Add cloud pods collaborative debugging tutorial

[tinyg210]

Add tutorial for using cloud pods for collaborative development and debugging in teams

[github-actions]

🎊 PR Preview has been successfully built and deployed to https://localstack-docs-preview-pr-1126.surge.sh 🎊

[giograno]

Kudos for the tutorial 💯
I have only one question (I don't have a strong opinion about this, but it just came to mind). Since this is a tutorial on collaborative debugging, do you think adding the s3 and ORAS remotes is a bit too much? It's definitively good content, but I am wondering if it makes sense to separate it.

[giograno]

for is colored differently. Any idea why? Maybe we should use console or shell?

[whummer]

Kudos for this tutorial @tinyg210 - great to see that we're adding some stories and explicit guidance for how users can address collaborative debugging with pods! 🎉

I have some comments and suggestions - high level thoughts/summary:

• I generally find the narrative writing style (painting a storyline for the scenario, being a bit witty in a few places, adding a "personal touch" to the text) quite refreshing, but at the same time it can be challenging to stay concise and specific, making it harder to follow. I guess adopting a slightly more neutral and factual writing style could help making the content a bit easier to consume (also, it is hard to make assumptions about the level of maturity/experience of the audience - some readers may understand the context of the more witty parts, others may not)
• To focus more on the collaboration part, would it make sense to include a small figure that illustrates the actual personas involved in the scenario? This would allow us to give them explicit names, and consistently refer to the specific person/persona throughout the document. (that could make it easier to follow, rather than referring to different colleagues, team members, etc)
• Maybe we could slightly expand the scenario with more usage of pods, for example the team member helping with debugging could create the fix, push the cloud pod with the same name (to create version 2), which the other team member can then check out to reproduce the fix (this could nicely illustrate the concept of versioning). Also, stretch goal - can we think of any third role/persona that could come into play here? (Don't have an explicit example in mind, but 3 is often a good number :) )
• Agree with @giograno regarding the sections about alternative cloud pod remotes. Maybe mentioning the S3 remote is helpful, but adding ORAS as well definitely seems like a bit of "overkill". This is generally good content (!) - but could we maybe move this somewhere else in our docs? This would allow us to keep the focus on the collaboration & debugging parts in this tutorial. (We can still mention in a paragraph that alternative storage options are available to enterprise customers, but maybe no need to dedicate entire sections to it in here.)

Hope that helps - please let me know if anything is unclear, also happy to discuss/brainstorm the points directly in more detail..!

[whummer]

after all, they’re following good practices

Not sure what the reference is here - what would be an alternative solution (not following good practice) for the Lambda to access a DynamoDB table? :) (Presumably we're referring to running LS without IAM enforcement (?), but not sure this is becoming clear from the context here..)

[tinyg210]

My thought was to mention this to highlight the granularity of IAM policy enforcement. This is the opposite of Action = ["dynamodb: *"]. I'm sure there are apps out there that go to production with terrible security policies 😄
I guess it sounded better in my head and it needs some elaborating.

[whummer]

Suggested change

	The new teammate working on this has mistakenly used `dynamodb:Scan` and `dynamodb:Query` as a replacement.
	The new teammate working on this application has mistakenly used `dynamodb:Scan` and `dynamodb:Query`, but missed adding the `dynamodb:GetItem` action to the policy document above.

[whummer]

nit: maybe we could remove the term "fast" here? (we already have lots of other tutorials that are focusing on the speed/velocity aspect, whereas here the focus is really on debugging&collaboration..)

[whummer]

Suggested change

	LocalStack provides a remote storage backend that can be used to store the state of your application and share it with your team members.
	LocalStack provides a managed storage backend that can be used to store the state of your application and share it with your team members.

[whummer]

nit: I understand you simply copied the CLI output here, but maybe we can slightly adjust it here, for consistency: 👍

Suggested change

	remote Manage cloud pod remotes
	remote Manage Cloud Pod remotes

[whummer]

Suggested change

	load Load the state of a Cloud Pod into the application runtime/ Users can import Cloud Pods from...
	load Load the state of a Cloud Pod into the application runtime

[whummer]

Not sure if "helper colleague" is a very common term? How about something like:

Suggested change

	Now, in a fresh LocalStack instance, the helper colleague can immediately load the Cloud Pod, because they’re part of the
	same organization, and their licences permit this:
	Now, other team members can load this Cloud Pod into their own LocalStack instances - this sharing
	works by default, as they’re part of the same organization:

Overall, I think when we speak about collaboration as a central concept, perhaps it would make sense to include a short diagram at the beginning of the post that illustrates the persons/roles involved, and how they are collaborating as part of this tutorial? 🤔

[whummer]

Related to the comment above - I think from the storyline it would make sense to explicitly introduce the persons involved (say, team member A and B, or Alice and Bob, or similar...), and then reference them here directly.

Something like:

After loading the Cloud Pod state, Bob can now easily reproduce the bug on their local machine, and also has access 
to the state and data of the services involved, meaning that the Lambda logs are available in the CloudWatch log groups.

[whummer]

Suggested change

	At a first glance, this error points to a permissions issue related to accessing DynamoDB. The action **`dynamodb:GetItem`** is
	not authorized for the role, preventing the retrieval of a product by its ID. This kind of error was not really foreseen as one
	At a first glance, this error points to a permissions issue related to accessing DynamoDB. The action **`dynamodb:GetItem`** is
	not included in the policy of the Lambda execution role, preventing the retrieval of a product by its ID. This kind of error was not really foreseen as one

[tinyg210]

Hey @whummer and @giograno, thanks for the feedback! This is definitely valuable input, and here's my plan to address your comments:

• I will remove the last part related to S3 storage and ORAS and reuse the content for a stack byte; in this article, I will only mention the extra possibilities + link to the docs for more info.
• I'll make the writing more clear, with a more neutral tone, to make it easier to read (plus all the other suggestions); I will, however, keep the story, as this is a pretty specific use case.
• I'll introduce a diagram to illustrate the flow between Alice and Bob for the collaboration.
• After Bob experiences the misconfiguration, Alice can use the AWS CLI to fix the missing action in the policy and save the cloud pod (creating v2). Bob will pull the latest version of the cloud pod, use the AWS CLI to view the updated policy, and then make the fix in the Terraform config file. So Bob will push his own fix.
• A third person, Carol, can pull the fixed cloud pod and write integration tests (Bob is only in charge of his own unit tests).

Btw, my initial thought was to have a bug related to bad configuration for the API-Lambda integration (using HTTP GET, instead of POST). At that time, this was not working as expected in LS, but it has since been fixed (localstack/localstack#10473) hehe. I still think the IAM policy enforcement is more important to highlight though.

Please let me know if you'd like to add/remove anything from the new approach (or if I missed anything). Otherwise, I'll be back soon with some fixes.

[HarshCasper]

Can we add this to the previous section itself?

[HarshCasper]

Any reason for picking a specific version?

[tinyg210]

it was the latest version at that time. if cloud pods change for future versions i won't go back to change this material