Serverless security: defense against the dark arts

Yan Cui
Yan CuiSpeaker at Self
Serverless Security
defense against the
dark arts
Yan Cui
http://theburningmonk.com
@theburningmonk
AWS user for 10 years
http://bit.ly/yubl-serverless
Yan Cui
http://theburningmonk.com
@theburningmonk
Developer Advocate @
Serverless security: defense against the dark arts
Yan Cui
http://theburningmonk.com
@theburningmonk
Independent Consultant
Shared Responsibility Model
Shared Responsibility Model
protection from OS attacks
Amazon automatically apply latest patches to host VMs
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
still have to patch your code
vulnerable code, 3rd party dependencies, etc.
Serverless security: defense against the dark arts
https://snyk.io/blog/owasp-top-10-breaches
https://snyk.io/blog/owasp-top-10-breaches
Known Vulnerable Components cause 24% of the top 50 data breaches
https://snyk.io/blog/77-percent-of-sites-use-vulnerable-js-libraries
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
http://bit.ly/2topw5I
use prepared statements
sanitise inputs & outputs
(standardise and encapsulate into shared lib)
security is as much about what your function
should do as well as what it shouldn’t do
(protect against data exfiltration)
Serverless security: defense against the dark arts
http://bit.ly/2gSHtay
Broken Access Control
Insecure Direct Object Reference
Information Leakage
GraphQL Injection
http://bit.ly/2uKhGXF
Serverless security: defense against the dark arts
app dependencies
is a
attack surface
BIGGER
than you think
your dependencies
your dependencies
transient dependencies
https://david-dm.org/request/request?view=tree
Serverless security: defense against the dark arts
https://snyk.io
security updates are often
bundled with unrelated
feature and API changes
your security is as strong
as its weakest link
OS
Application
Dependencies
physical
infrastructure
NPM Authors
Container
runs in
runs in
runs in
has
hosted by published by
pushes to
Developers
develops uses
Users
guardsprotects
Networking
runs on
needs
Source Code
has
maintains
OS
Application
Dependencies
physical
infrastructure
NPM Authors
Container
runs in
runs in
runs in
has
hosted by published by
pushes to
Developers
develops uses
Users
guardsprotects
Networking
needs
runs on this is where an attacker will
target in a movie
Source Code
has
maintains
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
OS
Dependencies
physical
infrastructure
NPM Authors
Container
runs in
runs in
runs in
has
hosted by published by
pushes to
Developers
develops uses
Users
guardsprotects
Application
A9
Networking
runs on
needs
Source Code
has
maintains
A1, A3, …
people are often the WEAKEST link
in the security chain
Serverless security: defense against the dark arts
OS
Dependencies
physical
infrastructure
NPM Authors
Container
runs in
runs in
runs in
has
hosted by published by
pushes to
Developers
develops uses
Users
guardsprotects
Application
phishing…
Networking
runs on
needs
Source Code
has
maintains
OS
Dependencies
physical
infrastructure
NPM Authors
Container
runs in
runs in
runs in
has
hosted by published by
pushes to
Developers
develops uses
Users
guardsprotects
Application
brute force, known
account leaks, …
Networking
runs on
needs
Source Code
has
maintains
OS
Dependencies
physical
infrastructure
NPM Authors
Container
runs in
runs in
runs in
has
hosted by published by
pushes to
Developers
develops uses
Users
guardsprotects
Application
brute force, known
account leaks, …
Networking
runs on
needs
Source Code
has
maintains
http://bit.ly/2sFDwYX
…obtained publish access to 14% of npm packages…
http://bit.ly/2sFDwYX
debug, request, react, co, express, moment, gulp, mongoose, mysql, bower,
browserify, electron, jasmine, cheerio, modernizr, redux, …
http://bit.ly/2sFDwYX
total downloads/month of the unique packages which I got
myself publish access to was 1 972 421 945, that’s
20% of the total number of d/m directly.
20% of all monthly NPM downloads…
brute force
known account leaks from other sources
leaked NPM credentials (github, etc.)
http://bit.ly/2sFDwYX
http://bit.ly/2sFDwYX
662 users had password “123456”
172 — “123”
124 — “password”
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
WTF!?!?
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
oh god, that was too easy…
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
compromised package is a
transient dependency
sigh…
still “works”…
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
npmjs.com/~hacktask
Serverless security: defense against the dark arts
rm -rf /!!!
Serverless security: defense against the dark arts
NPM default - get latest
“compatible” version, ie. 1.X.X
clean install (eg. on CI server) will
download the latest, compromised
package without any code change…
NPM default - get latest
“compatible” version, ie. 1.X.X
