On-boarding trusted clients and partners on Amazon API Gateway gets more secure with Mutual TLS

Mutual TLS or MTLS is the de-facto transport layer security standard used in critical Business-to-Business (B2B) and Internet of Things (IoT) integrations. Essentially Mutual TLS establishes a two-way trust in a client-server communication channel. So, it’s not just the client that verifies identity of server (which happens to be the case with standard HTTPS based communication via browser), but the server also verifies identity of client. In short, MTLS is used to authenticate a trusted client/partner based on X.509 certificates. …

An interesting way to process a batch of records in the AWS Serverless world is to leverage the event triggering capabilities of S3, the power of Lambda, backed by a database service like DynamoDB and finally SNS for notifications. For simple batch processing scenarios, this solution could be very effective. So, if you are looking for an easy, powerful and serverless way to process records in a batch, this post might be of interest.

We’ll quickly leaf through the preamble of what we intend to achieve and then talk about some of the ‘potholes’ along the way to watch out…

“The only secrets are the secrets that keep themselves”- George Bernard Shaw

Leveraging a service like AWS Secrets Manager, to outsource secured storage and life-cycle management of secrets (like passwords, API keys, tokens, encryption keys, etc.) is becoming quite commonplace. Essentially, this practice keeps the application code clean and devoid of any sensitive information that might get leaked otherwise. The idea is to either use DevOps pipeline to fetch secrets and inject them at the time of deployment (primarily as environment variables) or use AWS SDK to retrieve secrets during application runtime and use them.

Normally, creation and retrieval of…

In this post, we will go through the steps to expose a SOAP service as a RESTful API using AWS API Gateway and Lambda. The primary driver for such a solution is often incompatibilities of systems involved in the integration. For example: The service client supports REST and JSON, whereas the service provider works solely based on SOAP messages.

To keep things simple, we will refer to a publicly available SOAP based web service accessible here. This calculator service provides simple arithmetic operations like Add, Subtract, Multiply and Divide. We will expose the ‘Add’ operation via a RESTful API. …

If you are a Kubernetes enthusiast but have not yet experimented with MicroK8s, then this post is for you.

MicroK8s is CNCF certified upstream Kubernetes deployment that can run on your laptop, workstation or on edge devices. It runs all the Kubernetes services natively and unlike Minikube, doesn’t require a separate virtual machine to run, thus making it a far more lighter alternative for offline development and/or prototyping.

Microk8s is available for Linux, Windows and MacOS. I will use Ubuntu 18.04 …

LAMBDA AUTHORIZER ON STEROIDS

Lambda authorizers are used to control access to APIs published in AWS API Gateway. They help to implement custom authorization schemes that either use token based authentication strategies (like OIDC, SAML, etc.), or use one or more request parameters to establish the API caller’s identity.

There are essentially two types of Lambda authorizers:

• Token authorizer: Here one has to declare a token source (like HTTP Authorization header) and Lambda authorizer runtime takes care of plumbing the token from token source and passing the same in the Lambda event. This token is available at event.authorizationToken, within the Lambda function
• Request authorizer…