A simple example showing how to run a django[1] app in AWS lambda using up[2].
$ up
cat ~/.aws/credentials
[apex-up-profile]
aws_access_key_id = someKeyId
aws_secret_access_key = someAccessKey
region = someAWSregion
virtualenv .venv
source .venv/bin/activate
pip install -r dev_requirements.txt
python app.py runserver 0.0.0.0:9090
docker ps -aq | xargs docker stop; docker run -it -p 0.0.0.0:5672:5672 rabbitmq:3.5.7-management
autopep8 --experimental --in-place -r -aaaaaa .
flake8 .
to test out the app;
curl -X POST -H "Content-Type: application/json" \
"http://localhost:9090/someurl"
up requires a policy to access various resources.
Also the user you created for the up profile will require policy access to dynamoDB.
Those two policies can be combined into:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"logs:Describe*",
"iam:CreateRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"cloudformation:Delete*",
"cloudformation:Update*",
"cloudfront:*",
"iam:PassRole",
"route53domains:*",
"lambda:Create*",
"iam:DeleteRolePolicy",
"logs:Test*",
"logs:FilterLogEvents",
"cloudformation:ExecuteChangeSet",
"sns:*",
"iam:GetRole",
"cloudformation:Create*",
"lambda:InvokeFunction",
"lambda:List*",
"s3:*",
"lambda:Update*",
"lambda:Delete*",
"iam:DeleteRole",
"lambda:Get*",
"cloudformation:Describe*",
"iam:CreatePolicy",
"logs:Put*",
"lambda:AddPermission",
"logs:Create*",
"cloudwatch:*",
"ssm:*",
"route53:*",
"lambda:RemovePermission",
"acm:*",
"dynamodb:*"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "apigateway:*",
"Resource": "arn:aws:apigateway:*::/*"
}
]
}Tweak that policy to be as restrictive as you want without degrading performance. It is only intended as a guide.
Postman collection: https://www.getpostman.com/collections/b97cc0bc9cd927bdd011