Define your API via OpenAPI definition on AWS
Application Programming Interfaces(APIs) is a critical part of the web service, Werner Vogel, the CTO of AWS had a great 6 Rules for Good API Design presentation in 2021 re:Invent keynote.
In AWS the developers could manage and proxy the APIs via Amazon API Gateway. The developers can use console, CLI, API or IaC …
Read MoreSetup DevOps pipeline with few code
DevOps pipeline is a key component of project operation, it helps you automate steps in your software delivery process.
Amazon itself has rich expirence on DevOps with large scale services, it shares the lesson and learn from operating the Amazon's services. You can read this summary post written in Chinese.
Also AWS …
Read MoreFederated OIDC login with Cognito and Amplify
Sep 12, 2022 · 4 min read · Serverless AWS AWS CDK API Gateway Cognito Amplify OpenID Connect Authentication ·When working on either 2C application or 2B service, the customers do not want to or is not allowed to sign up the new account, they can login the application via existing IdP or enterprise SSO. So, building the application supports the federated OIDC login to address such requirements.
This post extends the capability …
Read MoreProtect website with Cognito
Sep 4, 2022 · 3 min read · Serverless AWS AWS CDK API Gateway Cognito Amplify Authentication Authorization ·Previous post we demonstrated how distributing and securely deploying the website to global end users. The authentication and authorization are always mandatory features of web application. Amazon Cognito is a managed AWS serverless service helping the applications to implement AuthN and AuthZ, with Cognito the …
Read MoreIt's a well known pattern to distribute the website via CDN globally, it reduces the latency of the site and improve the availibity and security leveraging the infrastructure of cloud provider.
Using CDN service CloudFront and simple storage S3 on AWS hosts the static website. It well fits the SPA(single page …
Read More- Most web applications are using Restful APIs to interactive with the backend services. In the TODO application, it's the straight forward to get, update and delete the items from backend database. Amazon DynamoDB is a key-value database, it fits for this scenario with scalability and optimized pay-as-you-go cost. Also …
Read More - Building web application is a common use case, leveraging cloud services could accelerate the builders to develop and deploy the services. With AWS serverless services, the application can easily get the capabilities like security, highly availability, scalability, resiliency and cost optimized.
Read More 使用外部Secrets Manager管理Kubernetes密钥
Jun 12, 2022 · 5 min read · External Secrets Operator AWS Secrets Manager Flux GitOps Kubernetes Git EKS CD Continuous Delivery ·背景
密钥的管理对于使用 GitOps 方式做持续发布是一个挑战,特别是当目标部署平台是 Kubernetes 的时候。 K8S 使用声明式配置管理最终状态,而K8S中的密钥仅仅是将密钥内容做了base64格式的编码。 在基于 Flux 的 GitOps 实战介绍了使用Bitnami Sealed Secrets加密密钥内容, 可以安全的将加密后的Kubernetes Manifest文件提交到Git代码仓库,由Sealed Secrets发现这些SealedSecret的密码, 并解密后动态的创建K8S原生Secrets对象。
Read More基于 Flux 的 GitOps 管理 Crossplane 部署及资源
背景
在Flux 部署实战的总结展望中有一个方向是如何将云上基础设施资源同Kubernetes内资源统一管理, 而Crossplane提供了一个高度可扩展的后端,使用声明式程序同时编排应用程序和基础设施,不用关心它们在哪里运行。
近期 AWS 官方博客宣布了 AWS Blueprints for Crossplane,为客户提供了在 Amazon EKS 上应用 Crossplane 的参考实现。
Read MoreAWS CDK is a great abstract to accelerate managing the cloud infrastructure as code. The journey will be enjoyful with leveraging the Construct Hub to use the high level contributions from AWS partners and commnunity.
Use Case
AWS CloudFormation is one of the underly technologies of AWS CDK to manage the cloud …
Read More