AWS Serverless Twitter Event Source
This serverless app turns a twitter search query into an AWS Lambda event source by invoking a given lambda function to process tweets found by search. It works by periodically polling the freely available public Twitter Standard Search API and invoking a lambda function you provide to process tweets found.
- The TwitterSearchPoller lambda function is periodically triggered by a CloudWatch Events Rule.
- In stream mode, a DynamoDB table is used to keep track of a checkpoint, which is the latest tweet timestamp found by past searches.
- The poller function calls the Twitter Standard Search API and searches for tweets using the search text provided as an app parameter.
- The TweetProcessor lambda function (provided by the app user) is invoked with any new tweets that were found after the checkpoint timestamp.
- If stream mode is not enabled, the TweetProcessor lambda function will be invoked with all search results found, regardless of whether they had been seen before.
- Note, the TweetProcessor function is invoked asynchronously (Event invocation type). The app does not confirm that the lambda was able to successfully process the tweets. If you're concerned about tweets being lost due to failures in your lambda function, you should configure a DLQ on your lambda function so failed messages will end up on the DLQ automatically. See the AWS Lambda DLQ documentation for more information.
- Create an AWS account if you do not already have one and login
- Go to the app's page on the Serverless Application Repository and click "Deploy"
- Provide the required app parameters (see below for steps to create Twitter API parameters, e.g., Consumer Key)
Twitter API Key Parameters
The app requires the following Twitter API parameters: Consumer Key (API Key), Consumer Secret (API Secret), Access Token, and Access Token Secret. The following steps walk you through registering the app with your Twitter account to create these values.
- Create a Twitter account if you do not already have one
- Register a new application with your Twitter account:
- Go to http://twitter.com/oauth_clients/new
- Click "Create New App"
- Under Name, enter something descriptive, e.g.,
- Enter a description
- Under Website, you can enter
- Leave Callback URL blank
- Read and agree to the Twitter Developer Agreement
- Click "Create your Twitter application"
- (Optional, but recommended) Restrict the application permissions to read only
- From the detail page of your Twitter application, click the "Permissions" tab
- Under the "Access" section, make sure "Read only" is selected and click the "Update Settings" button
- Generate an access token:
- From the detail page of your Twitter application, click the "Keys and Access Tokens" tab
- On this tab, you will already see the Consumer Key (API Key) and Consumer Secret (API Secret) values required by the app.
- Scroll down to the Access Token section and click "Create my access token"
- You will now have the Access Token and Access Token Secret values required by the app.
Encrypting Twitter API Key Parameters
Once you've created your Twitter API keys, you can copy them as plain text into the
PlaintextAccessTokenSecret parameters of the serverless application. However, it is highly recommended that you do NOT pass these values in plain text and instead encrypt them using an AWS Key Management Service (KMS) key. Once encrypted, you put the encrypted values into the
EncryptedAccessTokenSecret parameters and provide the
DecryptionKeyName parameter as well. The reason the Plaintext fields are provided at all is so this app can be used in regions that do not support AWS KMS.
The following subsections walk you through how to create a KMS key using the AWS console and encrypt your Twitter API Keys using the AWS CLI.
Create a new KMS Key
- Login to the AWS IAM console.
- Click the "Encryption keys" menu item.
- (Important) Just below the "Create key" button, there will be a Region selected. Change this to be the same region that you will deploy your app to.
- Click "Create key".
- Enter an alias, e.g., "twitter-api" and click "Next Step".
- Click "Next Step" again to skip the add tags step.
- Select a role that is allowed to administer the key, e.g., delete it, and click "Next Step".
- Select a role that is allowed to use the key, e.g., encrypt with it, and click "Next Step".
- Preview the key policy and then click "Finish".
- Click on your newly created key and copy its full ARN value.
Encrypt Twitter API parameters with the AWS CLI
- Install the AWS CLI.
- Encrypt all 4 of your Twitter API keys by running this command for each key:
aws kms encrypt --key-id <key ARN> --plaintext '<Twitter API key>'
- The result JSON for each call will contain a field called
CiphertextBlob. That string value (without the double-quotes) is what should be provided into the corresponding encrypted Twitter API key parameter of the serverless app.
In addition to the Twitter API key parameters, the app also requires the following additional parameters:
SearchText(required) - This is the non-URL-encoded search text the app will use when polling the Twitter Standard Search API. See the Search Tweets help page to understand the available features. The Twitter Search page is a good place to manually test different searches, although note the standard search API generally returns different results, because it only indexes a sampling of tweets.
TweetProcessorFunctionName(required) - This is the name (not ARN) of the lambda function that will process tweets generated by the app.
DecryptionKeyName(required if providing encrypted Twitter API keys) - This is the KMS key name of the key used to encrypt the Twitter API parameters. Note, this must be just the key name (UUID that comes after
key/in the key ARN), not the full key ARN. It's assumed the key was created in the same account and region as the app deployment.
PollingFrequencyInMinutes(optional) - The frequency at which the lambda will poll the Twitter Search API (in minutes). Default: 1.
BatchSize(optional) - The max number of tweets that will be sent to the TweetProcessor lambda function in a single invocation. Default: 15.
StreamModeEnabled(optional) - If true, the app will save the latest timestamp of the previous tweets found and only invoke the tweet processor function for newer tweets. If false, the app will be stateless and invoke the tweet processor function with all tweets found in each polling cycle. Default: false.
This sample code is made available under a modified MIT license. See the LICENSE file.