AWS Secure Websocket

Secured web socket deployed on AWS infrastructure using the serverless framework.

This repository serves as an example for this medium article. Please, invest a few minutes reading it in case you need further detail.

All services have been implemented using NodeJS.

Serverless service user policies

serverless documentation recommends creating a service user with restricted permissions in order to avoid security issues; for example, user leaking and having admin rights could be devastating for your AWS bill.

However, the policies provided on the official example do not provide access to AWS Cognito. In order to use proper permissions, check the sls-policies.json file within this repository.

Infrastructure

The required AWS infrastructure is as follows:

• Lambda: used to host our services.
• API Gateway: used to expose our services to the outer world. Also provides authentication using AWS Cognito generated JWT tokens.
• API WebSocket: used to expose our services as near realtime connections, allowing bi directional communication. It also helps us secure our connections using AWS Cognito generated JWT tokens.
• DynamoDB: used to track active web socket connections and what they're subscribed to.
• Cognito: user pool which allows us create and validate user credentials.

Deploying it

First of all, you need an AWS account. Then it is mandatory to configure serverless locally with your credentials.

Once you've set your environment up, you can deploy the entire stack using the following command:

serverless deploy -v

In case you want to deploy an specific lambda, you can use this other command:

serverless deploy function -f <functionName> -v

You can also remove all the allocated resources by executing this command:

serverless remove -v