Blog Posts

AWS Lambda makes it easy to build serverless apps—but security is often an afterthought. This post covers 14 real-world Lambda security best practices, from input validation, secret management, and least-privileged IAM to tenant isolation and safe logging. Backed by years of hands-on experience and aligned with OWASP Serverless Top 10, it includes a downloadable checklist to help you secure your functions from day one.

learn best practices for crafting effective prompts, integrating organizational context with MCP, avoiding common pitfalls, and scaling AI workflows across teams. Discover how to build faster, smarter, and safer with agentic AI—without losing your engineering edge.

learn how to build a secure, governed foundation for AI adoption using three key building blocks: a centralized prompt library and CLI, MCP server blueprints, and connectors to organizational data. Discover practical strategies to enable architecture reviews, code transformations, and design generation—all while aligning with security and platform standards.

Maintaining production systems is hard—bugs happen, and reacting late can cost you. AWS CloudWatch Synthetics offers a proactive way to catch issues before your users do by simulating real user actions. In this post, guest author Tom Nachum from CyberArk shares how his team uses synthetic canaries to monitor critical business flows, detect failures early, and boost reliability. Learn how to implement, schedule, and debug canaries with ease using AWS tools.

I attempted to run an MCP server serverlessly on AWS Lambda using FastAPI, FastMCP, and the Lambda Web Adapter. While it technically worked, the developer experience was rough—cold starts were slow, observability was limited, and testing was clunky. Compared to my experience building with Bedrock agents, this felt like a step backward. MCP is promising, but today, running it on Lambda isn’t production-ready. Here’s my full breakdown and thoughts.

In this post, you'll learn how to use AWS Lambda functions as both data sources and event handlers for publish and subscribe actions in AWS AppSync Events. We’ll walk through setting up a namespace, wiring direct Lambda integrations using CDK, and handling real-time events with Powertools for AWS Lambda. This approach gives you full control, observability, and flexibility—all while keeping your WebSocket architecture serverless and scalable.

This post walks through building a stateless Model Context Protocol (MCP) server on AWS Lambda using Streamable HTTP—no custom bridges or transports. It explores MCP internals, tool/resource definitions, deployment with API Gateway, and local testing with stdio. Learn how Agentic AI Assistants leverage MCP to execute actions with real-time context, and how this protocol simplifies integration across diverse systems.

Stop building internal tools nobody wants. Platform engineering tips to boost adoption, DevX, feedback, and internal open-source mindset

Discover how AWS Service Catalog helps Platform Engineers balance flexibility, security, and governance—transforming delivery at scale

Avoid common AWS Serverless architecture pitfalls! Learn 5 outdated patterns & the best practices to replace them for better services

Fell for a phishing attack using social engineering? I did—almost. Here’s how it worked, the tech behind it, and tips to stay safe.

Learn how to simplify AWS security, manage WAF rules, and enforce policies across accounts with AWS Firewall Manager, with AWS CDK code

Review the year 2024 from my personal perspective and how to become a guest writer on my website

learn about AWS Web Application Firewall (WAF) and use CDK code to protect an REST API served by an API Gateway and enable metrics and logs

AWS re:Invent 2024 exciting new services and features launched from a Serverless developer perspective.

AWS AppSync Events lets you broadcast realtime data with Serverless WebSockets. Learn how it works, use cases and diff from API GW Websocket

Learn about the AWS Web Application Firewall (WAF), what it is for, tips, and insights for visibility, ownership, governance and more

learn about AWS availability zones, what they are, why they are essential for SaaS Resilience and uptime

In this post, you will find my opinionated list of AWS re:Invent sessions that I found relevant to Serverless or highly interesting

my top tips for making the most out of the AWS re:Invent conference while navigating it like a pro.

In this post, I will share my thoughts about AWS Lambda extensions, the good and the bad, and when you should use or should not use them

Build a secure Fargate ECS cluster with an application load balancer and a web application using Python CDK code.

Reflect on the current state of serverless, share my thoughts about articles from the community, and discuss the future of serverless

Learn how SQS FIFO works and achieve optimal throughput with detailed insights and CDK TypeScript code examples.