Serverless security: defense against the dark arts
use npm shrinkwrap
or upgrade to NPM 5 or above
use `npm ci` in CI environment
not specific to Node.js or NPM
the attackers are in…
the attackers are in…
what now?
Shared Responsibility Model
who can invoke the function?
what can the function access?
Least Privilege Principle
Serverless security: defense against the dark arts
everything here
is trusted
Serverless security: defense against the dark arts
sensitive data
http://bit.ly/2zHvbcB
always public
access is controlled via IAM
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
https://www.puresec.io/function-shield
Serverless security: defense against the dark arts
http://bit.ly/2lNInES
adds up to 10s to cold start!!
http://bit.ly/2lNInES
Serverless security: defense against the dark arts
compromised servers allow
attacker to access all of
your sensitive data!
implement authentication and
authorization for internal APIs
Serverless security: defense against the dark arts
use AWS_IAM
authentication for
internal APIs
Serverless security: defense against the dark arts
minimise function’s access
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
requires developer discipline
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
AWS Lambda
docs
Write your Lambda function
code in a stateless style, and
ensure there is no affinity
between your code and the
underlying compute
infrastructure.
http://amzn.to/2jzLmkb
S3
AWS IoT
DynamoDB
RDS
EventStore
Elasticsearch Couchbase
Redshift
Neo4j
Google BigQuery
secure sensitive data both
at rest and in-transit
leverage server-side encryption
http://amzn.to/1N3Twb8
http://amzn.to/1xF41eX
http://amzn.to/2tgvFR2
https://amzn.to/2DaXFwA
Least Privilege Principle
Disposability is a virtue
AWS Lambda
docs
Delete old Lambda functions that
you are no longer using.
http://amzn.to/2jzLmkb
easier said than done…
identifying component
ownership in a big IT
organization is challenging
identifying ownership of
individual functions is
much harder
tag every function with Team name
source: http://www.digitalattackmap.com
more likely to scale through
DoS attacks
DoS + per exec billing =
Denial of Wallet problem
configure WAF rules on
API Gateway and CloudFront
review the default API Gateway
throttling settings
Serverless security: defense against the dark arts
AWS Shield Advanced also gives you access to the AWS DDoS
Response Team (DRT) and protection against DDoS related
spikes in your ELB, CloudFront or Route 53 charges.
async sync
S3
SNS
SES
CloudFormation
CloudWatch Logs
CloudWatch Events
Scheduled Events
CodeCommit
AWS Config
http://amzn.to/2vs2lIg
Cognito
Alexa
Lex
API Gateway
pulling
DynamoDB Stream
Kinesis Stream
SQS
Lambda handles retries
(twice, then DLQ)
http://bit.ly/2v7F2E4
DoS attack
2+ Retries+
?
DoS attack
Regex DoS attack
long Lambda timeout
2+ Retries+
?
Serverless security: defense against the dark arts
avoid (unnecessary) long timeouts
alert on error rate
Day 1
Day 2
Serverless security: defense against the dark arts
no long-lived compromised servers
containers are reused, avoid
sensitive data in /tmp
https://www.puresec.io/function-shield
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
no accidentally exposed directories
Serverless security: defense against the dark arts
cryptojacking
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
http://bit.ly/2tlGTbc
monitor activities in
unused regions using
CloudWatch Events
Serverless security: defense against the dark arts
set up billing alarms in unused regions
watertight compartments that can contain water in
the case of hull breach or other leaks
Michael Nygard
least privilege principle
per function policies
account level isolation
Recap
app dependencies
is a
attack surface
BIGGER
than you think
Serverless security: defense against the dark arts
sanitise inputs and outputs
Least Privilege Principle
here’s your per function policy
NEXT!
S3
AWS IoT
DynamoDB
RDS
EventStore
Elasticsearch Couchbase
Redshift
Neo4j
Google BigQuery
encrypt data at rest
S3
AWS IoT
DynamoDB
RDS
EventStore
Elasticsearch Couchbase
Redshift
Neo4j
Google BigQuery
and in-transit
delete unused functions.
DoS DoW*
* Denial of Wallet
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
Serverless security: defense against the dark arts
no server*
no OS attacks
no long lived compromised servers
* I know I know, there’s still a server somewhere, but it’s managed and secured by AWS engineers who can do a much better job of it
than most of us can; and the servers are ephemeral and short-lived
don’t be an unwilling bit miner
don’t be an unwilling bit miner
safeguard your credentials…
prod dev
compartmentalise breaches
people are often the WEAKEST link
in the security chain
@theburningmonk
theburningmonk.com
github.com/theburningmonk
https://theburningmonk.com/hire-me
AdviseTraining Delivery
1 of 182

