Amazon Web Services isn’t just one of the top cloud platforms, it also innovates and adds new services and features at a breakneck speed. In our recent webinar on AWS developer trends, Pluralsight author and AWS expert Ryan Lewis shared an update of the newest services on AWS and how to keep up with upcoming releases. Developers had questions about the AWS Certified Developer Associate Exam, AWS Secrets Manager and more. Read below for Ryan's insights.
Is Secrets Manager now a viable alternative to replace AWS Cognito for client-side authentication?
AWS Secrets Manager is one of my favorite new services released on AWS this year. It solves a problem that has never had a great solution: how to securely store sensitive secrets and retrieve them for your applications. Secrets Manager now allows you to securely store those secrets and give access to them via permissions in IAM. Database credentials, hosted in RDS or elsewhere, can also be managed with Secrets Manager and be rotated automatically according to a configured time interval.
Cognito is useful for generating temporary credentials, ideally for a client-side user, that will then expire and be unusable. When you’ve got a primarily client-side application where you want to give a user access some sensitive services like an API or DynamoDB, Cognito is the best way in AWS to manage that access.
Secrets Manager is different than Cognito, because the secrets/credentials that it stores need to be kept secret and shouldn’t be sent to the client. Examples of things that are in Secrets Manager are authentication keys to other services or database credentials. While it is a best practice to change these every few months, you don’t want anyone to know these secrets, especially not your users. Only your server-side application will retrieve and use these secrets from Secrets Manager.
To put it simply, use Secrets Manager for credentials your application will use, and Cognito for temporary credentials your users will use.
Do your courses cover the Beta exam blueprint, which I'm guessing is going to be the actual exam in fall?
The AWS Certified Developer Associate Exam will be receiving a refresh later this year with all new knowledge domains. The new exam covers most of the same domains that the current exam covers, but there are new topics such as Serverless Architecture and Monitoring. There’s no published date when the new exam will be live, but a beta was completed in March 2018, so I’d agree that Fall 2018 looks like an optimal time for it to be released.
I’ve published three courses that establish the framework for the AWS Certified Developer Path on Pluralsight. These courses focus on topics that will be on both the current exam and the new exam. I’ll be publishing an additional course that will address the content added for the new exam. Once this course is published, it should provide good preparation for the upcoming exam and also keep you current with the newest techniques for AWS development.
Is the AWS Developer: Getting Started course good for someone who has no knowledge of AWS or are there any prerequisites?
If you are completely new to AWS, or just want a refresher, it might be even better to take an hour out of your day and watch my AWS Developer: The Big Picture course. This is a high level course that takes explains what AWS is and how the cloud works. There’s no demo project for this course—it’s mainly just slides and explanation. Because it's much shorter than the Getting Started course, it’s easy to run through it first. Additionally, I think the repetition of some of the concepts might make it easier for you to retain knowledge during the Getting Started course.
What is your general opinion regarding Elastic Beanstalk? I had really bad experiences using it to build an API.
Elastic Beanstalk is an application service in AWS that handles running an application. It does things like sets up load balancers, provides application platforms on instances, and auto scales your application according to rules you can configure.
I have mixed feelings about Elastic Beanstalk. To give you some background for my comments, I’ve been using Elastic Beanstalk consistently for applications at both Expedia and Kuali over the last four years. While there are definitely some gotchas with setting up an Elastic Beanstalk application, the stability and convenience of everything it does makes it a no-brainer for enterprise use. Trying to set up everything that Elastic Beanstalk does for you by hand would be error prone and inconsistent. It just makes sense to use Elastic Beanstalk if you want to run a web application in AWS.
So, what’s wrong with Elastic Beanstalk? Well, there are weird specifics to running your application on the service that aren’t well documented. Initially, getting your application running correctly on Elastic Beanstalk can be a frustrating case of trial and error that may make you just give up. Once you get everything working, you’ll find that while Elastic Beanstalk makes deployments safe and organized, it can take an awful long time to deploy your application. Provisioning of the new instances, copying over your code, and getting them attached to the load balancer takes more time than I think it should. I still think the benefits outweigh the complaints, and so even with these issues I would still recommend using it if you need to run a web application.
That said, using a server for your application or API has really become optional these days. I’ve used AWS Lambda with API Gateway for building APIs recently, and I’ve found them to be far superior to a heavy web application on Elastic Beanstalk. I would look into Lambda to see if it fits your use case and consider going serverless for your API.
Which AWS service would be most similar to Heroku or Google App Engine? (PaaS) Would you recommend AWS for this?
Heroku and Google App Engine are great application services that let you focus on writing your code, and it manages a lot of the infrastructure of running your app for you. They also have handy CLI tools that make creating and deploying your app convenient.
AWS has a similar service called Elastic Beanstalk. It lets you just upload your code and manages all of the scaling and infrastructure for you. You can see some of my comments about the service in the previous question, but I would definitely recommend using AWS for this use case. While Heroku and Google App Engine are also good services, I prefer both Elastic Beanstalk and the other AWS services that I can seamlessly interact with from my apps. AWS has a convenient Elastic Beanstalk CLI, which gives you the same experience for deployment as you may have seen with Heroku or Google App Engine.