farhad-taran

some times your deployment might be blocked by a audit scan that shows a security alarm for a package that does not have a patch yet. in these instances you probably would like to deploy and wait for patch to become available. the following command can let you bypass the audit step for a specific PR but still allow you to be warned of the issue for the next change. you simply have to make your last commit as skip audit.

 "audit": "yarn audit --level high --groups dependencies; if [ \"$?\" -ge 8 ] && [ -z $(git log --format=%B -n 1|grep \"skip audit\") ]; then exit 1; else exit 0; fi;",

farhad-taran

Refetching items from S3 can be quite memory and cpu intensive, and it can be unnecessary if the item has not been changed since. S3 allows for detecting changes to an item through the use of ETags. In the below code I am using the Etag of an item to see if it has changed since the last time it was fetched, if it was not changed since then the cached version of the item is returned instead.

const cache = new Map();
const eTags = new Map();
async function getObjectWithEtags({bucket, key} = {}) {
  const params = {
 Bucket: bucket,

farhad-taran

The following is a simple in memory cache implementation for the aws lambda environment. be aware that this class will use the memory available to your lambda instance and will be cleared off of any data when all instances of your lambda die off and the cold start cycle begins.

import { CacheItem, IDate } from "./types";

// global variables to hold data between different lambda invokations

global.memCachedItems = {};
global.memCachedItemAges = {};

farhad-taran

I dislike having multiple copies of the same env file, for example when trying to run some integration tests I needed to access the same env variables that I had to load into a lambda resource in terraform.

to make this easier I place the app related env variables in a tfvars file and loop and load them into the lambda env variables like so:

locals {
  node-env     = "test"
  app_env_vars = { 
    for line in split("\n", file("app.tfvars")):
      trimspace(split("=", line)[0]) => trimspace(split("=", line)[1])

farhad-taran

When creating a secret initially, most people tend to first create the secret and then add the value manually, below I demonstrate a way to do all of this in one step:

resource "aws_secretsmanager_secret" "order_status_lambda_debug_api_key" {
  name = "order_status_lambda_api_key"
  # makes sure the secret is immediately destroyed and replaced if new value provided
  recovery_window_in_days = 0
  description = "an api key for the purposes of invoking the lambda and api gateway when debugging is neeeded"
}

farhad-taran

The following terraform script allows us to have incoming api gateway requests be enqueued onto sqs for late processing.

locals {
  api_gateway_name = "order-status-webhooks-gateway"
}

data "aws_region" "current" {}
resource "aws_iam_role" "api" {
  name = local.api_gateway_name

farhad-taran

It might be a good idea to enforce a no merge policy on our main branch so that the system does not experience downtime when staff are not working. this could be late fridays, weekends or on bank holidays.

I have written a small bash script that I can use in our CI jobs, the bash script either succeeds or fails based on wether today is a holiday or a bankholiday. I can then hook this job to github as a required status check. if this status check fails then a merge to main or master wont be possible as that would indidcate that today is a code freeze.

In the following script I am utalizing a public api to get a list of all bank holidays and am checking it against todays date. I am also checking wether today is a friday or a weekend.

The only way to merge a branch is to name it beginning with bug-fix so that critical bugs can be fixed in production.

farhad-taran

Editing json files inline for non technical people could be challening and error prone, therefor we have opted to convert json files to flat file formats comprising of key value, the following script can convert a javascript object to such format:

var o = { 
    foo:"bar",
    arr:[1,2,3],
    subo: {
        foo2:"bar2"
    }
};

farhad-taran

1 - Find all logs for a given request ID or X-Ray trace ID

fields @timestamp, @message
| filter @message like /REQUEST_ID_GOES_HERE/

2 - Find 50 most recent errors

filter @message like /(?i)(Exception|error|fail)/
| fields @timestamp, @message 

farhad-taran

Data events were recently enabled for cloudtrail which can show granular detils about modifications on DynamoDB or S3. this can greatly help when trying to audit data access and for security insights. the following terraform script demonstrates how to achieve this:

data "aws_dynamodb_table" "credential-store" {
  name = "credential-store"
}

resource "aws_cloudwatch_log_group" "infra-audit-data-access" {
  name = "infra-audit-data-access"