Week 4

 Week 4 at Strastan

This week was all about securing the GenAI backend from user authentication to event-driven architecture. With our usual OJT rooms occupied for graduation rehearsals, we worked from the school’s computer lab, which turned out to be the perfect base for rapid iteration and testing.

We finalized the Cognito setup, deployed Lambda functions for sign-up and user retrieval, and integrated a custom authorizer to protect sensitive routes. The registration flow was refined to encrypt user profiles post-confirmation, and token validation was tested thoroughly using Postman.

Midweek, we shifted gears to IAM and EventBridge. Each Lambda was scoped with least-privilege access, and a custom event bus was deployed with strict filtering rules to ensure only trusted events were processed. CORS policies were enforced, and API Gateway endpoints were hardened to reject unauthorized requests.

By Friday, we completed a full security audit verifying token behavior, reviewing logs, and confirming that every route and event trigger was locked down. The campus lab’s fast network made redeploys smooth, and the environment helped us stay focused despite the graduation buzz around us.

Reflections & Challenges

Securing a cloud backend isn’t just about writing code it’s about understanding how identity, permissions, and event flows interact. This week taught me how to think like a security architect while still moving fast as a developer. From IAM tweaks to token validation, every fix made our system stronger. Week 4 ended with a backend that’s not just functional it’s fortified and future-ready.


Comments

Post a Comment

Popular posts from this blog

Week 3

Week 3 at Strastan This week was all about locking down our backend authentication, authorization, and event orchestration took center stage. We worked from the school’s computer lab since our usual rooms were reserved for graduation prep, but that didn’t slow us down. We finalized the Cognito User Pool setup and wired in Lambda functions for sign-up and user retrieval. The authorizer was integrated to guard protected routes, and CDK deployments finally hit zero remaining tasks. From there, we refined the registration flow to encrypt user profiles post-confirmation and validated everything through Postman. Midweek, we shifted focus to IAM roles and EventBridge. Each Lambda was scoped with least-privilege permissions, and we spun up a custom event bus with filtering rules to ensure only trusted events were processed. CORS policies were enforced, and API Gateway endpoints were hardened to reject unauthorized requests. By Friday, we had a fully secured backend: tokens were validated, ...
Read more

Week 5

 Week 5 at Strastan This week was all about chasing down bugs, securing credentials, and finally watching our LinkedIn OAuth2 flow behave like it was supposed to. Between graduation prep buzz and lab sessions, I managed to wrestle the last pieces of the integration into place.  Thoughts OAuth2 sounds simple until you’re knee-deep in token exchanges, redirect URLs, and CSRF protection. Getting /linkedin/auth to return a clean 302 felt like a small victory especially after hours of decoding CloudWatch logs and patching handler logic. Once the callback started accepting both GET and POST, parsing the authorization code, and saving tokens to DynamoDB, it finally felt like the system was breathing on its own. Adding the state parameter was a turning point. Encoding the Cognito ID and nonce, storing it with a TTL, and validating it on callback made the whole flow feel airtight. And pulling user profile data from LinkedIn’s /v2/userinfo endpoint? That was the cherry on top. Ch...
Read more

Week 7

 Week 7 at Strastan This week was a full-on backend workout no WFH distractions, just focused days in the campus lab filled with debugging, deploying, and finally watching things click into place. Thoughts It’s wild how much goes into making a system feel “secure.” Swapping hardcoded LinkedIn credentials for Secrets Manager wasn’t just a cleanup it was a mindset shift. Suddenly, every token, every permission, every authorizer felt like part of a bigger trust chain. And once we saw the OpenID flow working end-to-end, it felt like unlocking a new level of backend maturity. The Content Calendar orchestration was another eye-opener. Building the LinkedIn Publisher Lambda to consume SQS messages and trigger updates across DynamoDB and EventBridge made me realize how powerful and fragile event-driven systems can be. One misnamed field or missing IAM permission, and the whole flow breaks. But when it works? It’s magic. Challenges Migrating the repo broke more things than expected C...
Read more