#59 Serverless Security š
This week, our expert is AWS Hero Daniel Aniszkiewicz, our spotlight falls on AWS Community Builder Suzana Melo, and we look at the latest service releases, news, & more!
Welcome
In last weekās issue, our serverless expert was AWS Community Builder Igor Soroka, and our spotlight fell on AWS Hero Thorsten Hƶger!
This week, our serverless expert is AWS Hero Daniel Aniszkiewicz, our spotlight falls on AWS Community Builder Suzana Melo, and we look at the latest AWS service releases, blog posts, hints and tips, news and more!
This weekās newsletter is sponsored by Leighton.
š° Articles that caught the eye
Here are some stand-out articles I read during the week in the World of Serverless, AI, Engineering and Architecture!
ā My favourite article this week was by one of my team, Jason Conway-Williams, discussing that age-old question of ordered events with EventBridge.
Jason Conway-Williams covers āYou Donāt Need Ordered Events, You Need Smart Eventsā in this great article.
Nick Tune discusses āEnforcing Software Architecture Living Documentation Conventionsā in this interesting article.
Marcin Sodkiewicz has a fab article titled āOrganization-wide EventBridge broadcastingā.
Anne Stein has a great article titled āFrom Seconds to Milliseconds: Fixing Python Cold Starts with SnapStartā.
Kenta Goto covers all things unit testing in this article āAWS CDK Unit Testing Advanced Tips: Aligning Feature Flags and Skipping Bundlingā.
Martyn Kilbryde covers āRunning a Strands Agent on Lambda to Tag Product Reviewsā in this great article.
š Ask the Expert
Each week, I ask a different serverless expert the same three questions to get their personal insights - this week, we have AWS Hero Daniel Aniszkiewicz:
Opinions are the authorās and do not express the views of their employer.
1. What is one common mistake you see teams making when implementing serverless solutions, and how can they avoid it?
One critical mistake I see is teams applying overly permissive IAM policies to Lambda functions - often starting with broad permissions and never refining them. The āit works, ship it, we will adjust it laterā mentality leads to functions with far more access than they need, violating the principle of least privilege.
Another common issue is over-provisioning resources across environments. I often see teams using the same provisioned concurrency settings for dev, staging, and production.
You donāt need 10 warm instances in your development environment! This burns money unnecessarily.
But hereās the real kicker: assuming consistent behaviour across AWS service configurations without thorough testing.
I recently hit this myself when migrating API Gateway REST APIs from Edge-Optimised to Regional endpoints. Our Lambda authorizer was checking event[āheadersā][āAuthorizationā]. Worked perfectly in testing (for API Gateway urls), broke in production (custom domain mappings). Why? Edge endpoints (behind CloudFront) capitalise headers, while Regional endpoints pass them as-is. With HTTP/2 on custom domains requiring lowercase, we suddenly had authorization instead of Authorization. Our authorizer couldnāt find the access token.
The lesson? Always read the docs on differences between configurations and test properly across environments!
2. Which serverless tool or service are you most excited about right now, and why?
Two things have me really excited right now. First, the remote debugging feature in AWS Toolkit for Visual Studio Code (if your runtime is supported). This was always a massive bottleneck during debugging, and having proper remote debugging capabilities changes the game.
Second, the 95% price drop for Amazon Verified Permissions. This is huge for adoption - price was always one of the main bottlenecks preventing teams from implementing proper fine-grained authorisation. Now thereās one less excuse not to use it.
And of course, re:Invent is coming up, so stay tuned for shiny new features!
3. What is your favourite trick or tip when working with serverless that the readers may find interesting?
Blue/green deployments with Lambda versions and aliases. Seriously underutilised but incredibly powerful.
Hereās how we do it: Every Lambda deployment creates an immutable version. I use three aliases:
passive (the newly deployed version being tested)
active (current production)
previously_active (last known good version).
The flow is straightforward: deploy new code and point passive to it, run automated tests against passive without touching production.
If tests pass, switch active to the new version atomically (saving the old one to previously_active). If something breaks? One Terraform apply reverts active back to previously_active. No redeployment needed.
API Gateway always invokes through the active alias, so the switchover is instant and zero-downtime. Weāve automated this entire pipeline with GitHub Actions and Terraform, with built-in safety nets. That previously_active alias has saved us more than once. Simple, fast, and safe - just native AWS features orchestrated cleanly.
ā Bonus tip: join the hashtag#believeinsls discord! There is a community there to answer any questions you may have without getting overzealous on serverless or without judgment! Check it out!ā¦
š§ Tips & Tricks
This weekās tip is from friend of the newsletter Uriel Bitton on LinkedIn:
I love little tips like this, which you can keep in your back pocket, ready for the occasion you have this use case.
š New Releases
Here are the latest and most interesting releases this week in the AWS World:
ā This week, my favourite releases are the two around MCP, as this space still has a barrier to entry in my opinion to productionise:
TwelveLabsā Pegasus 1.2 model now available in three additional AWS regions.
Amazon ECS now supports built-in Linear and Canary deployments.
4 new image editing tools added to Stability AI Image Services in Amazon Bedrock.
Web Grounding: Build accurate AI applications with Amazon Nova models.
The Model Context Protocol (MCP) Proxy for AWS is now generally available.
AWS Serverless MCP Server now supports tools for AWS Lambda event source mappings (ESM).
Amazon S3 adds conditional write functionality to copy operations.
š„ Tip: Check out https://aws-news.com/ for the very latest up-to-date serverless releases as they happen, created by the talented AWS Serverless Hero Luc van Donkersgoed.
