Posts Tagged ‘GraphQL’
[NodeCongress2021] From 1 to 101 Lambda Functions in Production: Evolving a Serverless Architecture – Slobodan Stojanovic
Charting a server’s demise unearths tales of unchecked escalation, yet Slobodan Stojanovic’s chronicle of Vacation Tracker—from solitary Lambda to century-strong ensemble—illuminates adaptive mastery. As co-founder and CTO at Cloud Horizon, Slobodan recounts bootstrapping a PTO sentinel for Slack, evolving through GraphQL mazes to serve millions, all while curbing costs under $2K since 2018.
Slobodan’s saga ignites in 2017: hackathon sparks, landing page lures 100+ waitlisters. 2018’s MVP—single Lambda parses Slack commands, DynamoDB persists—morphs via Serverless Framework, then Claudia.js for API orchestration.
Navigating Architectural Metamorphoses
Hexagonal tenets decouple: ports/adapters insulate cores, easing mocks for units. Early monolith yields to CQRS—separate read/write Lambdas—bolstering scalability. GraphQL unifies: Apollo resolvers dispatch to specialists, DynamoDB queries aggregate.
Migrations pivot: Mongo to Dynamo via interface swaps, data shuttles offline. Integrations? LocalStack emulates AWS; CI spins ephemeral tables, asserts via before/after hooks.
Monitoring, Costs, and Team Triumphs
Datadog dashboards query errs; alerts ping anomalies. Bugs bite—Dynamo scans balloon bills to $300/month, fixed via queries slashing RPS. Onboarding thrives: hexagonal clarity, workshops demystify.
Slobodan’s axioms: evolve with scale, hexagonal/CQRS affinity, integration rigor, vigilant oversight. Free webinars beckon, perpetuating serverless lore.
Links:
[NodeCongress2021] Security Testing for JS Apps, Node Congress – Ryan Severns
Application security need not impede developer agility; instead, it can integrate seamlessly into workflows. Ryan Severns, co-founder of StackHawk, presents a streamlined approach to vulnerability detection in JavaScript ecosystems, leveraging automation to unearth issues pre-production.
StackHawk automates dynamic analysis against JS apps and APIs—REST, GraphQL—flagging SQL injections or data leaks via CI/CD scans. On pull requests, scans mimic attacks, surfacing flaws with request/response evidence, expediting triages.
Automating Scans with ZAP Foundations
Built atop OWASP ZAP, StackHawk configures effortlessly for Node.js stacks, scanning SPAs or backends sans code mods. Post-scan, dashboards highlight exploits, with remediation docs and Jira integrations deferring low-risks, respecting only novel threats.
Integrating into DevSecOps Pipelines
Ryan emphasizes workflow harmony: GitHub Actions triggers validate endpoints, blocking merges on criticals while queuing fixes. Free tiers invite experimentation, blending security into Node.js velocity without friction.