Skip to content

Instantly share code, notes, and snippets.

Stefano Buliani sapessi

Block or report user

Report or block sapessi

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
sapessi /
Last active Aug 2, 2019
Continuous deployment of React websites to Amazon S3

Continuous deployment of React websites to Amazon S3

This sample includes a continuous deployment pipiline for websites built with React. We use AWS CodePipeline, CodeBuild, and SAM to deploy the application. To deploy the application to S3 using SAM we use a custom CloudFormation resource.

Files included

  • buildspec.yml: YAML configuration for CodeBuild, this file should be in the root of your code repository
  • configure.js: Script executed in the build step to generate a config.json file for the application, this is used to include values exported by other CloudFormation stacks (separate services of the same application).
  • index.js: Custom CloudFormation resource that publishes the website to an S3 bucket. As you can see from the buildspec and SAM template, this function is located in a s3-deployment-custom-resource sub-folder of the repo
  • app-sam.yaml: Serverless Application model YAML file. This configures the S3 bucket and the cu
sapessi /
Last active Dec 10, 2018
continuous deployment of Golang Gin application in AWS Lambda and Amazon API Gateway with CodePipeline/CodeBuild

You can use CodePipeline and CodeBuild to create a continuous deployment/integration pipeline for serverless applications build on AWS Lambda and Amazon API Gateway. This sample application is written in Go with the Gin framework and uses the eawsy API Gateway proxy shim:

We initially detailed our methodology in this blog post:

We have used the shim technology created by eawsy to run Golang applications inside AWS Lambda ( and created a container that can be used with CodeBuild as part of our original pipeline template.

The container is available on DockerHub and is called sapessi/aws-lambda-go18-codebuild:latest. To use this container, simply change the Image property of the CodeBuild project environment.

The pipeline template, sample app, buildspec and SAM files are attached to this gist.

sapessi /
Created Dec 14, 2016
aws-serverless-java-container-jersey sample
package com.sapessi.sample.jersey;
import com.amazonaws.serverless.proxy.internal.model.AwsProxyRequest;
import com.amazonaws.serverless.proxy.internal.model.AwsProxyResponse;
import com.amazonaws.serverless.proxy.jersey.JerseyLambdaContainerHandler;
import org.glassfish.jersey.jackson.JacksonFeature;
import org.glassfish.jersey.server.ResourceConfig;
sapessi / access-policy.json
Created Oct 24, 2016
Policy for serverless bbq lab
View access-policy.json
"Version": "2012-10-17",
"Statement": [
"Sid": "Stmt1476979875000",
"Effect": "Allow",
"Action": [

Keybase proof

I hereby claim:

  • I am sapessi on github.
  • I am sapessi ( on keybase.
  • I have a public key whose fingerprint is 0889 9627 A3EA 0264 4B03 34F2 8E50 1AD6 40A6 02B3

To claim this, I am signing this object:

View API Gateway and Lambda permissions
@gene_wood Glad you find the import functionality useful! Using the API you can also merge multiple Swagger files in a single API.
API Gateway calls Lambda functions using the public invoke endpoint. There are 2 ways to authorize a call to Lambda:
1. You can use roles in your account (what was call the invocation role). API Gateway will assume the role in your account and invoke the Lambda function. In this case your role needs to allow invocations in Lambda and have a trust relationship with that allows sts:AssumeRole
2. Using resource policies in Lambda, this is why you see the popup in the console. In this case the API Gateway console makes an AddPermission call to Lambda in the background to authorize API Gateway as a caller on your Lambda function (
when deploying APIs using the Swagger import you can use either method. For the first one, simply specify the invocation role ARN in the credentials field of the x-a
sapessi / gist:11a87ed83954461d5e43
Created Feb 18, 2016
Specify an API Gateway authorizer using a Lambda qualifier
View gist:11a87ed83954461d5e43
# First we update the authorizer to call the right lambda function including the qualifier :xxx at the end of the function ARN
aws apigateway update-authorizer --rest-api-id XXXXXXXXX --authorizer-id XXXXX --patch-operations op=replace,path=/authorizerUri,value=arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:XXXXXXXXXXX:function:Authorize2:AliasOrVersion/invocations
# Then we give API Gateway permission to invoke the authorizer using resource policies on the Lambda function
aws lambda add-permission --function-name Authorize2 --statement-id mystatement12334 --action lambda:InvokeFunction --principal --qualifier AliasOrVersion --source-arn arn:aws:execute-api:us-west-2:XXXXXXXXXXX:XXApiIdXX/authorizers/XXAuthorizerIdXX
# You can check the structure of your authorizer with
aws apigateway get-authorizer --rest-api-id XXXXXX --authorizer-id XXXX
# You can also check the policy against the lambda function with
sapessi / gist:9e62fb9e1a2b325c2d6d
Created Jan 7, 2016
Retrieve query string parameters in API Gateway and create an object for AWS Lambda
View gist:9e62fb9e1a2b325c2d6d
#set($queryMap = $input.params().querystring)
#foreach( $key in $queryMap.keySet())
"$key" : "$queryMap.get($key)"
You can’t perform that action at this time.