Recommended

Security in serverless world by
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
1.5K views172 slides
Building a social network in under 4 weeks with Serverless and GraphQL by
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQLYan Cui
1.1K views153 slides
AWS security - NULL meet chennai by
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennaivinoth kumar
1.2K views15 slides
DevOps, Microservices and Serverless Architecture by
DevOps, Microservices and Serverless ArchitectureDevOps, Microservices and Serverless Architecture
DevOps, Microservices and Serverless ArchitectureMikhail Prudnikov
721 views41 slides
Deep Dive on Elastic Load Balancing by
Deep Dive on Elastic Load BalancingDeep Dive on Elastic Load Balancing
Deep Dive on Elastic Load BalancingAmazon Web Services
1.8K views63 slides
DevOps On AWS - Deep Dive on Continuous Delivery by
DevOps On AWS - Deep Dive on Continuous DeliveryDevOps On AWS - Deep Dive on Continuous Delivery
DevOps On AWS - Deep Dive on Continuous DeliveryMikhail Prudnikov
251 views57 slides

More Related Content

What's hot

AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr... by
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...Amazon Web Services
1.1K views52 slides
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs by
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIsAmazon Web Services
17.1K views40 slides
(SEC202) Best Practices for Securely Leveraging the Cloud by
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
8.1K views19 slides
Serverless - minimizing the attack surface by
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surfaceAvi Shulman
898 views35 slides
Working with microservices and Amazon ECS at Airtime by
Working with microservices and Amazon ECS at AirtimeWorking with microservices and Amazon ECS at Airtime
Working with microservices and Amazon ECS at AirtimeAmazon Web Services
1.2K views43 slides
Introduction to Docker on AWS by
Introduction to Docker on AWSIntroduction to Docker on AWS
Introduction to Docker on AWSAmazon Web Services
1.3K views64 slides

What's hot(20)

AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr... by Amazon Web Services
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
AWS re:Invent 2016: [JK REPEAT] Serverless Architectural Patterns and Best Pr...
Amazon Web Services1.1K views
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs by Amazon Web Services
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
Amazon Web Services17.1K views
(SEC202) Best Practices for Securely Leveraging the Cloud by Amazon Web Services
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
Amazon Web Services8.1K views
Serverless - minimizing the attack surface by Avi Shulman
Serverless - minimizing the attack surfaceServerless - minimizing the attack surface
Serverless - minimizing the attack surface
Avi Shulman898 views
Working with microservices and Amazon ECS at Airtime by Amazon Web Services
Working with microservices and Amazon ECS at AirtimeWorking with microservices and Amazon ECS at Airtime
Working with microservices and Amazon ECS at Airtime
Amazon Web Services1.2K views
Event-Driven Serverless Apps - Pop-up Loft Tel Aviv by Amazon Web Services
Event-Driven Serverless Apps - Pop-up Loft Tel AvivEvent-Driven Serverless Apps - Pop-up Loft Tel Aviv
Event-Driven Serverless Apps - Pop-up Loft Tel Aviv
AWS re:Invent 2016: Deep Dive: Building and Delivering Mobile Apps for the En... by Amazon Web Services
AWS re:Invent 2016: Deep Dive: Building and Delivering Mobile Apps for the En...AWS re:Invent 2016: Deep Dive: Building and Delivering Mobile Apps for the En...
AWS re:Invent 2016: Deep Dive: Building and Delivering Mobile Apps for the En...
Amazon Web Services1.1K views
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles... by Amazon Web Services
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...
AWS re:Invent 2016: Deep-Dive: Native, Hybrid and Web patterns with Serverles...
Amazon Web Services1.6K views
A Tale of Two Pizzas: Developer Tools at AWS - DevDay Los Angeles 2017 by Amazon Web Services
A Tale of Two Pizzas: Developer Tools at AWS - DevDay Los Angeles 2017A Tale of Two Pizzas: Developer Tools at AWS - DevDay Los Angeles 2017
A Tale of Two Pizzas: Developer Tools at AWS - DevDay Los Angeles 2017
API310 - How to refactor a monolith to serverless in 8 steps by Yan Cui
API310 - How to refactor a monolith to serverless in 8 stepsAPI310 - How to refactor a monolith to serverless in 8 steps
API310 - How to refactor a monolith to serverless in 8 steps
Yan Cui464 views
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity by Amazon Web Services
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityCreating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017 by Amazon Web Services
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
DevOps at Amazon: A Look at Our Tools and Processes by Amazon Web Services
 DevOps at Amazon: A Look at Our Tools and Processes DevOps at Amazon: A Look at Our Tools and Processes
DevOps at Amazon: A Look at Our Tools and Processes
Amazon Web Services5.9K views
網路安全自動化 - 縮短應用維安的作業時間 by Amazon Web Services
網路安全自動化 - 縮短應用維安的作業時間網路安全自動化 - 縮短應用維安的作業時間
網路安全自動化 - 縮短應用維安的作業時間
Serverless use cases with AWS Lambda - More Serverless Event by Boaz Ziniman
Serverless use cases with AWS Lambda - More Serverless EventServerless use cases with AWS Lambda - More Serverless Event
Serverless use cases with AWS Lambda - More Serverless Event
Boaz Ziniman481 views
Stephen Liedig: Building Serverless Backends with AWS Lambda and API Gateway by Steve Androulakis
Stephen Liedig: Building Serverless Backends with AWS Lambda and API GatewayStephen Liedig: Building Serverless Backends with AWS Lambda and API Gateway
Stephen Liedig: Building Serverless Backends with AWS Lambda and API Gateway
Steve Androulakis683 views

