docs(blog): 검색 유입용 기술 팁 포스트 5차 배치 (5개, 3개 언어)

- AWS CDK SES 이메일 전송 Lambda
- DynamoDB ConditionExpression 동시성 제어
- S3 Presigned URL 일회용 다운로드 링크
- AWS Lambda 배포 쉘 스크립트 (CDK 함수명 자동 조회)
- requestAnimationFrame FPS 모니터링

Author: realcoding2003

_posts/2026-01-25-aws-cdk-ses-lambda-email-en.md

@@ -0,0 +1,60 @@
+---
+layout: post
+title: "AWS CDK - Build a SES Email Lambda in Minutes"
+date: 2026-01-25 09:00:00 +0900
+categories: [Development, Tips]
+tags: [AWS, CDK, SES, Lambda, email, TypeScript]
+author: "Kevin Park"
+lang: en
+excerpt: "Set up a serverless email sending endpoint with AWS CDK: API Gateway + Lambda + SES."
+---
+
+## Problem
+
+Need email sending for a contact form, but running a dedicated server is overkill. Serverless AWS is the answer.
+
+## Solution
+
+```typescript
+import * as cdk from 'aws-cdk-lib';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as apigateway from 'aws-cdk-lib/aws-apigateway';
+import * as ses from 'aws-cdk-lib/aws-ses';
+import * as iam from 'aws-cdk-lib/aws-iam';
+
+export class ContactApiStack extends cdk.Stack {
+  constructor(scope: Construct, id: string) {
+    super(scope, id);
+
+    new ses.EmailIdentity(this, 'Sender', {
+      identity: ses.Identity.email('contact@example.com'),
+    });
+
+    const fn = new lambda.Function(this, 'ContactFn', {
+      runtime: lambda.Runtime.NODEJS_20_X,
+      handler: 'index.handler',
+      code: lambda.Code.fromAsset('lambda/contact'),
+    });
+
+    fn.addToRolePolicy(new iam.PolicyStatement({
+      actions: ['ses:SendEmail'],
+      resources: ['*'],
+    }));
+
+    const api = new apigateway.RestApi(this, 'ContactApi', {
+      defaultCorsPreflightOptions: {
+        allowOrigins: apigateway.Cors.ALL_ORIGINS,
+        allowMethods: ['POST', 'OPTIONS'],
+      },
+    });
+    api.root.addResource('contact').addMethod('POST',
+      new apigateway.LambdaIntegration(fn));
+  }
+}
+```
+
+## Key Points
+
+- SES starts in sandbox mode — you can only send to verified emails. Request production access from AWS for unrestricted sending.
+- Setting `resources: ['*']` for `ses:SendEmail` allows sending from any identity. For tighter security, restrict to specific identity ARNs.
+- Infrastructure as code with CDK means environment replication is a single `cdk deploy`. Far more reproducible than console clicking.

_posts/2026-01-25-aws-cdk-ses-lambda-email-ja.md

@@ -0,0 +1,60 @@
+---
+layout: post
+title: "AWS CDKでSESメール送信Lambdaを作る"
+date: 2026-01-25 09:00:00 +0900
+categories: [Development, Tips]
+tags: [AWS, CDK, SES, Lambda, email, TypeScript]
+author: "Kevin Park"
+lang: ja
+excerpt: "AWS CDKでSESメール送信Lambdaを構成するコード。API Gateway + Lambda + SESの組み合わせをご紹介します。"
+---
+
+## 問題
+
+お問い合わせフォームからメールを送信する機能が必要ですが、専用サーバーを運用するのは負担が大きいです。AWSのサーバーレスで解決したいところです。
+
+## 解決方法
+
+```typescript
+import * as cdk from 'aws-cdk-lib';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as apigateway from 'aws-cdk-lib/aws-apigateway';
+import * as ses from 'aws-cdk-lib/aws-ses';
+import * as iam from 'aws-cdk-lib/aws-iam';
+
+export class ContactApiStack extends cdk.Stack {
+  constructor(scope: Construct, id: string) {
+    super(scope, id);
+
+    new ses.EmailIdentity(this, 'Sender', {
+      identity: ses.Identity.email('contact@example.com'),
+    });
+
+    const fn = new lambda.Function(this, 'ContactFn', {
+      runtime: lambda.Runtime.NODEJS_20_X,
+      handler: 'index.handler',
+      code: lambda.Code.fromAsset('lambda/contact'),
+    });
+
+    fn.addToRolePolicy(new iam.PolicyStatement({
+      actions: ['ses:SendEmail'],
+      resources: ['*'],
+    }));
+
+    const api = new apigateway.RestApi(this, 'ContactApi', {
+      defaultCorsPreflightOptions: {
+        allowOrigins: apigateway.Cors.ALL_ORIGINS,
+        allowMethods: ['POST', 'OPTIONS'],
+      },
+    });
+    api.root.addResource('contact').addMethod('POST',
+      new apigateway.LambdaIntegration(fn));
+  }
+}
+```
+
+## ポイント
+
+- SESは最初サンドボックスモードのため、認証済みメールにのみ送信できます。プロダクション移行にはAWSへの申請が必要です。
+- `ses:SendEmail`権限の`resources`を`'*'`にするとすべてのメールから送信可能です。セキュリティが重要な場合は、特定のidentity ARNに制限するのが良いです。
+- CDKでインフラをコードで管理すれば、環境複製は`cdk deploy`の1行で完了です。コンソールでクリックするよりはるかに再現性があります。

_posts/2026-01-25-aws-cdk-ses-lambda-email.md

@@ -0,0 +1,65 @@
+---
+layout: post
+title: "AWS CDK로 SES 이메일 전송 Lambda 만들기"
+date: 2026-01-25 09:00:00 +0900
+categories: [Development, Tips]
+tags: [AWS, CDK, SES, Lambda, email, TypeScript]
+author: "Kevin Park"
+lang: ko
+excerpt: "AWS CDK로 SES 이메일 전송 Lambda를 구성하는 코드. API Gateway + Lambda + SES 조합."
+---
+
+## 문제
+
+문의 폼에서 이메일을 보내는 기능이 필요한데, 서버를 따로 운영하기는 부담스럽다. AWS 서버리스로 해결하고 싶다.
+
+## 해결
+
+```typescript
+// infra/lib/contact-api-stack.ts
+import * as cdk from 'aws-cdk-lib';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as apigateway from 'aws-cdk-lib/aws-apigateway';
+import * as ses from 'aws-cdk-lib/aws-ses';
+import * as iam from 'aws-cdk-lib/aws-iam';
+
+export class ContactApiStack extends cdk.Stack {
+  constructor(scope: Construct, id: string) {
+    super(scope, id);
+
+    // SES 이메일 인증
+    new ses.EmailIdentity(this, 'Sender', {
+      identity: ses.Identity.email('contact@example.com'),
+    });
+
+    // Lambda 함수
+    const fn = new lambda.Function(this, 'ContactFn', {
+      runtime: lambda.Runtime.NODEJS_20_X,
+      handler: 'index.handler',
+      code: lambda.Code.fromAsset('lambda/contact'),
+    });
+
+    // SES 전송 권한 부여
+    fn.addToRolePolicy(new iam.PolicyStatement({
+      actions: ['ses:SendEmail'],
+      resources: ['*'],
+    }));
+
+    // API Gateway
+    const api = new apigateway.RestApi(this, 'ContactApi', {
+      defaultCorsPreflightOptions: {
+        allowOrigins: apigateway.Cors.ALL_ORIGINS,
+        allowMethods: ['POST', 'OPTIONS'],
+      },
+    });
+    api.root.addResource('contact').addMethod('POST',
+      new apigateway.LambdaIntegration(fn));
+  }
+}
+```
+
+## 핵심 포인트
+
+- SES는 처음에 샌드박스 모드라서 인증된 이메일로만 보낼 수 있다. 프로덕션으로 전환하려면 AWS에 요청해야 한다.
+- `ses:SendEmail` 권한의 `resources`를 `'*'`로 하면 모든 이메일로 보낼 수 있다. 보안이 중요하면 특정 identity ARN으로 제한하는 게 좋다.
+- CDK로 인프라를 코드로 관리하면 환경 복제가 `cdk deploy`한 줄이다. 콘솔에서 클릭하는 것보다 훨씬 재현 가능하다.

_posts/2026-02-01-dynamodb-conditional-update-concurrency-en.md

@@ -0,0 +1,38 @@
+---
+layout: post
+title: "DynamoDB ConditionExpression for Concurrency Control"
+date: 2026-02-01 09:00:00 +0900
+categories: [Development, Tips]
+tags: [AWS, DynamoDB, concurrency, conditional update, race condition]
+author: "Kevin Park"
+lang: en
+excerpt: "Prevent race conditions in DynamoDB using ConditionExpression for atomic conditional updates."
+---
+
+## Problem
+
+Incrementing a download counter — concurrent requests can exceed the max limit. The `GET → check → UPDATE` pattern is vulnerable to race conditions.
+
+## Solution
+
+```typescript
+import { UpdateCommand } from '@aws-sdk/lib-dynamodb';
+
+await docClient.send(new UpdateCommand({
+  TableName: 'tokens',
+  Key: { PK: `TOKEN#${token}`, SK: 'TOKEN' },
+  UpdateExpression: 'SET downloadCount = downloadCount + :inc',
+  ConditionExpression: 'downloadCount < :max',
+  ExpressionAttributeValues: {
+    ':inc': 1,
+    ':max': maxDownloads,
+  },
+}));
+// Throws ConditionalCheckFailedException if condition fails
+```
+
+## Key Points
+
+- `ConditionExpression` checks the condition before executing the update. If the condition fails, the update doesn't execute. This is atomic — race conditions are impossible.
+- "Read → check → write" in application code allows other requests to slip in between. Delegating the check to DynamoDB eliminates that gap.
+- Catch `ConditionalCheckFailedException` to return "download limit exceeded" responses. This error is a normal part of business logic.

_posts/2026-02-01-dynamodb-conditional-update-concurrency-ja.md

@@ -0,0 +1,38 @@
+---
+layout: post
+title: "DynamoDB ConditionExpressionで同時実行制御を行う"
+date: 2026-02-01 09:00:00 +0900
+categories: [Development, Tips]
+tags: [AWS, DynamoDB, concurrency, conditional update, race condition]
+author: "Kevin Park"
+lang: ja
+excerpt: "DynamoDBのConditionExpressionを活用して同時リクエスト時のデータ競合（race condition）を防止する方法をご紹介します。"
+---
+
+## 問題
+
+ダウンロードカウンターを増加させる際、同時に複数のリクエストが来ると最大回数を超過する可能性があります。`GET → 確認 → UPDATE`パターンはrace conditionに脆弱です。
+
+## 解決方法
+
+```typescript
+import { UpdateCommand } from '@aws-sdk/lib-dynamodb';
+
+await docClient.send(new UpdateCommand({
+  TableName: 'tokens',
+  Key: { PK: `TOKEN#${token}`, SK: 'TOKEN' },
+  UpdateExpression: 'SET downloadCount = downloadCount + :inc',
+  ConditionExpression: 'downloadCount < :max',
+  ExpressionAttributeValues: {
+    ':inc': 1,
+    ':max': maxDownloads,
+  },
+}));
+// 条件不一致時はConditionalCheckFailedExceptionが発生
+```
+
+## ポイント
+
+- `ConditionExpression`はアップデート実行前に条件をチェックします。条件が合わなければアップデート自体が実行されません。これがアトミックなのでrace conditionは不可能です。
+- 「読み取り → 確認 → 書き込み」をコードで行うと、その間に他のリクエストが割り込む可能性があります。DynamoDBに条件チェックを委譲すれば、その隙間がなくなります。
+- `ConditionalCheckFailedException`をcatchして「ダウンロード制限超過」のレスポンスを返せます。このエラーは正常なビジネスロジックの一部です。

