Posts tagged cloud

Connecting Block Business Units with AWS API Gateway

Block operates a service mesh with SPIFFE-compatible identity for backend workloads. We recently implemented a system to onboard acquisitions to connect with the service mesh: Connecting Block Business Units with AWS API Gateway.

Bridging Security Infrastructure Between the Data Center and AWS Lambda

Last week I was able to present at Black Hat USA about infrastructure security work supporting Lambda. Abstract and slides are available here. The talk is partially based on two posts on the Square developer blog: Providing mTLS Identities to Lambdas and Expanding Secrets Infrastructure to AWS Lambda.

Update: talk video available

Using Lambda extensions to accelerate Secrets Manager access

AWS Lambdas have recently been extended with a new feature that adds a runtime environment before a Lambda is executed: Lambda extesions. We have published a writeup on the Square Developer blog how we trialed this technology before it was generally available to prefetch secrets from Secrets Manager: Using AWS Lambda Extensions to Accelerate AWS Secrets Manager Access. This work has also been covered in the AWS Compute Blog.

Providing mutual TLS Identities to AWS Lambdas

AWS Lambdas have no built-in mechanism for mutual TLS identity - so at Square we built a system that issues SPIFFE-compatible identity to them so they can connect to our service mesh. The writeup is hosted on the Square Developer blog: Providing mutual TLS Identities to AWS Lambdas.

Browse all articles.