through most common ways to parse/validate and compare objects we use today and then focus more on how runtime types (based on io-ts) can help make such tasks easier and quicker to implement.
"JavaScript. Standard evolution, when nobody cares", Roman SavitskyiFwdays
Should we take a look at JavaScript when everyone is writing in TypeScript? What happens to the standard? What did we get last year? What new features can we expect this and next year? And most importantly, when will Observer be standardized?
Let's try to answer all these questions and even a little more, dream about the future, and enjoy that Observer is alive (or not).
"How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y...Fwdays
Case study of how small team in Preply started with inheriting an existing ranking model to being able to produce a model per day. In this talk we'll cover steps to take if you find yourself in a similar situation: what kind of technology and processes can you introduce in order to achieve a great speedup in a development speed.
"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil TopchiiFwdays
In my talk, I will tell about the world of GenAI services beyond GPT-wrappers and how we developed and scaled GenAI-centric applications. I'll share personal experiences about the obstacles, lessons, and strategic tools and methodologies that were key in taking GenAI applications from 0 to 1. I'll talk about the challenges we faced when launching LLM-based and image generative applications and delivering them to end users, and what conclusions and solutions were made.
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
Python engineers are introduced to the transformative potential of Large Language Models (LLMs) in the realm of advanced data analysis and the application of Semantic Kernel techniques. We will talk about how LLMs like ChatGPT can be integrated into Python environments to automate data processing, enhance predictive modeling, and unlock deeper insights from complex datasets. The session will delve into practical strategies for embedding Semantic Kernel methods within Python projects, illustrating how these advanced techniques can refine the accuracy of machine learning models by embedding domain-specific knowledge directly into the analysis process. Attendees will leave with a clear roadmap for leveraging the combined power of LLMs and Semantic Kernels, equipped with actionable knowledge to drive innovation in their data analysis projects and beyond, marking a significant leap forward in the evolution of Python engineering practices.
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
Federated learning. Algorithmic solution to the problem of privacy preserving ML. Pieces involved to support the training with NVIDIA Flare as example. How newest legislation affects federated learning.
"What is a RAG system and how to build it",Dmytro SpodaretsFwdays
Today, large language models are becoming an integral part of almost every IT solution. However, their use is often accompanied by certain limitations, such as the relevance of information or its depth and specificity. One of the ways to overcome these limitations is the method of working with LLMs - RAG (Retrieval Augmented Generation).
In an ideal world, you would write Python code and then it would work perfectly. But unfortunately, it doesn't work in this manner. In my talk, I'll cover how to efficiently debug your programs, especially in cloud environments or inside Kubernetes.
MLOps (Machine Learning Operations) is a recent buzzword, that trends a lot. Let's figure out together how maintaining applications with machine learning components is significantly different from maintaining applications without them.
We will look into MLOps best practices and typical problems and their implementations/solutions in real world production.
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
Ever seen a code base where understanding a simple method meant jumping through tangled class hierarchies? We all have! And while "Favor composition over inheritance!" is almost as old as object-oriented programming, strictly avoiding all types of subclassing leads to verbose, un-Pythonic code. So, what to do?
The discussion on composition vs. inheritance is so frustrating because far-reaching design decisions like this can only be made with the ecosystem in mind – and because there's more than one type of subclassing!
Let's take a dogma-free stroll through the types of subclassing through a Pythonic lens and untangle some patterns and trade-offs together. By the end, you'll be more confident in deciding when subclassing will make your code more Pythonic and when composition will improve its clarity.
"Distributed graphs and microservices in Prom.ua", Maksym KindritskyiFwdays
The current architecture of Prom.ua is built on microservices and GraphQL API, but it was not always like that. In this talk, I'll tell you how far we've come and how we've made using graphs in a microservice architecture convenient and simple. I will talk about the problems we faced and how we overcame them, made our development process more accessible, deployments faster, and the remains of the monolith less loaded.
"Rethinking the existing data loading and processing process as an ETL exampl...Fwdays
ETL stands for extract, transform, load. It's a process that combines data from different sources into a single repository for further processing, analysis, and utilization.
This talk provides an example of how pandas can be used to solve ETL tasks as a stage in the evolution of the data intake component. This involves preliminary validation, filtering, and conversion of data according to a set of business rules and internal representation, with intermediate combination with other sources.
"How Ukrainian IT specialist can go on vacation abroad without crossing the T...Fwdays
I’m confident that many IT professionals are currently facing the same situation I was in a few months ago. Mobilization, uncertainty. How can I be maximally beneficial to the country with my experience and continue professional development in such circumstances? Since the onset of the full-scale invasion, I've been actively volunteering and assisting the army. Mobilization became the next logical step.