_posts/2026-02-01-dynamodb-conditional-update-concurrency.md

@@ -0,0 +1,41 @@
+---
+layout: post
+title: "DynamoDB ConditionExpression으로 동시성 제어하기"
+date: 2026-02-01 09:00:00 +0900
+categories: [Development, Tips]
+tags: [AWS, DynamoDB, concurrency, conditional update, race condition]
+author: "Kevin Park"
+lang: ko
+excerpt: "DynamoDB의 ConditionExpression을 활용해 동시 요청 시 데이터 충돌(race condition)을 방지하는 방법."
+---
+
+## 문제
+
+다운로드 카운터를 증가시키는데, 동시에 여러 요청이 들어오면 최대 횟수를 초과할 수 있다. `GET → 확인 → UPDATE` 패턴은 race condition에 취약하다.
+
+## 해결
+
+```typescript
+import { UpdateCommand } from '@aws-sdk/lib-dynamodb';
+
+// 원자적 증가 + 조건부 업데이트
+await docClient.send(new UpdateCommand({
+  TableName: 'tokens',
+  Key: { PK: `TOKEN#${token}`, SK: 'TOKEN' },
+  UpdateExpression: 'SET downloadCount = downloadCount + :inc',
+  ConditionExpression: 'downloadCount < :max',
+  ExpressionAttributeValues: {
+    ':inc': 1,
+    ':max': maxDownloads,  // 예: 3
+  },
+}));
+
+// ConditionExpression 실패 시 ConditionalCheckFailedException 발생
+// → 이미 최대 횟수에 도달했다는 뜻
+```
+
+## 핵심 포인트
+
+- `ConditionExpression`은 업데이트를 실행하기 전에 조건을 체크한다. 조건이 맞지 않으면 업데이트 자체가 실행되지 않는다. 이게 원자적이라서 race condition이 불가능하다.
+- "읽기 → 확인 → 쓰기"를 코드에서 하면 그 사이에 다른 요청이 끼어들 수 있다. DynamoDB에게 조건 체크를 위임하면 그 사이가 없다.
+- `ConditionalCheckFailedException`을 catch해서 "다운로드 제한 초과" 같은 응답을 보내면 된다. 이 에러는 정상적인 비즈니스 로직의 일부다.

_posts/2026-02-08-s3-presigned-url-download-token-en.md

@@ -0,0 +1,49 @@
+---
+layout: post
+title: "S3 Presigned URLs - Build One-Time Download Links"
+date: 2026-02-08 09:00:00 +0900
+categories: [Development, Tips]
+tags: [AWS, S3, presigned URL, download, security]
+author: "Kevin Park"
+lang: en
+excerpt: "Combine S3 presigned URLs with DynamoDB TTL to create download links with expiration and download count limits."
+---
+
+## Problem
+
+Need to provide file download links, but unlimited downloads by anyone is not acceptable. Both time limits and download count limits are required.
+
+## Solution
+
+```typescript
+import { GetObjectCommand, S3Client } from '@aws-sdk/client-s3';
+import { getSignedUrl } from '@aws-sdk/s3-request-presigner';
+
+const s3 = new S3Client({ region: 'ap-northeast-2' });
+
+async function generateDownloadUrl(bucket: string, key: string) {
+  const command = new GetObjectCommand({ Bucket: bucket, Key: key });
+  const url = await getSignedUrl(s3, command, {
+    expiresIn: 300,  // 5 minutes
+  });
+  return url;
+}
+
+// Store token in DynamoDB (1-hour TTL, max 1 download)
+const token = crypto.randomUUID();
+await docClient.send(new PutCommand({
+  TableName: 'download-tokens',
+  Item: {
+    PK: `TOKEN#${token}`,
+    downloadCount: 0,
+    maxDownloads: 1,
+    ttl: Math.floor(Date.now() / 1000) + 3600,
+  },
+}));
+```
+
+## Key Points
+
+- Presigned URLs embed signing info in the URL, enabling direct download without AWS credentials. After expiration, requests return 403.
+- DynamoDB TTL auto-deletes expired tokens. No cron jobs needed for cleanup.
+- `expiresIn` controls the URL's validity; DynamoDB TTL controls the token's validity. Separating these provides more flexibility.