Yeah, basically anything that requires security, like say a login system, is a pain, and there are a lot of server quality of life features that you don't get with S3. Basically with an S3 bucket, they get the file system, the whole file system, and nothing but the file system.
For the security issue, the way I organized it was to have a second s3 bucket that the lambda could access but not an external user for storing anything sensitive. AWS has some dedicated services like Cognito and IAM for dealing with user login and verification, which in theory should make a lot of stuff easier but I struggled with getting to interface with everything else.
For the data storage there were just a bunch of little hacks to deal with things like write order and file size as the lambda functions are stateless and the timing/ordering of their execution is not reliable. Luckily what I was building was never intended to scale but if it ever did those hacks would not hold up. I was unaware of it at the time but AWS actually has a simple queue service (SQS) which I haven't personally used but seems like it would fix a lot of the issues.
But yeah, really the issue is that aws splits up its functionality such that it is hard to do things unless you are using the one arcanely named service that is actually designed to do it, the services aren't very compatible with eachother (they use different naming conventions for the same things, and are generally structured as if the teams working on them never talked to eachother) and I personally find the documentation for a lot of these services to be very unclear. I'm sure some AWS power user would have a much easier time doing it, but I don't know why anyone would sink in enough time to get that familiar with all those different services when there are plenty of straightforward all-in-one options out there. Plus, I don't feel spinning up 13 different services is really in the spirit of the S3/Lambda site.
That all being said, I do really like S3 for static sites and honestly adding just a little bit of dynamic functionality like adding an email form is not too bad.
Many thanks for the write-up! Sequence of writes is not something I had considered. Hoping to get around most of the drama by leaning on KV workers from cloudflare
For the security issue, the way I organized it was to have a second s3 bucket that the lambda could access but not an external user for storing anything sensitive. AWS has some dedicated services like Cognito and IAM for dealing with user login and verification, which in theory should make a lot of stuff easier but I struggled with getting to interface with everything else.
For the data storage there were just a bunch of little hacks to deal with things like write order and file size as the lambda functions are stateless and the timing/ordering of their execution is not reliable. Luckily what I was building was never intended to scale but if it ever did those hacks would not hold up. I was unaware of it at the time but AWS actually has a simple queue service (SQS) which I haven't personally used but seems like it would fix a lot of the issues.
But yeah, really the issue is that aws splits up its functionality such that it is hard to do things unless you are using the one arcanely named service that is actually designed to do it, the services aren't very compatible with eachother (they use different naming conventions for the same things, and are generally structured as if the teams working on them never talked to eachother) and I personally find the documentation for a lot of these services to be very unclear. I'm sure some AWS power user would have a much easier time doing it, but I don't know why anyone would sink in enough time to get that familiar with all those different services when there are plenty of straightforward all-in-one options out there. Plus, I don't feel spinning up 13 different services is really in the spirit of the S3/Lambda site.
That all being said, I do really like S3 for static sites and honestly adding just a little bit of dynamic functionality like adding an email form is not too bad.