I want to share:
My journey in IT, volunteering, and the beginning of my service in the Armed Forces
Impressions from the first few months
Which Soft Skills are helpful in this context
I aim to dispel myths about the mobilization process and projects of the Armed Forces. Address your questions
And yes, military personnel can travel abroad during their leave.
"The Strength of Being Vulnerable: the experience from CIA, Tesla and Uber", ...Fwdays
The leader must be strong all the time. The leader cannot afford to make mistakes, let alone fail in front of their team. Is that really true? Nick Gicinto, a cybersecurity leader with over 25 years of experience, who has worked for the CIA and has built security systems from scratch at Tesla and Uber, fully hiring teams for these projects, will talk about the importance of being vulnerable to build trust within a team.
"[QUICK TALK] Radical candor: how to achieve results faster thanks to a cultu...Fwdays
Sharing open feedback can be difficult because it equals much work on yourself. However, feedback needs attention and a special place in the corporate culture. It helps to grow dynamically, build a team of like-minded people and achieve powerful results.
In the presentation, I will talk about:
The ability to work with feedback as a soft, solid skill in developing technical specialists.
A list of difficulties that prevent quality work with feedback.
The 4A Framework is a tool for successful giving and receiving feedback.
I will also help specialists learn the following:
Form constructive feedback and understand how and when to give it.
Work analytically with the received feedback.
Feel free to share your thoughts and be heard.
"[QUICK TALK] PDP Plan, the only one door to raise your salary and boost care...Fwdays
Will discuss:
Current communication challenges, including mishaps and toxic versus productive interactions.
Ever wondered about PDP? It’s likely because its relevance to career planning, even outside your current company, hasn’t been fully spotlighted.
Exploring how PDP functions within career planning, applicable even if you’re eyeing an exit.
“Who do I aspire to become?”
Summarizing key points with a reference to a practical form you can download to use.
"4 horsemen of the apocalypse of working relationships (+ antidotes to them)"...Fwdays
This talk will reveal four destructive communication patterns that can undermine team spirit, reduce productivity and cause conflict, and offer effective strategies for neutralizing them.
Let's start with exciting storytelling about a fictional team of developers working on Scrum. You will learn about situations that their team member noticed during team meetings.
Next, we will analyze "The Gottman Four Horsemen" model, which describes the four "horsemen of the apocalypse" of work relationships: criticism, defensiveness, contempt, and stonewalling. For each of these patterns, specific "antidotes" will be offered that allow you to build healthier and more productive relationships in the team.
Finally, we'll look at why this topic is critical to team productivity, drawing on Google's "Project Aristotle" research. Special attention will be paid to the concept of psychological safety, which is a key factor in the success of high-performance teams.
This talk will not only provide valuable insights and tools for improving communication and management in Tech teams, but will also help each member better understand their own contribution to the overall success of the team.
"Reconnecting with Purpose: Rediscovering Job Interest after Burnout", Anast...Fwdays
We are all living in exceptionally turbulent times. Ukrainians are facing numerous crises and challenges, ranging from war to lay-offs. Work provides us with a sense of stability, which many of us deeply value and strive to maintain. However, there are times when we may not realize that our workload becomes overwhelming or that the stress we experience in our jobs becomes highly toxic. This often leads to burnout.
During our discussion, we will cover:
- The factors that contribute to burnout;
- How to identify it;
- Short-term strategies for addressing it;
- Long-term approaches to finding fulfillment and satisfaction in our work;
I will also share my personal experiences and insights, as well as those of my colleagues in the IT field.
- Burnout
- Stress
"Mentoring 101: How to effectively invest experience in the success of others...Fwdays
As you grow in experience as a tech specialist and close the needs of Maslow's hierarchy, you realize that you can help beginners in your specialization. But how to do it effectively? Where to look for future mentees? How to avoid mistakes that demotivate both sides? And, in general, how can you benefit from investing your time in the success of a mentee? I'll discuss this based on my 1.5 years of experience mentoring beginners.
It will be useful for professionals with at least six months of experience in IT and a willingness to share their knowledge with the community.
"Mission (im) possible: How to get an offer in 2024?", Oleksandra MyronovaFwdays
Will talk about:
Briefly about the IT labor market in 2024: numbers, rates, pain points.
The full cycle of job search and which stage is the most important?
How to stand out among other candidates and what skills would come in handy?
4. Optus data breach
@ ouvessvit
Dear Name,
We recently wrote to you advising that the
Victorian Government is fast tracking
protections for licence holders whose
licence information was exposed in the
recent Optus data breach.
