10 December 2019
Serverless December is here! Cloudflare is hosting us at their offices in County Hall.
We have talks from Sven Sauleau, Ben Ellerby and a reInvent Serverless reCap.
18:30 - Doors Open - Drinks and networking
19:00 - Introductions
19:10 - Sven Sauleau - Lessons learned from building Cloudflare's HTMLRewriter
19:40 - Ben Ellerby - Don't be SecureLess: Best practices for keeping your Lambdas secure.
20:10 - Break
20:30 - reInvent reCap - Talk focusing on reInvent and the serverless announcements
21:00 - End
Sven Sauleau - Lessons learned from building Cloudflare's HTMLRewriter
Sven is currently working on Cloudflare's HTMLRewriter and he'd like to share some of his key learnings and challenges he's come across in engineering this feature.
Ben Ellerby - Don't be SecureLess: Best practices for keeping your Lambdas secure.
One of the benefits of Serverless architectures, and AWS Lambda specifically, is that there is #NoOps required to get your code live. You provide the code and deployment, patching and hardware are abstracted away from you.
The issue is, there is still a server. Hot lambda invocations (invoking the function while the cloud provider has your runtime and code provisioned) can allow information leaking across lambda invocations, networks are still a thing, underlying operating systems change and you’re adding code dependencies.
From experience on several serverless projects, this talk will provide a checklist of security concerns to look out for on Serverless projects. We will cover temporary storage, the granularity of Lambas, IAM policies, observability, API Gateway, and the OWASP Top Ten.
Serverless architectures reduce a lot of the ops and patching work needed to ensure security and availability. That said, they also introduce new attack vectors that are not as well known, simplicity lets you get away without knowing how the underlying machine is working and security basics don’t go away.