Similar to Serverless security: defense against the dark arts

DevSecCon London 2018: Security in the serverless world by
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon
298 views172 slides
Security in serverless world by
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
1.4K views171 slides
Serverless security: defence against the dark arts by
Serverless security: defence against the dark artsServerless security: defence against the dark arts
Serverless security: defence against the dark artsYan Cui
876 views180 slides
Security in serverless world (get.net) by
Security in serverless world (get.net)Security in serverless world (get.net)
Security in serverless world (get.net)Yan Cui
1.7K views179 slides
Security in Serverless world by
Security in Serverless worldSecurity in Serverless world
Security in Serverless worldYan Cui
784 views158 slides
Security in serverless world by
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
3.5K views154 slides

Similar to Serverless security: defense against the dark arts(20)

DevSecCon London 2018: Security in the serverless world by DevSecCon
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless world
DevSecCon298 views
Security in serverless world by Yan Cui
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui1.4K views
Serverless security: defence against the dark arts by Yan Cui
Serverless security: defence against the dark artsServerless security: defence against the dark arts
Serverless security: defence against the dark arts
Yan Cui876 views
Security in serverless world (get.net) by Yan Cui
Security in serverless world (get.net)Security in serverless world (get.net)
Security in serverless world (get.net)
Yan Cui1.7K views
Security in Serverless world by Yan Cui
Security in Serverless worldSecurity in Serverless world
Security in Serverless world
Yan Cui784 views
Security in serverless world by Yan Cui
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui3.5K views
Serverless Security: Defence Against the Dark Arts by Yan Cui
Serverless Security: Defence Against the Dark ArtsServerless Security: Defence Against the Dark Arts
Serverless Security: Defence Against the Dark Arts
Yan Cui291 views
Continuous Security: From tins to containers - now what! by Michael Man
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
Michael Man463 views
Continuous Integration: SaaS vs Jenkins in Cloud by Ideato
Continuous Integration: SaaS vs Jenkins in CloudContinuous Integration: SaaS vs Jenkins in Cloud
Continuous Integration: SaaS vs Jenkins in Cloud
Ideato12.1K views
Digital Forensics and Incident Response in The Cloud Part 3 by Velocidex Enterprises
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
Docker - Demo on PHP Application deployment by Arun prasath
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
Arun prasath13.4K views
Docker Security workshop slides by Docker, Inc.
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
Docker, Inc.5.3K views
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf by Gabriel Mathenge
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
Gabriel Mathenge212 views
Scaleable PHP Applications in Kubernetes by Robert Lemke
Scaleable PHP Applications in KubernetesScaleable PHP Applications in Kubernetes
Scaleable PHP Applications in Kubernetes
Robert Lemke52 views
Europe Cloud Summit - Security hardening of public cloud services by Runcy Oommen
Europe Cloud Summit - Security hardening of public cloud servicesEurope Cloud Summit - Security hardening of public cloud services
Europe Cloud Summit - Security hardening of public cloud services
Runcy Oommen287 views
Stups.io - an Open Source Cloud Framework for AWS by Jan Löffler
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWS
Jan Löffler1.2K views
Drupalcamp es 2013 drupal with lxc docker and vagrant by Ricardo Amaro
Drupalcamp es 2013  drupal with lxc docker and vagrant Drupalcamp es 2013  drupal with lxc docker and vagrant
Drupalcamp es 2013 drupal with lxc docker and vagrant
Ricardo Amaro3.8K views
Containerizing your Security Operations Center by Jimmy Mesta
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
Jimmy Mesta985 views
There is No Server: Immutable Infrastructure and Serverless Architecture by Sonatype
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
Sonatype 1.1K views

