kozylife

API Gateway vs. Lambda: Where Should You Validate JWT Tokens?

When building serverless APIs with AWS Lambda and API Gateway, we face a critical architectural decision: "Where should we handle JWT (JSON Web Token) validation?" This choice might seem straightforward, but it directly impacts your project's security posture, performance characteristics, maintainability, and AWS costs. Making the wrong decision can lead to a complete system refactoring down the..

When deploying React SPAs (Single Page Applications), many developers consider S3 static hosting as their go-to solution. However, using S3 alone presents several challenges that can impact security, performance, and user experience. In this article, we'll explore how to leverage AWS CDK to host React applications on S3 + CloudFront in a secure and efficient manner.Common Challenges with React S..

When developing applications, you inevitably encounter sensitive information like database passwords, external API keys, and certificates. Have you ever wondered how to manage this sensitive data properly?"Well, let me just hardcode it in the source code..." "I'll just write it in a configuration file..." "Setting it as an environment variable should be safe enough, right?"Wait! This is like wri..

As microservice architectures become mainstream, secure inter-service communication is no longer optional—it's essential. This becomes especially critical when one service needs to create and manage users in another service, requiring an authentication system that satisfies both security and scalability requirements.Today, I'll introduce a practical pattern for implementing service-to-service (S..

When building serverless applications, you'll often face the challenge: "How can I assign different permissions to different users in a secure and scalable way?" This becomes especially critical for services like B2B SaaS platforms or e-commerce systems where user roles are clearly defined.Today, I'll show you how to implement a group-based permission management authentication system using Amazo..

When developing serverless applications, you often encounter situations where "additional processing is needed only under specific conditions." For example, sending notifications only when a user's score is low, or executing additional review processes only for requests that don't meet certain thresholds.Today, I'll introduce the EventBridge-Lambda conditional processing pattern that's useful in..

When developing serverless applications, developers often face a critical dilemma: choosing between fast response times and system reliability. While some features require real-time responses, there are situations where safely processing requests without losing them is far more important than response speed.Today, I'll share the SQS-Lambda asynchronous processing pattern that I chose to enhance ..

When building serverless web applications, many developers face a common challenge: "How can we efficiently manage real-time API responses alongside static file delivery?"This becomes especially critical for features like search autocomplete or real-time search, where asynchronous patterns like SQS → Lambda simply won't work due to their inherent limitations.Today, we'll explore a practical arch..

In my previous post, I introduced Configuration-Driven Multi-Lambda Architecture as an effective way to manage multiple Lambda functions. We successfully managed 13 Lambda functions with a single configuration file, eliminating over 90% of code duplication. However, when operating multiple Lambda functions, you'll inevitably encounter another critical challenge.That challenge is common library m..

In the rapidly evolving landscape of serverless development, certain architectural patterns have emerged as indispensable tools for enterprise-scale applications. As someone who has navigated the complexities of real-world serverless projects, I want to share a battle-ested development pattern that has proven invaluable in production environments. This blog post focuses on a configuration-driven..