DevOps pipeline is a key component of project operation, it helps you automate steps in your software delivery process. Amazon itself has rich expirence on DevOps with large scale services, it shares the lesson and learn from operating the Amazon's services. You can read this summary post written in Chinese. Also AWS …
Read More
When working on either 2C application or 2B service, the customers do not want to or is not allowed to sign up the new account, they can login the application via existing IdP or enterprise SSO. So, building the application supports the federated OIDC login to address such requirements. This post extends the capability …
Read More
Previous post we demonstrated how distributing and securely deploying the website to global end users. The authentication and authorization are always mandatory features of web application. Amazon Cognito is a managed AWS serverless service helping the applications to implement AuthN and AuthZ, with Cognito the …
Read More
It's a well known pattern to distribute the website via CDN globally, it reduces the latency of the site and improve the availibity and security leveraging the infrastructure of cloud provider. Using CDN service CloudFront and simple storage S3 on AWS hosts the static website. It well fits the SPA(single page …
Read More
Most web applications are using Restful APIs to interactive with the backend services. In the TODO application, it's the straight forward to get, update and delete the items from backend database. Amazon DynamoDB is a key-value database, it fits for this scenario with scalability and optimized pay-as-you-go cost. Also …
Read More
Building web application is a common use case, leveraging cloud services could accelerate the builders to develop and deploy the services. With AWS serverless services, the application can easily get the capabilities like security, highly availability, scalability, resiliency and cost optimized. This is a series posts …
Read More
AWS CDK is a great abstract to accelerate managing the cloud infrastructure as code. The journey will be enjoyful with leveraging the Construct Hub to use the high level contributions from AWS partners and commnunity. Use Case AWS CloudFormation is one of the underly technologies of AWS CDK to manage the cloud …
Read More
As a builder in cloud, you might feel confused about which resources cost mostly in your account. In AWS, you can quickly find out which services even functionality cost a lot via AWS Billing or AWS Cost Explorer. However sometimes it sucks on finding out which functions cost mostly if you have hundreds of Lambda …
Read More
Though you're administrator of your AWS account, you probably see below warnings when viewing your cluster in EKS console. Your current user or role does not have access to Kubernetes objects on this EKS cluster. It's caused by the Kuberentes has itself RBAC authorization. And AWS uses IAM to grant permissions to …
Read More
近期在一个 Webinar 分享了如何在 AWS 上服务去中心化研发团队构建共享服务平台,核心观点总结如下, 这里的去中心化团队是同理想的完全化的 DevOps 团队(负责设计、开发、测试、运维以及运营等所有环节)相对立的。 在较大型的组织中,账户管理、网络规划、服务审计等模块会由平台,基础设施或安全团队所负责, 多个研发团队会负责各个业务系统的开发、测试、运维等。 如今组织的健康运营对安全性合规性要求越来越高,通常基础设施团队外加安全团队负责承担安全、合规需求的整体策略规划及实施。 但是满足安全、合规需求通常是同业务交付速度期望是相悖的。一方面,平台、安全团队要为应用上线或变更进行安全性与合规性审查, 而研发团队需要投入更多的资源 …
Read More