This simple project follows modern gitops/devops architectural design principles for automated (controlled) Cloud ifrastructure build, deploy, test, code check-in. The project is designed to be used in staged environments (Dev, Staging, Prod (Master) and adopts a Cloud serverless-design pattern.
When run and fully deployed via automation, this project's workflow automatically makes a single authenticated call to a custom HTTPS API endpoint residing on AWS which returns a single "hello" output to the caller. The output of the automated API test report via Newman/Postman is automatically added as a file artifact on the workflow run summary within Github Actions.
Given the authenticated nature of this API, the developer/tester should use applications such as Postman for any manual testing required due to the nature of the "awsv4" secure call method.
- Github (Code Repo/Secrets Management/Actions Workflow Engine)
- Terraform (IAC - controlled Cloud infrastructure build/update via full Cloud-based state management)
- AWS (Lambda/API Gateway (HTTP-based)/S3/Cloudwatch/IAM)
- Python (Sample API code)
- Postman/Newman (For automated API testing)
- Nodejs/NPM
- Clone this project from Github to your local dev environment (laptop etc)
- Change Terraform control files (backend, root variables to indicate AWS region, environment, S3 bucket name, Lambda runtime memory etc)
- Ensure your AWS IAM user being used for this IAC creation and automation has sufficient rights to create and run resources
- Commit/push any changes back to Github
- Check the required workflow runs successfully within Github Actions
Github Secrets Setup:
AWS Lambda fully deployed:
AWS HTTP API Gateways fully deployed:
AWS Cloudwatch monitoring groups fully deployed:
AWS Terraform remote state management fully deployed:
- Secrets Management - ensure the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and REGION secrets from IAM are set up in the Workflow Repository secrets section
Do not use this code without any kind of Branch Protection enabled!
At the very least you should Require proper status checks before branch merging enabled and set to "Strict" such that the "Require branches to be up to date before merging" checkbox is checked.
- IAM - ensure your IAM user has sufficient rights to perform Lambda/API Gateway/IAM policy/Cloudwatch log group creation and use
- S3 - Prior to running this project for the first time, create an S3 bucket with private access and versioning enabled for Terraform state management
- Automated API code deployment/testing via workflow based on S3 bucket API code update
- Automated API user create/use during flow/testing
- Look at using a tool such as Checkov to do static code analysis of the Terraform code
- Use JWT Tokens (Cognito/Oauth2 provider) for authentication