This commitment includes replacing driver
licences and learner permits for free, with
a redesigned card that now prominently
features a unique card number on the
back top right hand corner.
As one of our impacted customers you
should have now received either a new
card or a label.
5. Optus data breach
@ ouvessvit
https://twitter.com/Jeremy_Kirk/status/1573652991496048640
https://inf.ooo/g/YcmgHfcqLF
6. Optus data breach
@ ouvessvit
https://twitter.com/Jeremy_Kirk/status/1573652991496048640
https://inf.ooo/g/YcmgHfcqLF
7. Optus data breach
@ ouvessvit
https://twitter.com/Jeremy_Kirk/status/1573652991496048640
https://inf.ooo/g/YcmgHfcqLF
19. IAM best practices: GCP default service accounts
@ ouvessvit
● Існують за замовчанням, створені Гуглом
● Мають дуже широкий доступ (editor на рівні проекту)
● За замовчанням ваші сервіси використовують цей акаунт
20. IAM best practices: GCP default service accounts
@ ouvessvit
● Для кожного application створюйте спеціальний сервісний акаунт
● Дотримуйтесь принципів least privilege: надавайте лише ті ролі, і лише до
тих ресурсів, що необхідні
21. IAM best practices: AWS default IAM policies
@ ouvessvit
● AWS має 1000+ стандартних IAM policy
● Вони мають загальний широкий доступ, наприклад S3: [*]
● Рекомендується створювати власні policy, обмежуючи дії та ресурси, до
яких надається доступ
● Притримуйтесь принципу least privilege
23. Статичні токени, нічний жах всіх секопсів
@ ouvessvit
GCP: IAM service account keys
AWS: IAM users and secret keys
● Легко створити і почати використовувати
● Легко вкрасти.
“To bad actors, service account keys can be
even more valuable than a leaked password”
- Google
25. Складові захисту безсерверних технологій
@ ouvessvit
Хто має доступ
до сервісу
Внутрішні
механізми
безпеки
До чого має
доступ сервіс
26. IAM best practices: who can invoke
@ ouvessvit
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "lambda:InvokeFunctionUrl",
"Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-function",
"Condition": {
"StringEquals": {
"lambda:FunctionUrlAuthType": "NONE"
}
}
}
]
Надати публічний доступ до сервісу в AWS Lambda:
27. IAM best practices: who can invoke
@ ouvessvit
Надати публічний доступ до сервісу в GCP Cloud Run:
$ cat policy.yaml
bindings:
- members:
- allUsers
role: roles/run.invoker
$ gcloud run services set-iam-policy <SERVICE> policy.yaml
29. GCP Identity Aware Proxy
@ ouvessvit
● Додає інтерфейс для логіну до веб інтерфейсу чи API
● Вбудована інтеграція з Google Workspace & GCP IAM
● Автентифікація та авторизація
● Cloud Run, App Engine, GKE, Compute Engine
32. @ ouvessvit
$ aws lambda create-function-url-config --function-name
my_function --auth-type NONE
NONE – Lambda doesn't perform any authentication before invoking
your function. However, your function's resource-based policy is
always in effect and must grant public access before your
function URL can receive requests. Choose this option to allow
public, unauthenticated access to your function URL.
AWS Lambda Function URLs
34. GCP Cloud Run Ingress Policy
@ ouvessvit
Ingress контролює доступ до URL самого сервісу, що автоматично створений:
https://<serviceName>-<projectHash>-<region>.run.app
35. GCP Cloud Run Ingress Policy
@ ouvessvit
Ingress контролює доступ до URL самого сервісу, що автоматично створений:
https://<serviceName>-<projectHash>-<region>.run.app
36. GCP Cloud Run Ingress Policy
@ ouvessvit
3 варіанти ingress:
● INGRESS_TRAFFIC_ALL <- default
● INGRESS_TRAFFIC_INTERNAL_ONLY
● INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER
37. GCP Cloud Run Ingress Policy
@ ouvessvit
3 варіанти ingress:
● INGRESS_TRAFFIC_ALL <- default
● INGRESS_TRAFFIC_INTERNAL_ONLY
● INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER
38. “Все йде вже налаштованим,
наша справа - писати код”
Quickfire
security
42. GCP: Serverless VPC Connectors
@ ouvessvit
Мій Проєкт
func-sa my-func1 my-dataset
Serverless VPC
connector
subnet
Cloud Functions, Cloud Run та інші
безсерверні продукти категорії compute
працюють в так званих тіньових проєктах;
для забезпечення комунікації з
приватними та restricted сервісами можна
використати Serverless VPC Connector.
A Cloud Run сам уміє в приватні комунікації
завдяки VPC Egress 🚀