— an almost non-trivial AWS Lambda image search/host

I made a little app called (the code is here) which is basically like any old image storage/search thing except:

  1. It’s curated by me and thus it is better than other existing ones
  2. It only runs sometimes (it is ~serverless~)

And that’s pretty neat right? It took me about an afternoon, costs about the same as competing services in money and/or my soul (privacy), and I control entirely how it indexes/searches for things.

Things I didn’t have to do

These are things you personally might not have had to do, but if I was to reproduce this with familiar services and frameworks it would include:

  • Fire up a familiar framework like Django
  • Some basic auth maybe, since not everyone should get to upload
  • Hook up some storage backend so images go in the right place, can be retrieved
  • Include something (redis-queue, celery) to do async indexing
  • Host this backend somewhere with all the things (Elasticsearch, Redis/RabbitMQ, Django/WSGI, Postgresql)
  • Pay money 24/7 for a server that is barely in use

Things I had to do that almost didn’t make it worth it

I made a cool chart about how my time was allocated over the course of this project

A big serverless selling point for developers is that you can just write application code and this appears to be a house of lies.

At least with Lambda, I spend a sizable amount of time just fiddling with access controls and very little time writing application code.

Here are a few of the places and ways you can modify access controls in AWS.

Directly in lambda (with and without a template), ES (with or without a template). A managed policy in IAM on roles, an unmanaged policy (with or without a document). And there is a simulator too because you are going to screw up.

It’s worth noting that some things in AWS seem like they might be the place to modify access right for an app like this but are wholly irrelevant.

Also they just changed everything kinda I guess?

At first glance it’s unclear what this is and if it helps with the actual problems I had

What did we learn?

  1. Anyone is capable of making a dumb search-for-asset thing on the internet so you should because I am not really a fan of existing solutions
  2. No one in this story has solved anything about letting application developers just write application code without (human) ops support