Build lambda gateway

[barlock]

Overview

As a user I want to access a fast website with a nice domain

Reference

• AWS SAM

Assumptions

• Koa server deployed via AWS Lambda
• Use SAM for deployments

Acceptance

• Publicly accessible gateway
• Maps via architecture in v1 Architecture #1

Tasks

• Build and test server function
• Stand up prod instance

[barlock]

Notes

• SSL is going to be hard. ACM only supports certs one level deep *.eth.soy so all nested subdomains will be http only.
  • Custom domain names are even harder. Need install cert on the server somehow... encrypt with public key and store on blockchain?
  • It could be possible to do something fancy with let's encrypt on first request to install a cert
• Lambda is super slow not even counting warmup. To get the lambda running with certs behind it for a wildcard, you need to put it behind of a cloud front distribution. The cloudfront distribution doesn't forward the host...
  • Possible to hack around this with lambda@edge
• Using just lambda at edge seems to work pretty quick all around, likely 3X more expensive to run.
• Distributions w/lambdas (edge) seem more finikey than simply updating a fn. Logs vanish, hard to run locally

Thoughts
It's likely possible to do let's encrypt stuff with a lambda so I don't need to jump for a k8s cluster just yet.

• I should check the performance of edge vs regular lambda + cloudfront with regular lambda being preferable for logs.
• Edge lambda makes the most 'sense' as I'll need one anyway to forward hosts, but simplicity here with logs and debugging would be better with a regular one and a forwarder,
• if using regular + edge to forward host, I must add x-forwarded-host as a cache key <-- check to see how easy this is or just use edge lambda

Cloudformation is a PITA with distributions as it waits for full deployment which can take a while. Also, not sure how to fix a rolled back stack without deploying a new one? I think Terraform doesn't wait? I need to see about setting it up.

Debugging lambda@edge