Skip to content

Blog

Bespoke CloudFront Edge Metrics

Albatross flight path

When I migrated the Speedrun API from API Gateway to CloudFront, I lost an important latency metric; End-to-End (E2E) API latency. Detailed CloudFront metrics provide this latency metric and a few others, but I was curious to see if I could get more granular. Could I get realtime origin latency by edge location, software version and whether there was a coldstart? Kind of. In this post, I'll show how I used CloudFront Functions and the Embedded Metrics Format (EMF) to obtain more insight into my end user latency.

Using DynamoDB as a Secrets Manager

A wizard keeping a secret

What if I told you you could build a serverless secrets manager with a similar security footprint to AWS Secrets Manager, but with a fraction of the cost, better scalability and better latency? With the release of DynamoDB table resource policies in March 2024, this became much easier. In this post, I describe how I reduced the cost of storing secrets to ~zero and improved the latency to get secrets by almost 50% by switching to DynamoDB.

Using CloudFront as a Lightweight Proxy

Weary traveler staring out onto the edge of space (Golden Axe loot goblin done by bubu https://www.pixilart.com/art/dwarf-thief-748edcc7366e6d8)

In the last post, I explored using CloudFront Functions as a blazing fast API that ran on the edge. Since then, I've learned a lot more about CloudFront, SigV4 and Origin Access Control (OAC). This led me to some discoveries on how to use CloudFront as a lightweight proxy for S3 and Lambda. In this "loot drop", I'll detail how to use CloudFront to read and write directly to S3, create a url bookmark service and send PUT and POST requests to an IAM protected Lambda Function Url.

Using CloudFront functions as a REST API

Weary traveler staring out onto the edge of space

While writing an AWS Step Function, I needed to sort an array of objects by an object path -- something that was beyond the ability of the built-in intrinsic functions. It was easily done with a Lambda, but that struck me as overkill. Could I use something lightweight like CloudFront functions? Yes! In this post, I'll show how I use CloudFront as a performant, inexpensive REST API that runs on the edge.

Bifurcating Lambda Logs

Log with bytes streaming out of it

It is common to emit two log types; application logs and request logs from a service application. In EC2, ECS and Fargate these logs can be pumped to separate CloudWatch Log Groups using the CloudWatch Agent, FireLens and FluentBit. Unfortunately in Lambda, these logs can only go to one log group. In this post, I explore a method for pumping request logs to a separate log group to workaround this Lambda limitation.

AWS Lambda Request Timeline

Samuel Johnson

Have you ever thought you understood the timeline of a request in AWS Lambda only to stare at your logs and traces and find out that you didn't? The official documentation has diagrams that look pretty, but don't convey everything that is important. In this post I'll present the infographic I use to understand what Lambda is doing and what is and isn't in the logs.

Coldstarts with the AWS Javascript 3.502 SDK

Drift car without doors

In November 2023, I noticed Lambda coldstarts were 40 ms - 300 ms slower because they unnecessarily loaded the SSO credentials provider. I cut a GitHub issue which was closed with wontfix. Fast forward to January 29, version 3.502 of the AWS JavaScript SDK was released to lazy load non-essential credentials providers. This is a big win, but you can still squeeze out more performance. In this post I'll show you how to make your coldstarts 35 ms faster.

2023 year in review

A long tail

I'm writing this year in review because it takes discipline, something I don't have. Also, reflecting on oneself allows you to ask the hard questions like "What does my tail look like and is it acceptable?"

Why I'm spicy about Lambda coldstarts

Spicy Coldstart

Big coldstart will try anything. It’s bikeshedding. Git gud. Negligible at scale. Use the AWS SDK v3. Read this blog. Just use provisioned concurrency.

But the truth is, we aren’t holding it wrong and coldstarts aren’t all your fault. In this post, I fail to stay frosty. In fact I get spicy, and make the case that we shouldn’t lay off the pepper until we stopped getting blamed for AWS’s coldstart problem.