Your Serverless function has a secret... maybe it's a password for a remote API, a private key, or signing certificate. These secrets have to be stored somewhere, and in the old days that usually meant just a plaintext config file on your server. Sure, you could encrypt it, but then you have to put the key on the server, and you haven't gained anything except a bit of obfuscation. Or you could use more complex schemes, like Hiera-Eyaml, which is a small improvement, but you've really just moved the threat to a different part of your infrastructure.
...On Serverless Infrastructure
Getting Started with Documentation
In my previous blog series, Evolution of a Custom Cloud, I went over how our base design for a custom cloud has improved and how we setup our current VPC network architecture.
The current design combines high availability in multiple AZ’s, while allowing for a DMZ and private network. See the below diagram.
We sometimes need to exchange huge files with our customers and partners (too big to fit within the typical storage limits of Basecamp, or the free tier on Google Drive, Dropbox, etc).
There are now many user-friendly client apps for Amazon S3. I like Cyberduck. Combined with AWS's flexible policy system, setting up a transfer bucket is a snap.
We like to use our own site to experiment with different technologies. CDN's are nothing new, and Metal Toad has projects running on competing systems including Akamai and Level 3. Still, I think Amazon Cloudfront is an interesting offering and I wanted to give it a spin. Here's my review of the service after setting it up with Drupal: