Issue #1 – Leak proofing S3 buckets – F1 + AWS – NanoID

Issue #1 – Leak proofing S3 buckets – F1 + AWS – NanoID

Aobakwe Kodisang
February 14, 2023
Blog cover image

Issue #1 – Leak proofing S3 buckets – F1 + AWS – NanoID

For the teams of developers/creators worldwide, there’s no doubt that the last 2 years have propelled us ten years into the future.  There is a lot to explore and break down.

This will hopefully be a newsletter that generates the insights you need as a developer to stay on pace with the fast-moving world we find ourselves living in today.

  • Weekly format, consolidating everything from the last week.
  • Short-form to work around busy client meetings, stand-ups and most importantly, building.
  • Whether you are just getting started as a grad or are an industry veteran, the biggest goal of the newsletter is to educate.

<1/> Leak proofing S3 buckets

Extending your application’s capabilities is a lot easier today because of the cloud. It has allowed developers to move so much faster. But with that power comes great responsibility, which hasn’t been fully understood and resulting in the poor implementation of these technologies.

In the last week, news broke, thousands of sensitive documents on a public s3 bucket owned by Backnine (insurtech startup) were exposed.

AWS S3 service is one of the more widely used services in the AWS ecosystem. From analytics, hosting to disaster recovery and backup. Incidents like the BackNine breach more than they should. Resulting in S3 being the biggest culprit in several major data breaches found in the past.

With regulations like GDPR and POPI popping up worldwide, it is more important than ever that teams enforce best practices in the cloud. Here are a few ways you could start implementing:

  • Ensuring the correct bucket policies should be the easiest to carry out, given private access is set by default upon creation. Only those granted access would be able to interact with your bucket.
  • If you read the official documentation implementing least privilege access would be the next step, if not enforced for all permissions in the cloud. Users are assigned permission to resources and actions in s3 as they are needed.
  • In the same way, you would store user passwords; you would store your objects by enabling encryption on your bucket. This will add an extra layer of protection to the data sitting in the bucket and can be performed on both the client and server.

You can do other things to make interacting with s3 more secure, like setting up Cloud Trail logs to track events (e.g. GetObject) or enabling MFA, Versioning or VPC endpoint access. Read more about it here.

F1 engineering using cloud computing

However, the world of motor racing might not be for everyone, however, reference the technology working behind the scenes, and you catch the attention of cloud enthusiasts everywhere.

To summarise, F1 machines produce a lot of unwanted air due to concepts in aerodynamics and the way the vehicles are designed. That air makes it more challenging for the person behind. The closer they get to the vehicle in front, the more downforce is lost (the force that keeps the car to the ground).

This is not what you want when trying to formulate a more competitive, wheel to wheel racing experience. The F1 team sort out to redesign the base of the car using Computational Fluid Dynamics (CFD).

It’s all explained in this video, but in short, CFD requires heaving computing to do what it does (simulations). With 2,500 compute cores provided by AWS, the F1 team could reduce four days per compute cycle to just 6-8 hours.  

Inside the console

The AWS console hosts a huge number of managed services, 200 to be exact. Every week we look at one and give a brief breakdown. Taking you from a novice to a console hero.

Communication is key when designing a robust and scalable microservice. Operations (like order hand-bag) are carried through messages and powered by middleware that intercepts those messages to perform actions (check stock, etc.).

Amazon MQ is a managed service that hosts two messages-brokers Apache ActiveMQ and RabbitMQ. These protocols don’t require the client and server to be available simultaneously for communication to happen.

Instead, the broker will take any incoming messages and them to a queue. MQ makes it simpler to set up and maintain your broker. Here’s an in-depth article if you considering adopting one in your system.

Geeking it up

The idea of #Geeking-it-up in the engineering ecosystem is about sharing. Whether it’s open-source tech, articles or events, every week, we will take those picks and share them here.

Why is NanoID replacing UUID

There’s a new kid on the block; it’s smaller, faster, more portable and has been around long enough to warrant some serious bragging rights. NanoID is a tiny, secure, URL-friendly, unique string ID generator for Javascript libraries.

From use cases in auth to labelling, UUID, which Microsoft developed in the 1980s, has long been the unique identifier for developers. This article details why that could be changing.

Async do

Check out this proposal for self-invoking functions in Javascript. Building of another proposal for the do expression. (cleaner code and better looking React useEffect hooks


As seen on FOX, Digital journal, NCN, Market Watch, Bezinga and more

Scale your development team
faster with

Get in touch and let's get started
Book a Demo