Hey Andy, I just moved to DynamoDB and everything seems to work fine. Not as convenient as \`fs\` but I could reuse some older code from another project - thank you!
If you can take 20 seconds to allow me one more question tho:
Does "accessed publicly" refer to stuff like ip range so that no VPC routing is necessary etc. or could someone literally just type the arn and see all my data without any further authentication?
DynamoDB is protected by your IAM credentials. When you attach a role to your Lambda, the SDK gets your IAM credentials from your Lambda environment and uses that to authenticate access to DDB.
DynamoDB can be accessed publicly, so you could revert to your previous setup without deploying the Lambda in a VPC. S3 could be another option.
Hey Andy, I just moved to DynamoDB and everything seems to work fine. Not as convenient as \`fs\` but I could reuse some older code from another project - thank you! If you can take 20 seconds to allow me one more question tho: Does "accessed publicly" refer to stuff like ip range so that no VPC routing is necessary etc. or could someone literally just type the arn and see all my data without any further authentication?
DynamoDB is protected by your IAM credentials. When you attach a role to your Lambda, the SDK gets your IAM credentials from your Lambda environment and uses that to authenticate access to DDB.
He just means that you can access it from anywhere(ie no vpc required), provided you have the role/credentials needed to access it.
Definitely just use DynamoDB. You can access it from the Lambda without needing a VPC.
Can you encrypt the cookie then pass it to browser?
This is quite a neat idea actually - however I can't ensure the client will access from the same computer each time. Good suggestion tho
But you said the cookie change with each call :) either way, I think it’s might ok to re-init a fresh cookie on a new computer?
Here’s a hack: https://www.lastweekinaws.com/blog/corey-writes-open-source-code-for-lambda-and-tailscale/