More from Yan Cui

How to win the game of trade-offs by
How to win the game of trade-offsHow to win the game of trade-offs
How to win the game of trade-offsYan Cui
21 views84 slides
How to choose the right messaging service by
How to choose the right messaging serviceHow to choose the right messaging service
How to choose the right messaging serviceYan Cui
135 views118 slides
How to choose the right messaging service for your workload by
How to choose the right messaging service for your workloadHow to choose the right messaging service for your workload
How to choose the right messaging service for your workloadYan Cui
65 views113 slides
Patterns and practices for building resilient serverless applications.pdf by
Patterns and practices for building resilient serverless applications.pdfPatterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdfYan Cui
170 views137 slides
Lambda and DynamoDB best practices by
Lambda and DynamoDB best practicesLambda and DynamoDB best practices
Lambda and DynamoDB best practicesYan Cui
817 views148 slides
Lessons from running AppSync in prod by
Lessons from running AppSync in prodLessons from running AppSync in prod
Lessons from running AppSync in prodYan Cui
1.1K views102 slides

More from Yan Cui(20)

How to win the game of trade-offs by Yan Cui
How to win the game of trade-offsHow to win the game of trade-offs
How to win the game of trade-offs
Yan Cui21 views
How to choose the right messaging service by Yan Cui
How to choose the right messaging serviceHow to choose the right messaging service
How to choose the right messaging service
Yan Cui135 views
How to choose the right messaging service for your workload by Yan Cui
How to choose the right messaging service for your workloadHow to choose the right messaging service for your workload
How to choose the right messaging service for your workload
Yan Cui65 views
Patterns and practices for building resilient serverless applications.pdf by Yan Cui
Patterns and practices for building resilient serverless applications.pdfPatterns and practices for building resilient serverless applications.pdf
Patterns and practices for building resilient serverless applications.pdf
Yan Cui170 views
Lambda and DynamoDB best practices by Yan Cui
Lambda and DynamoDB best practicesLambda and DynamoDB best practices
Lambda and DynamoDB best practices
Yan Cui817 views
Lessons from running AppSync in prod by Yan Cui
Lessons from running AppSync in prodLessons from running AppSync in prod
Lessons from running AppSync in prod
Yan Cui1.1K views
Serverless observability - a hero's perspective by Yan Cui
Serverless observability - a hero's perspectiveServerless observability - a hero's perspective
Serverless observability - a hero's perspective
Yan Cui385 views
How to ship customer value faster with step functions by Yan Cui
How to ship customer value faster with step functionsHow to ship customer value faster with step functions
How to ship customer value faster with step functions
Yan Cui652 views
How serverless changes the cost paradigm by Yan Cui
How serverless changes the cost paradigmHow serverless changes the cost paradigm
How serverless changes the cost paradigm
Yan Cui1.1K views
Why your next serverless project should use AWS AppSync by Yan Cui
Why your next serverless project should use AWS AppSyncWhy your next serverless project should use AWS AppSync
Why your next serverless project should use AWS AppSync
Yan Cui1.3K views
Build social network in 4 weeks by Yan Cui
Build social network in 4 weeksBuild social network in 4 weeks
Build social network in 4 weeks
Yan Cui642 views
Patterns and practices for building resilient serverless applications by Yan Cui
Patterns and practices for building resilient serverless applicationsPatterns and practices for building resilient serverless applications
Patterns and practices for building resilient serverless applications
Yan Cui393 views
How to bring chaos engineering to serverless by Yan Cui
How to bring chaos engineering to serverlessHow to bring chaos engineering to serverless
How to bring chaos engineering to serverless
Yan Cui456 views
Migrating existing monolith to serverless in 8 steps by Yan Cui
Migrating existing monolith to serverless in 8 stepsMigrating existing monolith to serverless in 8 steps
Migrating existing monolith to serverless in 8 steps
Yan Cui402 views
Building a social network in under 4 weeks with Serverless and GraphQL by Yan Cui
Building a social network in under 4 weeks with Serverless and GraphQLBuilding a social network in under 4 weeks with Serverless and GraphQL
Building a social network in under 4 weeks with Serverless and GraphQL
Yan Cui289 views
FinDev as a business advantage in the post covid19 economy by Yan Cui
FinDev as a business advantage in the post covid19 economyFinDev as a business advantage in the post covid19 economy
FinDev as a business advantage in the post covid19 economy
Yan Cui546 views
How to improve lambda cold starts by Yan Cui
How to improve lambda cold startsHow to improve lambda cold starts
How to improve lambda cold starts
Yan Cui867 views
What can you do with lambda in 2020 by Yan Cui
What can you do with lambda in 2020What can you do with lambda in 2020
What can you do with lambda in 2020
Yan Cui1K views
A chaos experiment a day, keeping the outage away by Yan Cui
A chaos experiment a day, keeping the outage awayA chaos experiment a day, keeping the outage away
A chaos experiment a day, keeping the outage away
Yan Cui385 views
How to debug slow lambda response times by Yan Cui
How to debug slow lambda response timesHow to debug slow lambda response times
How to debug slow lambda response times
Yan Cui317 views

