Lead Application Developer at Stella Doradus
Tomasz Waraksa Software Engineer, Technology Enthusiast, Photographer. Programmer passionately building software since over 20 years. My experience in software development goes from little pet projects to mission-critical enterprise applications for customers such as MasterCard, Citibank, Qualcomm and Bank of America. Die-hard programmer, coach and mentor with love for simple, elegant and performant code and great software architectures. Big fan of Martin Fowler and Esdger W. Dijkstra. Ready to share the experience by writing tech stories, coaching and training, taking part in tech talks and meetups. In free time I enjoy black-white photography and vintage film cameras, electric guitar, hiking, cycling and all-year sea swimming. I work as independent consultant, based in Europe. Reach me by e-mail at tomasz@waraksa.net and find more content on my blog at https://letsdebug.it. PS. My little photography portfolio can be seen at https://noir-blanc.eu
Stats
Reputation: | 699 |
Pageviews: | 116.2K |
Articles: | 4 |
Comments: | 2 |
Comments
May 16, 2022 · Abhishek Gupta
Hi, thanks for the interesting article. We too are happy with this new functionality. Previously this would require setting up the API Gateway, which was quite complicated.
Nevertheless, I believe that it is a must, to mention the security / cost implications of exposing a lambda function over the HTTP(S). Ignoring this could result in real trouble for those of us who don't have much experience yet with the cloud.
Any lambda endpoint available from the outside world MUST be secured and never available unauthenticated calls, unless one has a multi-million budget to spend. Every call to the lambda will be billed, simple as that. If the word gets out that there's an unsecured lambda endpoint available, brace for the worst. Your monthly bill might come as a shock.
Also, beware of the trap set up by Amazon. In the documentation they mention that you don't have to use the IAM security and instead use your own means of authentication. What they FORGET to mention, is that even if your custom auth code rejects the call with HTTP 401 Unauthorized, they will still charge you IN FULL, for all the incoming calls and resources used.
Source: https://devclass.com/2022/04/12/how-function-urls-simplify-setting-up-an-aws-lambda-endpoint/
More on the pricing pitfalls of the AWS Lambda: https://letsdebug.it/post/34-ddos-as-business-opportunity/
cheers!
Oct 25, 2021 · Blake Ethridge
Thank you, Ingo, I'm glad you enjoyed the article! Have fun with Multipass!