All blog posts
Compared node-based+TLS to confirm the initial timeout is Serverless-specific. A warmup connection with a 5-second wait recovers CacheMonitor to healthy state, making Serverless viable for production.
SAM deployment gotchas, local testing with LocalDurableTestRunner, and execution history tracking from hands-on experience. The qualified ARN requirement is the first hurdle.
Verified idempotency, DurableExecutionName, parallel callbacks, and timeout configuration hands-on. The common principle: design everything assuming replay will happen.
Deployed the official AWS fraud detection demo and verified 3 risk-score branches with suspend behavior. Confirmed zero compute charges during checkpoint-and-replay waits.
Export a CVV key wrapped with KEK via TR-31, import it, and verify the same CVV2 is generated. Key material transfer and KCV-based identity verification with Python (boto3).
A collection of Java SDK v2 gotchas discovered across the 3-part series. HMAC gaps, enum naming mismatches, class name confusion, and other undocumented pitfalls with workarounds.
Implement TranslatePinData for PIN re-encryption without exposing plaintext, and CMAC for data integrity verification. The core of acquirer processing: key relay without touching the PIN.
Implement 3 core issuer cryptographic operations with Java SDK. Discover how GeneratePinData requires PEK and PVK simultaneously — multiple purpose-built keys cooperating in a single API call.
Create 4 types of payment cryptographic keys with Java SDK, test wrong-key-usage errors, and experience how TR-31 KeyUsage enforcement differs from KMS.
A deep dive into the AWS Security Blog's agentic AI security framework for financial services. Reorganizes the 7 design principles into three axes—permissions, traceability, and controls—with Bedrock AgentCore implementation guidance.