Recently uploaded

Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT by
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITShapeBlue
208 views8 slides
Why and How CloudStack at weSystems - Stephan Bienek - weSystems by
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsShapeBlue
247 views13 slides
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... by
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...ShapeBlue
171 views28 slides
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue by
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlueShapeBlue
152 views23 slides
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...ShapeBlue
129 views10 slides
Evaluation of Quality of Experience of ABR Schemes in Gaming Stream by
Evaluation of Quality of Experience of ABR Schemes in Gaming StreamEvaluation of Quality of Experience of ABR Schemes in Gaming Stream
Evaluation of Quality of Experience of ABR Schemes in Gaming StreamAlpen-Adria-Universität
38 views34 slides

Recently uploaded(20)

Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT by ShapeBlue
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
ShapeBlue208 views
Why and How CloudStack at weSystems - Stephan Bienek - weSystems by ShapeBlue
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystems
ShapeBlue247 views
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... by ShapeBlue
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
ShapeBlue171 views
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue by ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
ShapeBlue152 views
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue129 views
Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 -  Week 4 Session 7Business Analyst Series 2023 -  Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10146 views
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by ShapeBlue
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue108 views
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue by ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
ShapeBlue207 views
"Running students' code in isolation. The hard way", Yurii Holiuk by Fwdays
"Running students' code in isolation. The hard way", Yurii Holiuk "Running students' code in isolation. The hard way", Yurii Holiuk
"Running students' code in isolation. The hard way", Yurii Holiuk
Fwdays36 views
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by ShapeBlue
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
ShapeBlue199 views
Optimizing Communication to Optimize Human Behavior - LCBM by Yaman Kumar
Optimizing Communication to Optimize Human Behavior - LCBMOptimizing Communication to Optimize Human Behavior - LCBM
Optimizing Communication to Optimize Human Behavior - LCBM
Yaman Kumar38 views
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online by ShapeBlue
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
ShapeBlue225 views
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue by ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
ShapeBlue224 views
NTGapps NTG LowCode Platform by Mustafa Kuğu
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform
Mustafa Kuğu437 views
The Power of Generative AI in Accelerating No Code Adoption.pdf by Saeed Al Dhaheri
The Power of Generative AI in Accelerating No Code Adoption.pdfThe Power of Generative AI in Accelerating No Code Adoption.pdf
The Power of Generative AI in Accelerating No Code Adoption.pdf
Saeed Al Dhaheri39 views
The Power of Heat Decarbonisation Plans in the Built Environment by IES VE
The Power of Heat Decarbonisation Plans in the Built EnvironmentThe Power of Heat Decarbonisation Plans in the Built Environment
The Power of Heat Decarbonisation Plans in the Built Environment
IES VE84 views

Serverless security: defense against the dark arts