Developing Serverless Solutions on AWS

OMISE Thailand - July 7-10, 2026

3-Day Instructor-Led Course

Module Slides (Interactive Presentations)

Day 1

0 Introduction

Course overview, logistics, instructor, agenda, resources

Day 1

3 Authentication & Authorization

Cognito, JWT authorizers, federated identities, OAuth/OIDC

Day 1

4 Deployment Frameworks

CloudFormation, CDK, SAM, Amplify Gen 2

Day 1

5 EventBridge & SNS

Event-driven decoupling, pub/sub, filtering, routing

Day 1

6 Queues & Streams

SQS, Kinesis, DynamoDB Streams, event source mappings

Day 2

7 Writing Effective Lambda Functions

Lifecycle, best practices, concurrency, idempotency, Kiro

Day 2

8 Step Functions for Orchestration

State machines, Task/Choice/Parallel/Map, error handling

Day 2

9 Observability & Monitoring

CloudWatch Logs, X-Ray traces, metrics, EMF, Lambda Insights

Day 3

10 Serverless Security

Defense in depth, WAF, IAM, VPC, encryption, auditing

Day 3

11 Handling Scale

Concurrency, throttling, SQS/Kinesis scaling, enhanced fan-out

Day 3

12 Automating CI/CD

Pipelines, SAM deploy, canary, traffic shifting, rollbacks

Hands-On Labs

🔗 Open Lab Environment (AWS Builder Labs)

1

Lab 1: Deploying a Simple Serverless Application

Day 1 - Deploy with SAM, test API Gateway + Lambda + DynamoDB

2

Lab 2: Message Fan-Out with Amazon EventBridge

Day 1 - Custom event bus, rules, multiple targets, filtering

3

Lab 3: Workflow Orchestration Using AWS Step Functions

Day 2 - Build state machine with Task, Choice, Parallel, Map states

4

Lab 4: Observability and Monitoring

Day 2 - CloudWatch Logs, X-Ray traces, metrics, alarms, dashboards

5

Lab 5: Securing Serverless Applications

Day 3 - WAF, IAM least privilege, Secrets Manager, encryption

6

Lab 6: Serverless CI/CD on AWS

Day 3 - CodePipeline, SAM deploy, canary deployments, auto-rollback

Try-It-Out Exercises

Day 1 Exercises

Day 2 Exercises

Use Cases: Omise (Opn Payments) - Serverless for Fintech

Real-world serverless patterns applied to Omise payment transaction management.

1. Real-Time Transaction Processing Pipeline

When a customer makes a payment, the transaction flows through an event-driven pipeline: API Gateway receives the payment request, Lambda validates and processes it, EventBridge routes the event to multiple consumers (fraud detection, receipt generation, analytics).

API Gateway Lambda EventBridge Fraud Detection Receipt (SES) DynamoDB Analytics
API GatewayLambdaEventBridgeDynamoDBSQS

2. Payment Dispute Workflow (Step Functions)

When a customer disputes a charge, a Step Functions workflow orchestrates the resolution: gather evidence (Task), determine dispute type (Choice), notify merchant + bank in parallel (Parallel), wait for response with callback token, then resolve or escalate.

Start GatherEvidence Type? Notify Merchant Notify Bank Wait forCallback Resolve Escalate End
Step FunctionsLambdaSNSDynamoDBSES

3. Transaction Monitoring & Fraud Detection

Kinesis Data Streams ingests real-time transaction data. Lambda consumers analyze patterns (velocity checks, geo-anomalies). CloudWatch custom metrics track transaction volume and fraud rates. X-Ray traces end-to-end latency. Alarms trigger when fraud rate exceeds threshold.

Transactions(Producer) KinesisData Stream LambdaFraud Analyzer CloudWatch Metrics SNS Alert X-RayTraces CW AlarmFraud > 1%
KinesisLambdaCloudWatchX-RaySNS

4. Secure Payment API with Multi-Layer Protection

Payment APIs are protected with defense-in-depth: CloudFront + WAF blocks SQL injection and bots, API Gateway enforces JWT auth (merchant API keys) + rate limiting per client, Lambda uses least-privilege IAM to access encrypted DynamoDB. Secrets Manager rotates payment gateway credentials.

CloudFront+ Shield WAF API GatewayJWT + Throttle Lambda DynamoDB(KMS encrypted) Secrets Mgr(auto-rotate)
CloudFrontWAFAPI GatewayCognitoSecrets ManagerKMS

5. Merchant Onboarding with CI/CD Pipeline

New merchant integrations deploy via automated SAM pipeline: CodeCommit triggers CodeBuild (lint + unit tests), deploys to staging account for integration testing, then canary-deploys to production with CloudWatch alarms that auto-rollback if error rate increases. Each merchant gets isolated Lambda functions with separate IAM roles.

CodeCommitGit push CodeBuildBuild + Test StagingIntegration test Approve ProductionCanary 10% CloudWatchAlarm + Rollback
CodePipelineSAMCodeBuildCloudFormationLambda

6. Settlement Batch Processing (SQS + Map State)

Daily settlement files uploaded to S3 trigger a Step Functions Distributed Map that processes thousands of transactions in parallel. Each item is validated, fees calculated, and results written to DynamoDB. Failed items go to DLQ for manual review. Entire process is serverless - scales from 10 to 100,000 transactions with no infrastructure changes.

S3CSV upload Step FunctionsDistributed Map Lambda (validate) Lambda (calc fees) DynamoDB SQS DLQ(failures) SNSCompletion alert
S3Step FunctionsLambdaDynamoDBSQS DLQ