Show HN: Lambda Chat – A dynamic web app using AWS Lambda

This is pretty cool, actually. I especially like using Lambda to process Dynamo event streams to S3 - that's a clever solution.

I&#x27;ve built awsletter [1] as a quick PoC of the cloud-only web app some time ago. Last week (inspired by HN thread [2]) I&#x27;ve jumped into this project once again. In January Lambda was a big &quot;wow&quot; for me, but now I see some things that have to be taken into consideration:<p>1&#x2F; Fine-Grained Access Control is there [3], but it is performed on a pretty late stage of user-system interaction. When user assumed a role with some auth provider, then he&#x2F;she can freely play with all AWS methods bundled in a well documented SDK [4].<p>2&#x2F; Codebase distribution means security distribution. You are authenticating user with FB&#x2F;G+&#x2F;Amz, then you have FGAC on DynamoDB table, then you need caller policy to call Lambda function remotely, then in Lambda function you need to check permissions one more time and the Lambda function have to have policy of what can be executed.<p>3&#x2F; In theory, Lambda functions are highly decoupled and testable (fn(payload, ctx)). But most of the time using Lambda makes sense in conjunction with other AWS services. Mocking Amazon&#x27;s ecosystem isn&#x27;t so easy.<p>4&#x2F; This model of computing may lead to oversized architectures, using &quot;one more&quot; AWS service to &quot;close the loop&quot;, some strange solutions like watching&#x2F;analyzing files in S3 buckets and so on...<p>I&#x27;ve seen a huge vendor lock-in from the beginning, I&#x27;ve been aware of potential security&#x2F;architecture problems. These concerns are still valid for me. But at the same time, Lamba as a concept is still pretty exciting.<p>[1] <a href="https:&#x2F;&#x2F;github.com&#x2F;jelz&#x2F;awsletter" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;jelz&#x2F;awsletter</a><p>[2] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9557298" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9557298</a><p>[3] <a href="http:&#x2F;&#x2F;docs.aws.amazon.com&#x2F;amazondynamodb&#x2F;latest&#x2F;developerguide&#x2F;FGAC_DDB.Examples.html" rel="nofollow">http:&#x2F;&#x2F;docs.aws.amazon.com&#x2F;amazondynamodb&#x2F;latest&#x2F;developergu...</a><p>[4] <a href="http:&#x2F;&#x2F;docs.aws.amazon.com&#x2F;AWSJavaScriptSDK&#x2F;guide&#x2F;browser-services.html" rel="nofollow">http:&#x2F;&#x2F;docs.aws.amazon.com&#x2F;AWSJavaScriptSDK&#x2F;guide&#x2F;browser-se...</a>

To me, this is a great demonstration of why AWS Lambda is not the future. Amazon gave it a catchy name for the Rube Goldberg cluster that it is.

Well the demo apparently doesn&#x27;t sanitize the name field in messages it receives.<p>Because there is some quality XSS happening.

Thank you.

Interesting article. This is good, but for chat applications, I feel Lambda is exactly the technology to be not used unless you have deep pockets. The number of S3 PUT requests for caching chat messages will eventually grow high as the chat app scales.

Which part of the architecture causes the latency? The author says it&#x27;s between 2 and 13 seconds and is faster the more users there are - why would that be the case?

The chat room kicks me straight out as soon as I see it. :(