How To Dev

Introduction In the previous article, I provided instructions on using NestJS with JWT, and you may also realize that if you use JWT, once a token is issued, it cannot be revoked. This means that if you have a token that hasn't expired yet, you can continue to use the service. For small systems that do not prioritize security, this might not be a major issue and can be simply resolved by deleting the token from the frontend when the user logs out. However, if you need to build a system with extremely high security, where the token must be invalidated upon logout so that no one can use it to access the service, this article will guide you through how to achieve that. To do this, we will use Redis (which I have already guided you on in this article) to store tokens that have not expired but are requested to be deleted. The storage duration for these tokens will be exactly the time remaining until they expire. Thus, after applying Redis, the operation of tokens will be as follows: If ...

Introduction In my previous article, I provided instructions on using lambda to implement a function to resize images on demand; now, I will provide instructions on deploying a docker image to lambda. The advantage of using Lambda is pay on demand, suitable for types of projects newly released in the early stages when there are not yet many uses; deployment with Lambda helps simplify the process for the dev team to focus on feature development; resource management will be managed by AWS, and will automatically scale according to user usage needs. Detail Using AWS CDK, create the file lib/deploy-lambda-stack.ts import * as cdk from "aws-cdk-lib" import * as ecr from "aws-cdk-lib/aws-ecr" import * as iam from "aws-cdk-lib/aws-iam" import * as lambda from "aws-cdk-lib/aws-lambda" import { Construct } from "constructs" export class DeployLambdaStack extends cdk . Stack { constructor ( scope : Construct , id : ...

Introduction Current issues In previous articles, I have provided instructions on using AWS access key and secret key to utilize Amazon services, but there is an issue where these keys do not have an expiration time. Thus, if your keys are somehow leaked, an attacker can use them for as long as they want until you can detect and delete these keys. This is a user-side issue, but there are still ways to limit the impact of this by granting temporary keys during use. Naturally, these temporary keys will have a short lifespan (about a few hours, or you can change the duration to suit your security level). Therefore, even if this key is leaked, an attacker only has a limited amount of time to use it before the key expires. If you are a member created by IAM Identity Center, you are already supported with permission management and integrated security measures during use. However, if you are using a personal account or have the rights to create an IAM User, there are s...