3. Agenda
• Frontend
• Add security with Cognito and Google Identity
Provider
• Store Data in Dynamo DB
• Build Microservice with Lambda
• Deploy source code into S3 Bucket
5. Add security with Cognito and Google Identity Provider
1. Obtain Google IDP Client Id:
2. Update index.html with Google Client Id
3. Update Identity Pool config.json with Google
Client Id
4. Create a new Identity Pool
5. Update javascript config file(s) with
Identity Pool Id
AWS Lambda is arguably the most exciting service released in AWS since EC2. Lambda is a service that lets you run code on someone else’s machine, in this case EC2. All you need to do is pick the runtime your code can run in, and provide the code. Currently, the supported runtimes are:
- Node.js: v0.10.36, v4.3.2
- Java: Java 8
- Python: Python 2.7
Developing applications using Lambda differs from the way we are typically used to, in terms of codebase management, tooling, frameworks, testing and deployment. On one hand, Lambda offers us the entire AWS ecosystem with simple configurations, and on the other, it requires us to rethink how we approach building even small applications. There aren’t yet enough success stories and best practices out there to give one the confidence to build large applications using Lambda, but there’s enough information to start farming out computation heavy processes to Lambda. Lambda especially shines because of its ability to scale along with its workload.
API Gateway is another exciting service on AWS that aims to ease the task of creating APIs. You define your resources and their models, request transformations, locations where requests should be proxied to, response transformations; and you get a functioning API without deploying a single machine. An API Gateway endpoint can use a Lambda function as its backend, which is the sweet spot touted by serverless architecture advocates.
I recently created a small project using Lambda and API Gateway. You can find the project source following the link: https://github.com/yegor86/spa-aws
One major pain point of using Lambda and API Gateway is the difficulty of setting things up, so the project uses Terraform to ease that difficulty. Terraform is a tool that lets you define configurations, which it can run to provision resources on datacenters by providers such as AWS, Azure and Google Cloud. In this project, Terraform is used to provision the Lambda function and API Gateway resources. With Terraform installed, the project can be deployed by simply invoking:
- terraform apply
terraform destroy
Like every system in its early life, API Gateway and Lambda have minor bugs and areas of improvement. Overall, the combination of these technologies is lethal, and I’m interested in seeing how functionality in existing applications can be chipped away to harness the strengths of these so-called serverless architectures.
There is no standardized way to design server less applications. No 2-3-4-.. layers architecture either.
All we know you have to govern a bunch of different components.
You need to get something more than just building/configuration management tool to get the components together
It is yet to understand how to design and develop such systems. And, what is most important, yet to prove whether these systems are production ready
I will walk you through the steps of building and deploying a serverless web application
Use you favorite Java script framework to build a frontend. I would recommend you to keep an eye on ThoughtWorks. ThoughtWorks publishes ‘hot’ technologies on regular basis
I am using AngularJs now.
Amazon Cognito lets you easily add user sign-in to your mobile and web apps. With Amazon Cognito, you can also authenticate users through social identity providers such as Facebook, Twitter, or Amazon, or by using your own identity solution.
In our application we will do all the steps above using Terraform.
Alternatively, you can do all this steps manually or using shell scripting intensively
Terraform comes in play when you want to have
Infrastructure as a code
Automated integration of Amazon/Azure/Google Cloud services
Put all necessary IDs, ARNs and other services/resource identifier into the right place in your source code
Terraform enables us with ability to specify client id once within terraform. Then it renders config templates with the corresponding resource identifiers.
With Terraform you can
- Resolve all dependencies,
- Quickly Undo/Redo changes
- Avoid boilerplate code (using modules)
This call is possible thanks to Fine-Grained Access Control for DynamoDB
To implement this kind of fine-grained access control, you write an IAM permissions policy that specifies conditions for accessing database.
The permissions policy grants permissions that allow a set of DynamoDB actions on the problems table. It uses the dynamodb:LeadingKeys condition key to restrict access for unauthorized users.
The Condition entry in this policy uses a substitution variable to grab the Cognito ID from the request. This ensures that only authenticated Cognito users can access the table, and that they only have access to the documents that they created.
All you need is to attach this policy to Cognito IAM Role and you will be able to access DB from client’s code completely secure
Sometimes you want to hide the logic from prying eyes for security reason or don’t want to share the code
Lambda supports ES6 out of the box now. Don’t need to transpile the code anymore
As we’ve seen, invoking Lambda functions via the AWS SDK with Cognito credentials can be a great way to integrate custom services into your applications, but what if you want to provide public access to a Lambda function? You can make these functions accessible via an unauthenticated HTTP request using the Amazon API gateway.
The Amazon API Gateway maps APIs to Lambda functions through endpoints that you define with each function.
Aws added several Swagger extensions which help us to define API via Swagger.
Swagger is a simple yet powerful representation of your RESTful API
JSON and YAML are supported formats
Boto3 worth looking at if you want to get find-grained control over your infrastructure. You will have to deal with plenty of python code then
Troposphere is also written in python. Simplify usage of Cloud Formation