My Experience as a SDE Intern at AWS-image

My Experience as a SDE Intern at AWS

Date published: 4-Jan-2023
11 min read / 3014 words
Author: Luciano Remes
FAANG
Amazon
Infrastructure
Tech Internship
AWS
Auth
Token

Disclaimer:

I did have to sign a

NDA, so I can't go too in depth on certain details. But I'll do my best to capture the essence of it.

After my experience interning at Goldman Sachs Summer 2021, and the overwhelming positive feedback on HN for my blog post. I thought I might also write a blog about my experience interning at AWS.

After interning at GS, I received a return offer to come back for Summer 2022. However, I wanted to explore other companies while I'm still in school. Just to see what was out there, I applied to a few places and received an offer from Amazon. I thought the kind of problems that I'd face at AWS would be quite exciting, and probably different than the kinds of things I had seen at Goldman or anywhere else for that matter. So I decided to go with AWS, and to be frank, their offer was significantly higher than Goldmans offer.

Offer: Summer 2022 SDE intern, in-person at the re:Invent office in Seattle, WA.

My start date was May 16th, I received a $6,000 housing stipend on top of my salary. I assumed this would be enough to get me through the summer, including housing and other costs of living, I was mistaken. One and a half months before the start date I started looking at apartments, I called probably 20 different buildings, all of them were not taking short term 3-month leases. This was quite stressful, I resulted to trying my luck with AirBnB. Everything was already booked! In fact the site crashed multiple times as the summer was getting closer. I thought I got lucky, after finding one posting that wasn't taken, it actually allowed me to place a $3,000 booking for the whole summer for a room a couple miles from the office offices. The host immediately called me and proceeded to tell me (in a desperate tone) to please cancel the booking because it was already taken, and the website wouldn't let her take it back. And I should cancel it on my end because if she did it on her end it would take a long time, and it'd be difficult, etc. So, I obliged and tried to cancel it. Then, as I had suspected, there was an entire chain of disputes with me cancelling it, having to pay a portion of it, the host claiming that they didn't call me, and that I should pay. I talked to support, and I was able to dispute it. However, this was really anxiety inducing. So there goes $3,000 tied up, just 3 weeks from my start date.

Fortunately, I was able to find this company called Landing, they're basically a company that sublets apartments to people who travel. The AirBnB thing got resolved, and I got the money back just in time for me to pay initial deposit and first month's rent. There was one issue, the rent was total ~$3,200! That would run out in less than 2 months. This really sucked, but I could still use my salary to pay the rest, and it wouldn't be too bad. Although paying that much for a 500 sqft studio was painful to say the least. Seattle's expensive, but not that expensive, it's all because of my short-term lease.

The whole housing situation was a nightmare. I was really hoping Amazon would provide intern housing, but I guess they don't see it as a priority. Quite a different experience from the one I had at Goldman, although admittedly, I already lived in Salt Lake City, so I didn't need to relocate for my GS internship.

Seattle

After an early morning flight, I got to my apartment in Queen Ann area 1 week before the start day. My dad came with me to help me unpack and get settled in. The apartment had some nice amenities like a gym and a roof area with a beautiful view of the harbor and the space needle. I frequented coming up here to have lunch and watch the ships go back and forth. Although it was kind of gloomy that day:

pier image
roof image

This was my first time in Seattle. We explored the city a bit, the first place we went to of course was Pike Place Market, as it was within commute distance. We walked past gum wall, although didn't contribute to it, and saw a few flying fish! My dad said the streets kind of reminded him of Europe a bit, which I definitely agree with. The cobblestone, narrow streets, and hole in the wall restaurants are all quite European features. We ended the day with dinner at the Pink Door, beautiful restaurant, best Arancini I've had in my life.

I spent the rest of the week exploring the city during the day and working on some side projects at night, since I knew I'd basically not get much time to look at them during the summer. Explored a few places, including:

  • Pacific Science Center
  • Chihuly Garden
  • Tropical Butterfly House
  • Japanese Garden

Onboarding

A day before my start day, I received a little care-package from AWS. It included a few notebooks, a pen, a T-shirt, and a portable rechargeable battery. The battery was the best item, although it felt a bit cheap.

My first day! I started by logging in to my laptop from home. Joined a few meetings with my manager, where he walked me through unlocking and accessing my environment. I also went through "My Embark Plan", which is what they call the onboarding process. It just contains videos on compliance and internal tooling specific to AWS. It also walks you through setting up and configuring your environment, it's really useful with getting to know all the internal resources for finding answers, of which there is a lot. I worked on that until around 11:30am.

laptop image
care package image

Then, I headed to the office, it's only a 15-min bus ride. I met my manager in the lobby, and we grabbed sushi for lunch with the whole team. They told me what the team does and where our team fits in to the overall scope of AWS::EC2. My team was AWS::EC2::Security Trust Infrastructure, we handled the internal PKI/CA systems that run in the EC2 cloud. It's a core EC2 team, without their software, no authenticated communication between services is possible in our internal cloud. We headed back to our office, on the 27th floor. We had an awesome view of Lake Union and the city.

pier image

The second day, lots of rain and yet really hot. I picked up my ORCA card, which is basically a card to manage my access to public transport, I could now commute without having to pay. I also met my first intern friend, his name is Connor (left), we worked on the same floor but on different teams.

entrance image
couch image

This little orange space is located near the entrance of the office, right after badging in. I think it's there to provide photo-ops to interns and visitors, which I totally fell for.

Project

Ok, let's talk about my project.

I was the first of 4 interns on my team. The others would arrive later on in the summer. Each of us had our own different independent projects, this was quite a different experience than the one I had at Goldman, since most teams had multiple interns per project. Since I was the first intern, I received a relatively difficult project, and my project would also serve as a foundation for the project that another one of the interns would later work on. My team smartly staggered the start dates such that we wouldn't both have to face and solve the same issues. Thus, I'd basically be the one to figure out these issues first and then relay my solutions to the new intern.

My project was to create a web app tool that allows our team to interact with a managed resource, view important information, and enact some procedures. Because of where our team sits on the internal EC2 stack, I couldn't directly use the AWS internal token authentication provider. And thus would have to build a work around that would allow authentication through my own generated tokens and give access to the website. This seemed to be the hardest part. The frontend and operations at first glance appeared to be simple CRUD operations. I even zealously believed I could finish the whole thing in 6-7 weeks tops. But the more I got familiarized with exactly what I'd need to do to perform this custom token authentication and build this service out from scratch. I soon realized this was definitely going to take the full internship, in fact I might not even reach all the features on the roadmap. Fortunately, I had an amazing project mentor that helped me plan out my project schedule and really helped me troubleshoot issues during the entire process. He was an invaluable part of my success, thanks Dmytro! The plan was to first do a mockup of the frontend, work on the frontend using dummy data, and then finally move onto the backend including the token auth part.

Frontend

The frontend was written in TypeScript using React, this is a standard at AWS, most teams use it. I used an internal React component library that AWS uses to develop all of it's AWS frontend products. It was really easy to use and well documented, it had all the styling and layout things I needed. Including a table component, which was the center view component of the web app. This took quite a while, as I was actually replacing an existing tool that was built in 10-year-old JQuery, and I was trying to clone all the features in React. I made my first commit week 1, after a few different iterations and feedback from my team I was able to get the frontend essentially finalized by week 4. I then spent some time writing tests for it, this was really tedious and took more time than I think it should have. The frontend wasn't exceptionally complex, being only 2 pages, and 8 custom components. Yet, the testing process took a while since I was using React testing-library and enzyme for the first time.

The website was a landing page, with a collapsible side menu. Then the main page, which was quite busy. It contained a table with 8 input search boxes above it, including drop-downs and text input searches. There were several modal-like interactions with data on the table and different action buttons related to each. I thought this part of the project would be the most annoying, but I actually found myself enjoying writing the frontend and working with TS and React.

Backend

The backend was a series of AWS Lambda functions written in TS, integrated into API Gateway proxy routes. These were mostly relatively easy to write and performed all the CRUD operations mentioned earlier. Including updates to a DynamoDB and our resource API.

The hardest part was writing the custom token authentication endpoints. I can't go too much into detail as to what the token actually was. It was essentially a series of credentials specific to a user that allowed them to read and make changes to our team's AWS resources through the web app (if you work at AWS, it's not the one that starts with M, it's the one that starts with an I, that's why I couldn't just use existing APIs and had to go through the GUI). Technically, these tokens that said I service provide, aren't really made to be accessed by other services as everything you could do with this app, you could just do in the AWS console. However, it would take a series of DynamoDB queries and/or interactions with other APIs, which were a pain when doing operational tasks. On top of that, the website is also authenticated with the M tokens through Cloudfront rules, which means only AWS employees can access it. But only our team can actually use CRUD operations.

