Comment by raw_anon_1111

4 days ago

Anecdote: I haven’t done any web development since 2002 and I always farmed that off to someone else.

But since I started using coding agents, I have done two feature full internal web apps authenticated by Amazon Cognito. While the UI looks like something from 2002, I am good at putting myself in the shoes of the end user, I iterated often (and quickly) over the UX.

I didn’t look at a line of code and have no plans to learn web development. I might have taken the time to learn a little before AI just to help me with internal websites. Yes I know it’s secure - I validated the endpoints can’t be accessed unauthenticated and the IAM role.

Second anecdote: I know AWS (trust me on this) like the back of my hand. I also know CloudFormation. For years I’ve been putting off learning Terraform and the CDK. After AI, why bother? I can one shot either for IAC and I’m very specific about what I want.

My company is happy and my customer is happy (consulting) what else matters? Substitute “customer” for “the business” or “stakeholders”

5 comments

raw_anon_1111

Reply
mattmanser  4 days ago

I didn’t look at a line of code... I know it’s secure - I validated the endpoints can’t be accessed unauthenticated and the IAM role

Oh god, this made me laugh so hard.

Best 'we gonna get hacked' comment of the day.

  • raw_anon_1111  4 days ago

    Please tell me how is going to be “hacked”?

    A) The IAM role of the Lambda runtime it’s running in is least privileged and only has access read and write access to the required S3 bucket and other required AWS services and even those are tightly scoped.

    B) For authentication I used Amazon Cognito and ran a curl shell script against each endpoint for authentication vs non authenticated end points

    C) The database user has least privilege access

    So how pray tell could insecure code overcome that?

    • mattmanser  3 days ago

      So you've made a read only wrapper around a database? That one person needs to access? There's no tentantization? You can't access more than one person's data? So there's zero chance one user can access someone else's data?

      If you answered NO to any question, refer to my previous post.

      If you answered YES, you could have just hooked your DB up to power BI or tableaux or whatever. Not exactly something to start boasting about that you're doing web dev.

      1 reply →

acmerfight  4 days ago

Agreed. This is pure architectural thinking: you hold the ground truth, enforce the strict IAM boundaries, and outsource the mud-playing to the LLM. Mindless 'vibe coding' without this structural discipline is just tittytainment. The job is contract validation now, not typing.