Students go in Cognito: Securing Serverless Apps on AWS Lambda

When UCLA HumTech converted a homegrown application to a serverless app, we had to rethink how we approached data security. While UCLA has a number of solutions to protect student data, most of these solutions assume that there's a server to run on. A serverless app requires rethinking how we accessed Shibboleth, queried the student record system, and protected resources.

This talk will present our experience securing a serverless application. It is for developers, system administrators, and supervisors interested in serverless architecture. We will cover integrating Shibboleth with Amazon Cognito, configuring Lambda functions to access campus-restricted services, and setting security groups and VPCs correctly to protect resources. Finally, we will present our lessons learned and discuss the benefits and drawbacks of serverless apps for apps developed in-house.