Відео

Hi Pahud, thank you!

**hair flip**

Hey, This is a problem that I have also encountered. I have not found any way to do it using OAC. I'll try looking to see if maybe there is a way with OAC but for folder-specific permissions OAI seems to be the easiest option.

@@cloudmancer Thanks for getting back to me! I have eventually managed to get this working by adding a DENY statement utilizing the NotResource policy element to the bucket after the OAC operation. As DENY statements take precedence over ALLOW, by using DENY with NotResource (listing the resources I want to allow), it seems to be working a treat.

That is a really innovative solution, nice job!

Hey, That was just an architecture decision on my part. You can place them where you feel is most appropriate. My reasoning was that the pipeline stack just contains things that usually don't change. Once the S3 bucket is up and hosting the web app, its probably not going to change unless I scrap the whole project, so I left it there. Other S3 buckets went in the infra repo since they might need to be modified or removed or renamed based on whatever new functionality I was developing. Same goes for the hosted zone. You could argue that the domain name might change if you are trying out new names for your website, so this would be a good argument for putting it in infra stack. The other benefit however is that most of the things in the pipeline stack reference each other, so it was also easier to do that when they exist in the same stack, however you could get around this by using outputs.

Hey, Yes correct, you would probably not do this through the CLI. You would instead add the token to the header of your API request in the code like "'Authorization": "Bearer ${idToken}", or something along those lines. This is how I usually do it with Axios by adding an interceptor to append that header to each API call before its made. Hope this helps!

Copy that, that thanks! Since you ask about topics for videos I think one important topic it vpc endpoint service (not vpc endpoints). Would be interesting how to set it up and more importantly how to configure my app to consume that service. Thanks in advance!

This is a great suggestion, I will look into it, thank you!

Hey! Yes, API Gateway supports logging unauthorized requests to CloudWatch if you enable logging in the API Gateway settings. To do this in the CDK, you can use the API Gateway Stage construct and specify a accessLogDestination with a CloudWatch log group. If you also wanted to set these logs up to go to S3, you could create a lambda to do that. I will look into doing a video about WAF and API Gateway/CloudFront for a video, thanks for the great suggestion! API GW Stage Construct: docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigateway.Stage.html

Thank you for watching!

I am interested to dive back into App Studio now that some of the shortcomings I noted have been addressed. I am not sure if the apps would still be enterprise grade, but I will check it out again. I have not used elasticache much myself.

I use SSM for almost everything! I agree, unless you need the rotation for something, SSM is almost always the best choice.

I am glad you found value in this! Thanks for watching

Yes I agree, I love using parameter store to pass output values between cloudformation templates

Thanks for watching!

Hey there, thank you! In the infra project, the bucket was just an example of something you might deploy in that stack, it does not need to be a bucket. It could be a lambda function, dynamo table, etc., anything your infrastructure needs that might get updated frequently. In the pipeline project, strictly speaking, the artifact bucket is not necessary. The CDK will actually create one by default if you don't specify it. However, I like making it because it allows you to set the bucket name rather than the randomly generated string of characters the CDK comes up with. For your arch, yes the API gateway and lambdas would go in the infrastructure project. This way as you make updates to and iterate on your endpoints, you can push it to source and have them continuously deployed to test them! Hope this helps.

Hey Mario, Thanks for the great suggestion! I will work on putting something together for you.

@@cloudmancer thank you very much. I’m looking forward to that. May I ask one more noob question? Could you evtl. explain one more time the lambda function directory structure once it gets transpiled to JavaScript. The problem I have is in understanding the difference between importing something from /opt/nodejs/* into the typescript code. And when it is deployed for example to localstack then it says that there is no /opt/nodejs/* directory or any content. So my concrete question would be - what is the real target directory structure that is needed at runtime in localstack or even in real aws itself. In my opinion the runtime in any target system (localstack and aws) is a Linux env with an opt/nodejs directory which contains my lambda function code. But maybe I am confused. Evtl. you have some link to some documentation where I can learn about the target runtime of lambda functions. As I was unfortunately not yet lucky to find some good docs. So far I found this resource helpful but did not yet solve my confusion. www.qloudx.com/how-to-split-typescript-based-lambda-functions-into-lambda-layers/ Would really appreciate your support as it is quite frustrating to get stuck already in the beginning of learning modern cloud architectures. Thx a lot in advance Ryan

lol thank you!

