There has been a lot of press about supply chain attacks recently, these type of attacks are nothing new and understanding them is really important for developers using services such as GitHub Actions, given Continuos integration (CI) tools are a critical part of supply chain used in software projects.
A supply chain attack targets less secure parts of the development process, this could be the tools and services you depend on, or the docker containers you host your software in.
We have all read horror stories of Amazon Simple Storage Service (S3) buckets being “hacked” in the popular media, and we have seen lots of work by Amazon Web Services (AWS) to tighten up controls and messaging around best practices. So how do the amazon tools help you avoid some of the pitfalls with S3?
Case in point, the AWS CLI which a large number of engineers and developers rely on every day, the following command will create a bucket.
For some time now I have been working on internal, and some product related services which use AWS events, some of this has been paired with AppSync subscriptions, slack and AWS SNS. To help everyone come up to speed with events, and async messaging in general in a world of REST and synchronous APIs I have been compiling a list of links, which I thought I would share in a post.
Assuming you read my Starting a Go Project post you should have the starting point for a minimal go web service. For your first project it is easier to keep all your code in one folder, in the base of your project, but at some point you will want to restructure things, this is done for a few of reasons:
Having everything in one folder results in a lot of inter dependencies in the code.
Given the changes with Go Modules I wanted to document a brief getting started for Go projects, this will focus on building a minimal web service.
Before you start you will need to install Go, I recommend using homebrew or for ubuntu users Golang Backports, or as last resort grab it from the Go Downloads page.
So this looks like this for OSX.
brew install go Or for ubuntu we add the PPA, then install golang 1.
In my spare time I spend a bit of time building and working on a scaled down self driving RC project which uses an opensource project called donkeycar. I have been through a few generations of car, learning how both the hardware and software worked, hopefully I can provide some tips on how to avoid at least some of my mistakes in this post.
Starting Out Probably the lion share of lessons, at least initially were learnt about how to setup a custom RC car, especially the power and drive train.
The AWS Cognito product enables developers to build web or API based applications without worrying about authentication and authorisation.
When setting up an applications authentication I try to keep in mind a few goals:
Keep my users data as safe as possible. Try and find something which is standards based, or supports integrating with standard protocols such as openid, oauth2 and SAML. Evaluate the authentication flows I need and avoid increasing scope and risk.
Early this year amazon web services released the Cloud Development Kit (CDK) which is best summed up by a quote from the GitHub project.
The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation.
Before I go recommending this new project to anyone I most certainly need to road test it myself. This post provides a bit of background on where I work, and why I am looking into CDK, and what I love to see in the future.
Step Functions allow you to build pipelines involving one or more amazon, or external service. Some examples of this are:
complex customer on boarding processes jobs which provision resources then send a welcome email billing jobs where you may need wait for payment authorisation provisioning users and setup of any resources each user may need pipeline In software engineering, a pipeline consists of a chain of processing elements (processes, threads, coroutines, functions, etc.
Background jobs form the backbone of a lot of modern applications, they are used to perform a range of asynchronous tasks, from image processing through to order processing, fulfillment and shipping. Wherever there is a need to dispatch some sort of task, then monitor or wait for it’s result.
In the serverless space AWS Step Functions play a similar role to projects such as delayed job or resque in ruby, celery in python, but with the following differences: