Build a Serverless API in AWS with Infrastructureas
Build a “Serverless” API in AWS with Infrastructure-as. Code and Direct Connect; A Walkthrough November 6 th, 2019 David Reno Principal Architect Twitter: @dcreno Linked. In: davidreno
AWS Block Diagram Amazon Simple Storage Service (S 3) Client Amazon Dynamo. DB AWS Lambda Code Requests Amazon Cloud. Watch AWS Identity and Access Management (IAM) Quick Requests Long Requests Forwarded requests Amazon VPC Long Requests Amazon API Gateway Amazon Simple Queue Service
DEMO
Resource-based policies are attached to a resource.
/* * A queue to store job requests that will take a long time to complete. */ resource "aws_sqs_queue" "example_queue" { name = local. sqs_queue_name fifo_queue = true content_based_deduplication = true /* * create a resource-based permission to allow the API to put messages * and the lambda process to remove them. */ policy = templatefile("${path. module}/policies/sqs_queue. json. tmpl", { region="${data. aws_region. current. name}", account = "${data. aws_caller_identity. current. account_id}", apigw_role="${var. apigw_role}", lambda_role="${var. lambda_role}", sqs_queue=local. sqs_queue_name }) tags = local. tags }
{ "Version": "2012 -10 -17", "Id": "app. Permissions", "Statement": [ { "Sid": "apigw. Permission", "Effect": "Allow", "Principal": { "AWS": "arn: aws: iam: : ${account}: role/${apigw_role}" }, "Action": "SQS: Send. Message", "Resource": "arn: aws: sqs: ${region}: ${account}: ${sqs_queue}" }, { "Sid": "lambda. Permission", "Effect": "Allow", "Principal": { "AWS": "arn: aws: iam: : ${account}: role/${lambda_role}" }, "Action": [ "SQS: Delete. Message", "SQS: Receive. Message" ], "Resource": "arn: aws: sqs: ${region}: ${account}: ${sqs_queue}" }]}
{ "$schema": "http: //json-schema. org/draft-07/schema#", "title": "Request", "type": "object", "required": ["host-list"], "any. Of": [ {"required": ["update" ]}, {"required": ["harden"]}, {"required": ["standard"]}], "properties": { "host-list": { "type": "array", "min. Items": 1, "items": {"$ref": "#/definitions/host"}}, "harden": {"type": "boolean"}, "standard": {"type": "boolean"}, "update": {"type": "boolean"}, }, <snip> "additional. Properties": false, "definitions": { "host": { "type": "object", "required": [ "fqdn" ], "properties": {"fqdn": {"type": "string" } }} } }
Action=Send. Message## &Message. Body=$util. url. Encode($input. body)## &Message. Group. Id=1##
{ "Request. Items": { "mystatus-${user}": { "Keys": [ #foreach($a in $input. params('hosts'). split(", ")) {"host": {"S": "$a"}}#if($foreach. has. Next), #end ]}}}
#set($input. Root = $input. path('$')) { #foreach($elem in $input. Root. Responses. mystatus-${user}) "$elem. host. S": "$elem. status. S"#if($foreach. has. Next), #end }
AWS Private. Link + Amazon API Gateway -H "x-apigw-api-id: ${API_ID}" or https: //${API_ID}-${VPCE_ID}. execute-api. ${REGION}. amazonaws. com
AWS Block Diagram Amazon Simple Storage Service (S 3) Client Amazon Dynamo. DB AWS Lambda Code Requests Amazon Cloud. Watch AWS Identity and Access Management (IAM) Quick Requests Long Requests Forwarded requests Amazon VPC Long Requests Amazon API Gateway Amazon Simple Queue Service Twitter: @dcreno Linked. In: davidreno https: //github. com/Comcast. Samples/2019 -Serverless-Computing-London-Demo-Code
- Slides: 22