A New Serverless Look

Until recently, I had no reason to build anything elaborate with a serverless architecture. Yet it's everywhere now! There's Amplify, Netflify, JAM, SAM, lambdas, workers and more to learn about.

A few weeks ago on another stuck-inside pandemic Saturday, it felt like a good time to experiment with Gatsby. The documentation is great, and there are plenty of articles and great community resources available. I wanted to find a theme or examples of pulling in Markdown files which I'd populate the files with notes, code snippets, and other handy references I've collected related to infosec recently. Then over time maybe dig through years of scattered snippets of knowledge that I find myself reaching for, like "that link to a presentation about the history of browser privacy standards that I know I saved somewhere!!!" among other greatest hits.

The Quick Start in the official docs provided an easy cli installation and familiar directory structure. There were obvious examples of things like images, links, some available globals if needed, and a sense of how data is meant to flow. Also an SEO component making metadata generation easy. Nice.

I hopped over to GitHub and set up my repo and local remotes. Next up, AWS. I started with a private S3 bucket to host the static site behind a Cloudfront distribution and a new IAM user for GitHub Actions. This series of tutorials was a great simple walkthrough, though I opted to write the GitHub Action to deploy myself rather than use the library suggested by the article. Once things looked good on Cloudfront, I added a Lambda@Edge function to restrict access for now. Then it was back to the look and feel. I read a bit about themes and plugins, and started looking around.

*Fast forward to the following weekend*

Along came this great code notes theme! Perfect. A .dev TLD seemed appropriate, which led to ICANN and a great read on Internet history and the origins of the HSTS preload list, aka why .dev (and some other sites and TLDs) are https-only.

Since I didn't purchase the domain name through AWS, I had to create a Hosted Zone and point the domain's nameservers to the values displayed in Route 53. I requested a certificate in AWS Certificate Manager and added the values for CNAME verification into Route 53. The final step was attaching it to the Cloudfront distribution along with adding CNAMEs in Cloudfront as Alternate Domain Names. Here's a nice write up on some of these steps.

I pushed a test commit to ensure my GitHub Actions pipeline still worked. All good. Then a few finishing touches, a few new notes, and off came the authorization lambda! Not bad for a couple of afternoons. Thanks to the Gatsby community, the theme author, and all the other resources noted. I almost forgot, you can see it at https://joemerante.dev!

Popular posts from this blog

Thinking About BIPA and Machine Learning

Changing PDF Metadata with Python

Private Enough