When using multiple AWS services together new problems emerge—IAM permissions and roles, configuration, and load-bearing quirks.
For example, using Cognito and Lambda (to workaround issues with usernames) signing up could fail because the Cognito role doesn’t have the right permissions to invoke the Lambda handler.
Even between multiple instances of the same service, calling one Lambda from another requires configuring the name of the Lambda to call (particularly if you have a separate dev and production version).
Then there are the quirks to discover, for example uploading a file to S3 in a Lambda that sets an acl on the object requires a hard to discover permission and returns a confusing ‘Access Denied’ otherwise.
See also:
- This is a good example of fighting the framework or maybe fighting the architecture
Links to this note
-
Options for Brotli Compression Using Cloudfront and S3
When using AWS S3 as an origin to serve a static website distributed by AWS Cloudfront you need to choose how to enable brotli compression. These choices are mutually exclusive—you can either a) have Cloudfront compress to brotli at the edge with a 20% ratio with fallbacks for gzip or no compression or b) compress to brotli by pre-compressing assets where you can use a much higher ratio (80%), but with no fallbacks.
-
Use a Monolith-First Architecture Because You Don’t yet Know the Boundaries
It’s difficult to start with microservices because that requires knowing more about the domain and boundaries within the domain that one could know up front. Due to lack of understanding, a microservices-first architecture often fails and it’s easier to start with a monolith and slowly peel away services.