Week 3

Week 3 at Strastan

This week was all about locking down our backend authentication, authorization, and event orchestration took center stage. We worked from the school’s computer lab since our usual rooms were reserved for graduation prep, but that didn’t slow us down.

We finalized the Cognito User Pool setup and wired in Lambda functions for sign-up and user retrieval. The authorizer was integrated to guard protected routes, and CDK deployments finally hit zero remaining tasks. From there, we refined the registration flow to encrypt user profiles post-confirmation and validated everything through Postman.

Midweek, we shifted focus to IAM roles and EventBridge. Each Lambda was scoped with least-privilege permissions, and we spun up a custom event bus with filtering rules to ensure only trusted events were processed. CORS policies were enforced, and API Gateway endpoints were hardened to reject unauthorized requests.

By Friday, we had a fully secured backend: tokens were validated, routes were protected, and logs confirmed everything was behaving as expected. Final touches included CORS headers and a full audit of EventBridge activity.

Reflections & Challenges

Securing a cloud backend isn’t just about writing code it’s about understanding how every piece fits together. IAM roles, token validation, and event filtering all require precision and patience. This week taught me how to think like a security architect while still moving fast as a developer. It’s satisfying to know our backend isn’t just functional it’s fortified.


Comments

Post a Comment

Popular posts from this blog

Week 5

 Week 5 at Strastan This week was all about chasing down bugs, securing credentials, and finally watching our LinkedIn OAuth2 flow behave like it was supposed to. Between graduation prep buzz and lab sessions, I managed to wrestle the last pieces of the integration into place.  Thoughts OAuth2 sounds simple until you’re knee-deep in token exchanges, redirect URLs, and CSRF protection. Getting /linkedin/auth to return a clean 302 felt like a small victory especially after hours of decoding CloudWatch logs and patching handler logic. Once the callback started accepting both GET and POST, parsing the authorization code, and saving tokens to DynamoDB, it finally felt like the system was breathing on its own. Adding the state parameter was a turning point. Encoding the Cognito ID and nonce, storing it with a TTL, and validating it on callback made the whole flow feel airtight. And pulling user profile data from LinkedIn’s /v2/userinfo endpoint? That was the cherry on top. Ch...
Read more

Week 7

 Week 7 at Strastan This week was a full-on backend workout no WFH distractions, just focused days in the campus lab filled with debugging, deploying, and finally watching things click into place. Thoughts It’s wild how much goes into making a system feel “secure.” Swapping hardcoded LinkedIn credentials for Secrets Manager wasn’t just a cleanup it was a mindset shift. Suddenly, every token, every permission, every authorizer felt like part of a bigger trust chain. And once we saw the OpenID flow working end-to-end, it felt like unlocking a new level of backend maturity. The Content Calendar orchestration was another eye-opener. Building the LinkedIn Publisher Lambda to consume SQS messages and trigger updates across DynamoDB and EventBridge made me realize how powerful and fragile event-driven systems can be. One misnamed field or missing IAM permission, and the whole flow breaks. But when it works? It’s magic. Challenges Migrating the repo broke more things than expected C...
Read more