jtsaito

AWS API Gateway allows developers to put a uniform API between your services and clients. A servcie could for instance be your custom app or just an AWS Labmda.

The official walkthrough for making Lambda calls from the AWS Gateway works out of the box. It describes how to make a GET and a POST request and map them to self-defined Lambdas.

When I was testing the walkthrough the example was only slightly outdated as follows. When making stages (something akin to Rails environements for the API Gateway), methods must be registered in a sperate effort as follows.

(1) In the dashboard, select your API.

jtsaito

AWS API Gateway allows developers to put a uniform API between your services and clients. A servcie could for instance be your custom app or just an AWS Labmda.

The official walkthrough for making Lambda calls from the AWS Gateway works out of the box. It describes how to make a GET and a POST request and map them to self-defined Lambdas.

When I was testing the walkthrough the example was only slightly outdated as follows. When making stages (something akin to Rails environements for the API Gateway), methods must be registered in a sperate effort as follows.

(1) In the dashboard, select your API.

jtsaito

Prerequisites

1. Created a dynamo db table. We use "travis-ci-deloy-test" with number key "created_at".
2. Setup aws cli command line tool.
3. Stored an item with with number key and attribute (in this example, foo: "finger_print").
4. Set credentials for the table for aws client config (e.g. by setting values in ~/.aws/credentials).

Querying items

First, prepare the query key in a file query_key.json describing the key as json.

jtsaito

Prerequisites

1. Created a dynamo db table. We use "travis-ci-example-with-filter" with a composite primary key (string partition key "id", integer range key "created_at").
2. Made aws-sdk gem available.

Prepare AWS Dynamo DB client and database name

require 'aws-sdk'

Aws.config.update({

jtsaito

This code example briefly describes how to store data to and retrieve data from DynamoDB using two AWS Lambdas. In this example we assume a DynamoDB tale test-can-learn with String key user_uuid in region eu-west-1. As a bonus, we show how to make the read access available as RESTful resource with AWS' API Gateway.

1. Setup Lambdas

Skip Lambda templates and craete the Lambdas custom. Then assign the Basic with DynamoDB role to the Lambda.

2. Lambda writing to DynamoDB

var AWS = require('aws-sdk');
var dynamodb = new AWS.DynamoDB({
  region: 'eu-west-1'

jtsaito

The AWS API Gateway supports signed requests as follows. The API Gateway client can use IAM credentials to sign a request in two steps:

1. The original request headers and body are signed using the SDK supplied by AWS and the credentials
2. The signature sets the X-Amz-SignedHeaders header

In practice, there are two ways for signing from a Ruby client using the AWS SDK: (1) signing with a Faraday plugin, (2) creating a Specific Gateway client using the Seahorse API declaration.

Here is a code snippet for the more quick and dirty Faraday solution.

jtsaito

Day 1

• So there is pyenv. It seems to be the same as rbenv. Noone seems to be using it.
• There is nothing like bundler. I'm going with pip install -r requirements.txt. This is like a mixture of a Gemfile and a Gemfile.lock but the actual libraries seem to be is stored globally. I am disappointed.
• Testing. The standard choice here seems to be either pytest or the built in unit test. Neither of them seems to be BDD. Since Python does not have Ruby's blocks for writing DSLs everything looks really ugly compared to RSpec.

Day 2

• Ruby: array.length vs Python len(list). Why do I have to call a globally defined function? Because the OO is done well?
• In Ruby I can use inject with a block. Again, there are some functions in Python for filter, map and reduce. The reduce function was moved out of the standard library and into the functools library. Here is an example inject Ruby vs Python:

array.inject(0) { |result, element| result * element }

jtsaito

AWS Lambda allows uploading from S3. The S3 object can be specified in the console. There is bug when the Lambda and the S3 bug are both in AWS region eu-central-1.

The S3 console gives the following resource url: https://s3.eu-central-1.amazonaws.com/xzy/lambda_function.zip. Inputing the url raises an error by the Lambda GUI.

The usual S3 endpoint domain is s3-{region-name}.amazonaws.com (documentation). The problem is that eu-central-1 region is deviating from this scheme, allowing s3.eu-central-1.amazonaws.com (note the dot)). This endpoint is given in by the console. Copy-and-pasting it reveals the incorrect validation in the Lambda GUI.

jtsaito

Setting up a Docker Registry with Let's Encrypt TLS support

This gist describes how to set up a private Docker Registry on an AWS EC2 instance and how to secure it with TLS using a certificate by Let's Encrypt.

A Docker registry is a server side application that stores and lets you distribute Docker images. It runs in an own Docker container and the image is freely available. Let's Encrypt is a Certificate Authority that gives away TLS certificates for free.

0. Prerequisites

We require the following three items to be set up correctly before we start.

jtsaito

On terraform planning to update the (we removed some json content and marked it <REMOVED>:

Path: terraform.tfplan
~ aws_opsworks_rails_app_layer.bookshelf-app
    custom_json: "<REMOVED>"

~ aws_inspector_assessment_target.inspector
    resource_group_arn: "arn:aws:inspector:eu-west-1:390571511014:resourcegroup/0-PQ6fNHHt" => "${aws_inspector_resource_group.inspector.arn}"