One of the main reasons for moving to a Serverless architecture is the security benefit of not managing a server. But just because you don’t have to worry about patching security updates, it doesn’t mean you don’t have to consider security ever.
In this two part series James Beswick shows you how to build a solid security foundation for your application. In part 1
, he outlines the Shared responsibility model, the principle of least privilege, and some basics on IAM policies.
In part 2
, he talks about securing workloads with public endpoints, different authentication and authorisation options (such as Cognito), and different approaches to exposing APIs publicly.