A New Serverless Look

-
(Update 3/20/2024: If it ain't broke, do the classic developer thing and rebuild it! I've taken the site described below offline, and moved its posts here.)

Until recently, I had no reason to build anything elaborate with a serverless architecture. Yet it's everywhere now! There's Amplify, Netflify, JAM, SAM, lambdas, workers and more to learn about. A few weeks ago on another stuck-inside pandemic Saturday, it felt like a good time to experiment with Gatsby. The documentation is great, and there are plenty of articles and great community resources available. I wanted to find a theme or examples of pulling in Markdown files which I'd populate the files with notes, code snippets, and other handy references I've collected related to infosec recently. Then over time maybe dig through years of scattered snippets of knowledge that I find myself reaching for, like "that link to a presentation about the history of browser privacy standards that I know I saved somewhere!!!" among other greatest hits.

The Quick Start in the official docs provided an easy cli installation and familiar directory structure. There were obvious examples of things like images, links, some available globals if needed, and a sense of how data is meant to flow. Also an SEO component making metadata generation easy. Nice.

I hopped over to GitHub and set up my repo and local remotes. Next up, AWS. I started with a private S3 bucket to host the static site behind a Cloudfront distribution and a new IAM user for GitHub Actions. This series of tutorials was a great simple walkthrough, though I opted to write the GitHub Action to deploy myself rather than use the library suggested by the article. Once things looked good on Cloudfront, I added a Lambda@Edge function to restrict access for now. Then it was back to the look and feel. I read a bit about themes and plugins, and started looking around.

*Fast forward to the following weekend*

Along came this great code notes theme! Perfect. A .dev TLD seemed appropriate, which led to ICANN and a great read on Internet history and the origins of the HSTS preload list, aka why .dev (and some other sites and TLDs) are https-only.

Since I didn't purchase the domain name through AWS, I had to create a Hosted Zone and point the domain's nameservers to the values displayed in Route 53. I requested a certificate in AWS Certificate Manager and added the values for CNAME verification into Route 53. The final step was attaching it to the Cloudfront distribution along with adding CNAMEs in Cloudfront as Alternate Domain Names. Here's a nice write up on some of these steps.

I pushed a test commit to ensure my GitHub Actions pipeline still worked. All good. Then a few finishing touches, a few new notes, and off came the authorization lambda! Not bad for a couple of afternoons. Thanks to the Gatsby community, the theme author, and all the other resources noted. I almost forgot, you can see it at https://joemerante.dev!

Popular posts from this blog

A Privacy Engineer's Guide to the EU AI Act

-
Image
I've been thinking about the ways the EU AI Act's requirements fit within existing privacy review or software development processes more generally. After the past few years of gradually improving data governance practices thanks to GDPR and other sources, tossing in a few more compliance requirements shouldn't be a big deal, right? Here are some answers and plenty of references for those who are just getting started. What is it? The EU AI Act is a risk-based framework for evaluating creation, use, and deployment of models. Some uses of AI are strictly prohibited, while requirements for others vary. Here's the raw text and a helpful AI Act Explorer .  Obligations are based primarily on whether you're a provider (of a general-purpose AI system) or deployer. (Definitions here .) It will be interesting to see where the line is drawn between provider and deployer; in other words, whether a deployer can modify a general purpose system enough to become a provider. Jurisdi...
Read more

Changing PDF Metadata with Python

-
While updating a pdf recently, I noticed some metadata I wanted to change and a few annotations that were hidden from view but still in the file. However, the "Get Info" pane in Preview on OS X doesn't provide a metadata editor, nor does its Export function, so it seemed like a good opportunity to learn a bit more about the PDF standard and Python packages for getting the job done. Adobe Acrobat or other GUI's would've been much faster, but I'll likely need to do this programmatically again at some point like those of you who might've found this post by looking on your favorite privacy-preserving search engine for "change pdf metadata in python". So here we go. Before starting, I hopped into a new folder and created a git repository with a first commit of my original pdf in case anything went wrong. Then I ran conda create --name pdf --python=3.8.1 and conda activate pdf to set up an Anaconda virtual Environment named pdf to keep my work is...
Read more