Students go in Cognito: Securing Serverless Apps on AWS Lambda


When UCLA HumTech converted a homegrown application to a serverless app, we had to rethink how we approached data security. While UCLA has a number of solutions to protect student data, most of these solutions assume that there's a server to run on. A serverless app requires rethinking how we accessed Shibboleth, queried the student record system, and protected resources.

This talk will present our experience securing a serverless application. It is for developers, system administrators, and supervisors interested in serverless architecture. We will cover integrating Shibboleth with Amazon Cognito, configuring Lambda functions to access campus-restricted services, and setting security groups and VPCs correctly to protect resources. Finally, we will present our lessons learned and discuss the benefits and drawbacks of serverless apps for apps developed in-house.

Previous Knowledge

Programming or system administration experience

Software Installation Expectation


Session skill level
Session Track
Securing Information, Assets and Systems