Skip to content

Latest commit

 

History

History
161 lines (138 loc) · 4.67 KB

README.md

File metadata and controls

161 lines (138 loc) · 4.67 KB

AWS Microservice package

This is a Node based lambda microservice package created by AWS-Architect.

Recent Changes

Visit the changelog.

Prerequisites

  • Install NodeJS (nodejs8.10 this is what lambda uses) & npm
    curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
    sudo apt-get install -y nodejs
  • Your user will need access to the following resources (or the continuously deployment user):
    • Development time resources (identical for deployment CI), example security policy
    • Service runtime resources (for testing only, not required, execute lambda, api gateway access, etc...)

Development

Development is templated using the make.js file. All the needed actions are present there. For ease, the AWS Architect to managed as a npm package. So all functionality is available directly from native nodejs, no having to write shell scripts just do some simple development.

  • Website is created from the content directory.
  • Lambda functions are created from the src/index.js source.
  • npm install: Install necessary dependencies.
  • npm run build or node make.js build: Builds and run unit tests.
  • sudo npm start: Runs the microservice locally, it inhabits the api and lambda functions using nodejs express.
  • npm run deploy: Deploys the package to AWS.

Building

  npm install
  npm run build

Running server locally

AWS Architect uses OpenAPI Factory to convert the src/index.js into a node server API used by node-express. This can be loaded, and the server can be started by running

   npm install
   npm run start

Deploying to AWS

* Using the built in make.js file
	npm install
	npm run deploy
* Configure awsArchitect
	let packageMetadataFile = path.join(__dirname, 'package.json');
	let packageMetadata = require(packageMetadataFile);

	let apiOptions = {
		sourceDirectory: path.join(__dirname, 'src'),
		description: 'This is the description of the lambda function',
		regions: ['us-east-1']
	};
	let contentOptions = {
		bucket: 'WEBSITE_BUCKET_NAME',
		contentDirectory: path.join(__dirname, 'content')
	};
	let awsArchitect = new AwsArchitect(packageMetadata, apiOptions, contentOptions);

Setup

Setting up Google authentication, Cognito, and API Gateway

  • Create a project in Google: https://console.developers.google.com/project
    • Enable and Manage API's
    • Credentials: OAuth 2.0 and Client IDs: Create a new client id, and use this in the later steps. You will have to set up the redirects to actually work on login successes
  • Create a new Identity pool to associate with the application (save the IdentityPoolId)
    • Add in the google client to the IdentityPool
  • [Optional: used for non-REST Lambdas] Create a UserRole, set it to have access to API Gateway and Cognito Sync using the IdentityPoolId
  • Create a Service Role, to have access to the back end AWS needed resources: example service user permissions and example trust relationship.
  • content/index.html:
    • Update google usercontent token (google-signin-client_id) in the index.html with client id.
    • Update IDENTITY_POOL_ID with the identityPoolId

TL;DL

  • Static content => content/index.html
  • Lambda function => src/index.js

Permissions to invoke lambda functions

  • From CloudWatch Rules:
{
	"SourceAccount": { "Ref": "AWS::AccountId" },
	"SourceArn": {
		"Fn::Join": [
			"",
			[
				"arn:aws:events:",
				{ "Ref": "AWS::Region" },
				":",
				{ "Ref": "AWS::AccountId" },
				":rule",
				"/",
				{ "Ref": "serviceName" },
				"-*"
			]
		]
	}
}
  • From CloudWatch Logs:
{
	"SourceAccount": { "Ref": "AWS::AccountId" },
    "SourceArn": {
        "Fn::Join": [
			":",
            [
              "arn:aws:logs",
              { "Ref": "AWS::Region" },
              { "Ref": "AWS::AccountId" },
              "log-group",
              "*",
              "*"
            ]
        ]
	}
}
  • From SES:
{
	"SourceAccount": { "Ref": "AWS::AccountId" }
}
  • From API Gateway:
{
	"SourceAccount": { "Ref": "AWS::AccountId" },
	"SourceArn": {
		"Fn::Join": [
			"",
			[
				"arn:aws:execute-api:",
				{ "Ref": "AWS::Region" },
				":",
				{ "Ref": "AWS::AccountId" },
				":",
				{ "Ref": "ApiGateway" },
				"/*"
			]
		]
	}
}