āļø Social of the Week
This weekās social is by Dr Milan MilanoviÄ on LinkedIn:
This post might come across a bit harsh at first, but thereās definitely some truth in it. Many of us have been around since before the cloud existed, back when we were buying, unpacking, and racking servers ourselves, and building systems for both the public and private sectors. Over the years, weāve seen plenty of successes, failures, and shifts in technology (and produced content on all of it!).
Itās taught us to be thoughtful about where we take advice from; some of it can do more harm than good. As Dr. Milan suggests, itās always worth doing a quick credibility check before taking anything at face value.
Feel free to leave a comment below.
š·š» Tools & Frameworks
Check out the latest open-source frameworks, news, and tool updates from the past week.
ā This week, AWS Skill Builder released āAWS Card Clashā, which is very cool!
modified-buffers.nvim - A lightweight Neovim plugin to quickly view and navigate to modified buffers in a clean floating window.
AWS Card Clash - AWS Card Clash is a 3D card game that helps learners gain knowledge of AWS Cloud architectures, and provides a new and engaging way to learn about AWS services and solution design.
promptz.dev - V2 of promptz.dev has been released. Discover, create, and perfect prompts, project rules, and custom agents to supercharge your development workflow with Amazon Q Developer.
aws-langgraph-dynamodb-ts - AWS DynamoDB implementation for LangGraph persistence in TypeScript. Provides checkpoint storage, memory store with semantic search, and chat message history.
š Just for Fun
This weekās ājust for funā post is by Nevada Pascolini on LinkedIn:
This made me laugh - surely this canāt happen next!
šļø YouTube & Podcasts
Here are some of my favourite videos and podcasts this week covering serverless, AI, architecture, and software engineering.
ā My favourite video this week was by the Prime discussing AI Browsers and the issues of prompt injection! Very interesting..
Rahul Nath continues his series with āAWS Step Functions in VS Code ā Create, Visualize, and Deploy Easilyā.
Nadtakan Futhoem on the Itās All About Serverless podcast interviews Thelma Laryea on her cloud journey.
The Prime covers āAI browsers are scaryā in this interesting video.
Scott Burgholzer covers āLessons Learned Building a Highly Available Serverless Client Portalā at the AWS Chicago User Group.
Fabrice Bernhard disusses āAI accelerated legacy modernisationā on the DDD Europe channel.
The AWS Developers channel cover āBeginner-Friendly Amazon Bedrock AgentCore & Strands Agents Tutorialā.
Sam Newman discusses āThe AWS Outage Uncovered Something EVERY Developer Should Knowā on the Modern Software Engineering channel.
Ken Hughes has a very interesting conference talk at GOTO Copenhagen titled āConnection is Everythingā (I really enjoyed this one).
Weekly Case Study š
This weekās case study comes from Applaud:
Applaud rebuilt their legacy HR platform with generative AI using Amazon Bedrock to solve the problem of complex, fragmented employee experiences and accelerate innovation.
The new architecture is centred on Bedrock, specifically leveraging Anthropicās Claude Sonnet for conversational AI and Amazon Titan Text Embeddings for semantic search capabilities across their modules. Key AWS services also include Amazon CloudWatch and AWS WAF for security and monitoring, ensuring enterprise-grade resilience and data residency compliance. This transformation resulted in dramatically shortened development cycles, with streaming response times improving from 3-5 seconds to 1-2 seconds and a 2-3x increase in text generation throughput.
š£ļø Inspirational Quotes and Thoughts
This weekās inspirational quote is by Andy Jassy, CEO of Amazon:
āWe want to operate like the worldās largest start-up. That means having a passion for constantly inventing for customers, strong urgency (for most big opportunities, itās a race!), high ownership, fast decision-making, scrappiness and frugality...ā
Andy Jassy, CEO of Amazon
Regardless to the context of AWS or not, I love the sheer focus on innovation, urgency and ownership in this quote; which is a key focus in my AWS teams at Leighton. After years of managing teams I have come to the conclusion that hiring people into small teams who have a key focus on agency and urgency, and removing unwanted process and gates from them, makes for the best teams. Let them get close to the customer, incrementally build, deploy and learn, and empower them to make the right decisions.
What are your own thoughts and experiences of this quote? Feel free to leave a comment below.
š³ļø Poll of the Week
In last weekās poll, we asked the question āDo you actively contribute to open-source projects?ā.
Interestingly, 50% said āyes, sometimesā and the other 50% said āNo". This doesnāt surprise me, as most people I know donāt do any, and then a proportion do a lot of it (no real in between for my immediate circle!)
This week, we ask the question: āHow much of your day-to-day code is generated using AI?ā
Please feel free to leave a comment below on your answer.
š
Serverless Events
The following serverless events are upcoming, so mark your calendars.
ServerlessDays Sao Paulo - 5th Nov 2025
AWS re:Invent 2025 - 1st - 5th Dec 2025
Would you happen to have any upcoming events that you would like to highlight? Message me below!
ā Spotlight
This weekās spotlight falls on AWS Community Builder Suzana Melo!
Suzana is an AWS Community Builder, speaker, blogger, AWS Womenās User Group Leader (Sweden), co-organiser of the AWS User Group SkĆ„ne, former Auckland AWS Tools and Programming meetup organiser and Cloud Native & Platform Engineering Auckland meetup.
Suzana is everywhere right now, appearing on podcasts, YouTube videos, blogs, and talks, with a key focus on women in tech and AWS. The most impressive thing is that Suzana moved into software development in her 40s without a tech background (kudos!), and is supporting others in their journeys.
Thank you for everything you do for our amazing community and for inspiring people based on your own journey with AWS and tech!
Thank you for reading the latest Serverless Advocate Newsletter!
If you want to find out a little more about me, please have a look at:
https://www.serverlessadvocate.com/
See you next time,
Lee