This I token contained authentication that was needed for all CRUD operations. It was persisted as a cookie in the frontend, which would be sent with every POST request to the Lambdas whenever a user tried to do an operation. The whole flow was similar to an OAuth token exchange, but I had to write it from scratch, no libraries. Upon seeing that the cookie does not exist or that the cookie is outdated, the frontend would GET redirect to a login page. This was an API Gateway Lambda that did a 303 redirect to another website where the user put in their credentials. In this redirect, was a callback that was sent as a request parameter, the user would log in, then the auth website would make a POST request to the callback address sending the user auth information in the body. The auth token would be in the body of this request and I could then take it, package it up nicely as a KMS keyring encrypted cookie, and do a final 308 redirect back to our website for the user to use. This was all pretty seamless and allowed me to do this pretty interactively through just pure redirects and cookie manipulation. I thought I knew how HTTP status codes and redirects work. Try implementing a 4 stage, 3 redirect, token auth system, this taught me a lot! It was definitely the part that took the longest, and was quite hard to test since the frontend and the backend are involved and some complicated exchanges of information between the frontend, backend, and this other auth service. So there was a lot of manual testing, curling, and Postman windows open during development.

Social

I didn't really get to explore as much of Seattle as I'd like to, as nearing the end of the internship I was really crunching. But I did manage to go to the top of the space needle, which was a bit expensive, but pretty cool. I went on a few walks along the harbor. And I also went to a really nice restaurant next to a marina at night, with a beautiful view of the city.

My friend who was interning at Microsoft and was staying at the University of Washington dorms came down, and we walked around downtown, explored a few coffee shops and restaurants, and watched the Elvis movie. I would recommend it, great movie!

Near the end of my internship, some other friends were visiting Seattle, and we all spent the weekend exploring the city and having fun. At night, we even went to a bar and got a taste of Seattle's nightlife.

Conclusion

In the beginning, I burned myself out. Pulling off 10-11 hour days and trying to make sure all aspects of the website looked nicely, and I could get ahead of schedule. Which I managed to do, staying 2 weeks ahead of schedule until the halfway point where it started to catch up to me and I even fell behind a bit on some things by week 8. At some point around week 9, one of my mentors told me that they didn't really expect me to fully finish it. The project is hard, and they really just wanted to see how I'd handle it. This was actually quite encouraging to hear, as I thought I could actually do it and gave me the energy to push through. I picked the pace back up and was able to finish all the features, including some extra features that were not on the roadmap.

The final weeks were rough as I was really having problems with the auth system working in all local, alpha, and beta environments. But I was able to get it working and deliver the web app deployed and working. While still not fully released to production, it could at that point start getting used by the team. I was told by multiple people, that most intern projects don't really see production, and most of the time they usually just get abandoned. But my manager told me my project was put on the roadmap for full production release. Which means someone would be taking over my project when I was gone. I made sure to write a superb design doc and handoff document so that, whoever it was, could understand everything that's happening and certain decisions that were made. I also thought it might be useful to put some of the things that I thought could be improved and features that could be integrated.

I had my final presentation with my team and an adjacent sister team, which was awesome to give, as it felt like I had just sprinted through a marathon with flip-flops. And I was finally able to humorously talk about all the roadblocks and how I was able to reach the end. The presentation was supposed to be wholistic, about the project and my progress through the summer. However, It was the last time some of my team members would see me, so I sprinkled in a few fun slides and interesting things I learned while still staying true to a project presentation. Everyone seemed happy with my final presentation! I had my final meeting with my manager, he was quite happy with everything I had done.

At the end of the day, I sent out a final goodbye email to some members on my team for putting up with my craziness and teaching me so much. I turned in my laptop and I flew back to Salt Lake City. Two weeks later, I received a return offer:

Salary: 129k/yr
RSU: 111k over a 4 year vesting schedule
Bonus: one time 50k

Thanks to my team at EC2::Security Trust Infrastructure for a great summer, and a challenging project. Some of them were amazing mentors to me, and I couldn't be luckier to have met them and spent a summer learning from them.

PS: I didn't take the offer, for reasons I'll talk about in another post. I accepted an offer from Palantir Technologies