Chapter 7Serverless Security

Building secure software systems is hard. One of the things that makes it hard is that it’s difficult to know when you’ve got it right. Conversely, it’s sometimes embarrassingly easy to figure out if you’ve got it wrong: just put your service on the Internet, wait, and pay attention.

In this chapter, we’re going to start by reviewing some basic rules for keeping your AWS account secure. Then we’ll spend the rest of the chapter examining some common attacks that can be used against serverless web applications. We’ll see how attacks work and what we can do to prevent them. Hopefully, by understanding the specifics of these attacks, you’ll be able to see the vulnerabilities in your own applications and find ways to ...