I am glad you liked it!

Hey, All communication into a Lambda usually comes through the Event object in a Lambda function. This Event object represents the "event that triggered the function". For API Gateway this comes through the event body. In the case of SQS this comes through the event Records array.

@@cloudmancer true, keep thinking about a standard application. Thanks anyway

@@cloudmancer true, keep thinking about a standard application. Thanks anyway

Hey, thank you! I am not the best a python but I have a desire to get better. I have a python tutorial series on the CDK on my list of videos to make, I will keep you updated!

Thank you!

Hey, 1. I will look into something like this. 2. Did you mean website hosting? I have a video on S3 + Cloudfront + Route53 for single page web apps. Was there a specific hosting architecture you were looking for? 3. I have a two-parter on making a CI/CD pipeline for a serverless backend arch with a web application. Was there a different idea you had for a CI/CD pipeline? Let me know!

This is a great suggestion, it is on my list to get to!

I have it on my list to get into some networking videos with the CDK. I will come up with something for you.

Thanks for the kind words, let me know if there is anything else you would like to see.

@@cloudmancer Anything with ECS would be really nice (ie, A wordpress site, or Vue app)

I am glad that it is of some value to you!

Hey, Sure I can try and assist with this, can you give me the full error?

Hey there, 1. Yes there is a max payload size that a Lambda can return and this is 6 MB for synchronous invocations such as invoking Lambda directly via API Gateway, another Lambda function or a step functions invocation. If you had a particularly large data set, one solution might be to write it into a new file in S3 and pass the new object key down and have the subsequent lambda function read from the new file, rather than passing the raw data down in the state object. 2. Yes this is totally doable. All we would need to do is create a new FailedExecution SNS topic and a new lambda invoke task that could handle the failed execution. Then, rather than passing in the FailState into our addCatch, which fails the execution directly, we would instead pass in this new task. I would be interested to hear your experience if you implement something like this! I hope this helps.

@@cloudmancer thanks for your answer, those are just out of my curiosity. At the moment i'm not yet into step functions: i'd like to experiment and consider a refactoring. My current project involves three lambdas with different tech stack, communicating via sqs.

It sounds like your current project would be good for a step functions refactor, let me know if you do and what you come up with!

You know building something with AI would be really fun, I will come up with a good idea

Hey, Off the top of my head, I am not sure if this is possible, but I will look into it!

I appreciate you input. I agree that "just building something" is insufficient, however you will never gain "a deep understanding of HOW to build" without starting just building something.

Good suggestion! I will look into this!

That is very specific! I will look into this.

Hey! I promise I will make a revision video with OAC in the future. In the meantime, you can check out a revised GitHub repository I made for you that actually has this change: github.com/Cloudmancermedia/cdk-spa-deployment-oac.git In the README I have some notes on how it was achieved and why its necessary for the workaround. I hope this helps!

@@cloudmancer thanks a bunch 👍

Hey, I might be able to help with this, can you clarify what you mean by extensions? Did you mean VS Code extensions?

Hey, sure, this is a good idea. Was there a specific architecture you wanted to see using custom resources and/or lambda + SNS? What are you looking to use these custom resources to achieve?

Sure, check out the reply on your other comment.

Hey, to my knowledge, function URLs are not customizable.

Of course!

Awesome thanks for the feedback!

Hey, Strictly speaking, yes, this is a workaround and it does not do anything to change the default functionality of API Gateway. However most people who would encounter this problem are probably discovering it because they first tried to make a Lambda with API Gateway and it timed out. At least this is how the problem manifested itself for me.

It's a septum piercing. Thanks!

: (

Hey! Did you mean you wanted to migrate existing infrastructure where the templates are version-controlled through Azure Repos? Or were you simply wanting to migrate your version-controlled repos from Azure to AWS CodeCommit? Without knowing too much detail about your situation or the architecture you have provisioned in Azure, if your situation is more the former, it might be worthwhile to look into Terraform templates since its more platform-agnostic. Let me know if this answers your question!

@@cloudmancer Thanks! The scenario is my source code is on Azure Repos but I want to deploy on AWS (without using CodeCommit, just the other resources). Using an agnostic platform sounds nice, I am also checking serverless framework as my architechture is purely serverless

Yes, in that case serverless framework would be a good choice! You can keep your repos version controlled wherever you want and it should not impede your ability to use the CLI to deploy the infra to AWS or wherever you want