[Studies][AWS] SAM Rest API and CI/CD

This project represents hands on study, based on the course 'AWS Serverless REST APIs for Java Developers. CI/CD included.

Summary

Hands-on using AWS servless services

The main goal of this project is to get some hands on experience on AWS.

• sam-rest-api-hands-on
  • Simple app to pratice the AWS Serverless Application Model (SAM) concepts.
• sam-user-api-cognito
  • REST API integrated with Cognito.
  • User can perform actions like:
    • sign up
    • confirm
    • login
    • add user to group
• sam-lambda-authorizer
  • SAM app to deploy an Lambda Authorizer that can be used on AWS API Gateway

What I've learned

Amazon API Gateway

• Create an API
  • Resources and methods
  • mock responses
  • path parameters
    • to read on mapping: $input.params('{paramName}')
  • query strings parameters
    • to read on mapping: $input.params('{paramName}')
• Deploy using Stages
• Documenting API
  • publishing documentation
  • versioning documentation
• Exporting API
  • Swagger
  • OpenAPI
  • Postman
• Validate http request
  • headers
    • by checking 'required' or not
  • parameters
    • by checking 'required' or not
  • body
    • by using models/schemas
• Models
  • attach models to methods executions
• Data Transformations

AWS Lambda

• understanding
  • cold start
  • warm start
• pricing based on:
  • number of request
  • duration
  • GB-S
    • GB: amount of memory allocated to the funciton
    • S: seconds - execution time
• Create Lambda functions
  • using Java 11+
  • maven dependencies
    • aws-lambda-java-core
    • aws-lambda-java-events
  • maven plugin
    • shade: for uber/fat jar
  • upload jar file to a lambda function
  • Version
  • Alias
• Assign lambda function to an API Gateway Method
• working with Environment variables

AWS SAM (Serverless Application Model)

• Install AWS SAM CLI and AWS CLI
  • Config AWS SAM CLI on gitbash windows:

    vim ~/.bashrc
    alias sam='sam.cmd' 
      or 
    alias sam="/c/Program\ Files/Amazon/AWSSAMCLI/bin/sam.cmd"`
    

• Configure AWS credentials
  • by using aws configure
• create new project using SAM

  sam init 
  

  on windows: if there's issues on init, run this on powershell (as admin)

  New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem" -Name "LongPathsEnabled" -Value 1 -PropertyType DWORD -Force

• build

  sam build 
  

• test it locally using Docker

    sam local invoke {FunctioName} --event {folder/file.json} 
    E.g.:
    sam local invoke TestFunciton --event events/event.json    
  

• debug locally

    sam local invoke *{FunctioName}* --event {folder/file.json} -d {debugPort}
    E.g.:
    sam local invoke TestFunciton --event events/event.json -d 5858
  

• deploy to AWS

  sam deploy --guided
  or, after preferences saved to a .toml file
  sam deploy --config-file {.toml file path}
  

• View logs

  sam logs --name {FunctioName} --stack-name {CloudFormationStackName}
  tailing:
  sam logs --name {FunctioName} --stack-name {CloudFormationStackName} --tail
  

• Delete AWS SAM application

  sam delete {CloudFormationStackName}
  

Amazon Cognito

• Create and configure 'user pools'
• Use User Pool in SAM application
  • aws sdk cognito identity
  • aws sdk cognito identity provider
  • aws sdk apache-client
• Groups

AWS KMS

• encrypt value using aws cli and kms

aws kms encrypt --key-id {kms-key-id} --plaintext fileb://{file-path}

output:
{
  "CiphertextBlob": "{encrypted-value}",
  "KeyId": "arn:aws:kms:us-east-1:123456:key/{kms-key-id}",
  "EncryptionAlgorithm": "SYMMETRIC_DEFAULT"
}

AWS Lambda Authorizer

• JWT

API keys and Usage plans

• create an api key
• config the usage plan
• config api gateway to use api key

AWS Code Commit

• create a repository
• create an user credentials to perform commits/push to repos
  • go to IAM and create an user
    • check 'Access key - programmatic access' since we're just using it to code commit
    • grant permission do CodeCommit. e.g. AwsCodeCommitPowerUser
  • go to the user created, on the tab 'Security credentials'
    • Find the section 'HTTPS Git credentials for aws CodeCommit' and click on 'Generate credentials'
      • save username/password

AWS Code Build

• create an s3 bucket to store files created during the build process
• create a buildspec file
  • file that contains instructions to build the project
• create a CodeBuild project to use CodeCommit as source provider
  • select the repo and the branch
  • config buildspec location (if it's not in the root folder)
  • config artifact to
    • Type 'AmazonS3'
    • select the bucket created previously
    • Artifacts packing to 'Zip'

AWS CodePipeline

• Create a pipeline
  • on source stage
    • select AWS CodeCommit as source provider
      • select the repo and the branch
  • on build stage
    • select a code build project
  • on deploy stage
    • select CloudFormation and provide the StackName
  • add custom action on deploy stage to execute change set