This blog continues from My attempt on Cloud Resume Challenge in 2026.

Table Contents

Smoke Tests with Cypress

  • Cypress is used for smoke tests to verify that the page loads correctly and to run basic sanity checks against real API requests.
  • In GitHub Actions, the Cypress binary must be installed explicitly and cached. This is because Cypress installs its binary via a postinstall script, while pnpm only downloads the JavaScript wrapper and Node APIs by default.

Multiple Environments

  • Multiple environments are set up to support controlled deployments.
  • Staging: Pull requests merged into the main branch trigger CI/CD and deploy automatically to the staging environment.
  • Production: Commits that have passed CI/CD are promoted to production by creating a release/* branch and tagging a release (for example, v1.0.0).

AWS Cross-Account Access

  • HCP Terraform authenticates to the AWS production account via OIDC to create most resources.
  • It then assumes a role in the admin account specifically for modifying DNS records.

Lambda Gotchas

  • Use structured JSON logging to improve integration with log aggregation and analytics platforms.
  • Lambda functions containing non-trivial business logic should be covered by unit tests.

DynamoDB Gotchas

  • Use the ADD operation in UpdateItem to simplify value initialization and atomic increments.
  • Use auto-generated table names to allow resource replacement (for example, when changing billing modes).
  • When a replacement occurs, restore the table from a backup rather than reinitializing it from scratch.

GitHub OIDC Gotchas with Multiple Environments

  • GitHub OIDC assumes an IAM role in the target AWS account, where the sub claim controls which repository is allowed to assume the role.
  • The sub field is often restricted to a single repository, but to support multiple environments, it must allow all refs: 
"StringLike": {
  "token.actions.githubusercontent.com:sub": "repo:<org>/<repo>:*"
}
Enter fullscreen mode Exit fullscreen mode