Skip to content
/ danwadleigh_dev_backend Public

Cloud Resume Challenge: Full-Stack Serverless App Backend (AWS: Lambda, API Gateway, DynamoDB, CloudWatch | Terraform | Python | GitHub Actions)

danwadleigh.dev
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

codecharacter/danwadleigh_dev_backend

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
iac
iac
 
 
lambda
lambda
 
 
resources
resources
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

AWS Cloud DevOps Resume Challenge: Architecture Diagram Completed project: Frontend and Backend. (click image to view full size)

Cloud Resume Challenge: Backend

This is the Backend of the Cloud Resume Challenge project by Forrest Brazeal.

Project Overview

The challenge was to build a full-stack serverless web app in the cloud with a Site Views counter. Integrating the frontend and backend with JavaScript fetch to API Gateway, triggering a Lambda function (Python) to retrieve and update a DynamoDB table. I built my project in AWS and also leveraged Terraform (IaC), GitHub Actions (CI/CD) and Cypress (Testing).

  • Terraform Remote Backend Setup
  • JavaScript to Fetch Counter
  • API triggers Lambda function & return count
  • Lambda function (Python) to retrieve & update Counter
  • DynamoDB Database with Counter
  • CI/CD Pipeline with GitHub Actions
    • Terraform deployment & management
    • Cypress End-to-End Testing

Key Features

  • AWS Cloud Serverless with DevOps & Security practices.
  • Terraform for infrastructure deployment and management.
  • Serverless Frontend-Backend Integration
  • Automation with CI/CD pipeline for reliable updates.
  • End-to-End Testing of Website
  • Monitoring and Alerting notifications

CI/CD Pipeline automation with GitHub Actions

Tech Stack (Full):

  • HTML, CSS, JavaScript HTML CSS JavaScript
  • IAM (User, Policies) IAM
  • S3 Static Website S3
  • Amazon CloudFront CloudFront
  • AWS WAF WAF
  • AWS Certificate Manager ACM
  • Amazon Route 53, KMS Route 53 KMS
  • Amazon API Gateway API Gateway
  • AWS Lambda, Python, boto3 Lambda Python boto3
  • Amazon DynamoDB DynamoDB
  • Amazon CloudWatch, Amazon SNS, AWS ChatBot CloudWatch SNS AWS ChatBot
  • PagerDuty, Slack PagerDuty Slack
  • S3, DynamoDB (Remote BE) S3 DynamoDB
  • Terraform (IaC) Terraform
  • GitHub Actions (CI/CD) CI/CD GitHub Actions
  • Testing (Cypress) Cypress Testing

Project Mods

Completed additional DevOps and Security mods recommended for the CRC project.

  • DevOps
    • Infrastructure-as-Code (IaC): provision & maintain infra with Terrafrom
    • CI/CD: deploy app via GitHub Actions with Cypress tests
    • Monitoring & Alerting: configured CloudWatch Alarms, SNS Topics with PagerDuty & Slack (AWS Chatbot)
    • Testing: implemented Cypress end-to-end testing upon deployment
  • Security
    • DNSSEC: configured site domain name to protect DNS setup from potential spoofing
    • IAM Access Analyzer: configured IAM roles with least privileges required
    • Web Application Firewall (WAF): configured WAF web acl rule with CloudFront for both frontend and backend (API Gateway)
    • tfsec: static analysic security scanning of Terraform code in GitHub Actions workflow

Challenges (Real Learning)

  • ACM: take note of us-east-1 locale
  • IAM: access advisor vs practical GitHub Actions role permissions (apply before push)
  • Remote Backend: create resources > migrate state to S3; s3 config - no vars allowed
  • OIDC: create identity provider > then use with GitHub Actions
  • State: manual terraform state usage (show, list, remove)
  • API Gateway: v1 vs v2 differences; WAF requirements
  • Variables/Outputs: referencing between main and modules
  • SSM Parameter Store: ability to secure key info and share between projects
  • Route 53: DNSSEC - establish chain of trust
  • AWS Module: version consistency across project (pin version)
  • locals: AWS Account ID
  • WAF: CloudFront + API Gateway v2 (HTTP API)
  • Docs: AWS & Terraform - growing ability to research and find solutions

Continuous Improvements

As I continue to learn, I see more opportunities to improve upon the project. At some point you just have to publish and take the learnings into the next project.

  • Tests: add more quality tests
  • Monitoring: add more relevant alarms
  • WAF: observe and adjust the rules to further secure
  • Tagging: add for billing visibility and misc config
  • Performance: CI/CD and application in general
  • Logging: capture as much info as needed to support
  • Misc: code in general - what can be improved upon?

AWS Well-Architected Framework

  • Operational Excellence
    • Automated deployments with CI/CD pipeline, monitoring, and continuous improvements.
  • Security
    • IAM, Certificate Manager (SSL), and S3 bucket policies provide security of access and data.
  • Reliability
    • S3, DynamoDB, and Route 53 ensure app availability and recoverability.
  • Performance Efficiency
    • CloudFront provideds efficent content delivery.
  • Cost Optimization
    • Specific resource (Serverless) provisioning with Terraform minimizes costs.
  • Sustainability
    • Automation and optimizing AWS services reduce impact.

Resource: AWS Well-Architected Framework

Contact Info

Dan Wadleigh: AWS Cloud Engineer (DevOps)

About

Cloud Resume Challenge: Full-Stack Serverless App Backend (AWS: Lambda, API Gateway, DynamoDB, CloudWatch | Terraform | Python | GitHub Actions)

DanWadleigh.dev

Topics

javascript python slack aws lambda api-gateway terraform dynamodb chatbot cloudwatch sns pagerduty infrastructure-as-code parameter-store github-actions cloud-engineer

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages