I hereby claim:
- I am sapessi on github.
- I am sapessi (https://keybase.io/sapessi) on keybase.
- I have a public key whose fingerprint is 0889 9627 A3EA 0264 4B03 34F2 8E50 1AD6 40A6 02B3
To claim this, I am signing this object:
{ | |
#set($queryMap = $input.params().querystring) | |
#foreach( $key in $queryMap.keySet()) | |
"$key" : "$queryMap.get($key)" | |
#if($foreach.hasNext),#end | |
#end | |
} |
# First we update the authorizer to call the right lambda function including the qualifier :xxx at the end of the function ARN | |
aws apigateway update-authorizer --rest-api-id XXXXXXXXX --authorizer-id XXXXX --patch-operations op=replace,path=/authorizerUri,value=arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:XXXXXXXXXXX:function:Authorize2:AliasOrVersion/invocations | |
# Then we give API Gateway permission to invoke the authorizer using resource policies on the Lambda function | |
aws lambda add-permission --function-name Authorize2 --statement-id mystatement12334 --action lambda:InvokeFunction --principal apigateway.amazonaws.com --qualifier AliasOrVersion --source-arn arn:aws:execute-api:us-west-2:XXXXXXXXXXX:XXApiIdXX/authorizers/XXAuthorizerIdXX | |
# You can check the structure of your authorizer with | |
aws apigateway get-authorizer --rest-api-id XXXXXX --authorizer-id XXXX | |
# You can also check the policy against the lambda function with |
@gene_wood Glad you find the import functionality useful! Using the API you can also merge multiple Swagger files in a single API. | |
API Gateway calls Lambda functions using the public invoke endpoint. There are 2 ways to authorize a call to Lambda: | |
1. You can use roles in your account (what was call the invocation role). API Gateway will assume the role in your account and invoke the Lambda function. In this case your role needs to allow invocations in Lambda and have a trust relationship with apigateway.amazonaws.com that allows sts:AssumeRole | |
2. Using resource policies in Lambda, this is why you see the popup in the console. In this case the API Gateway console makes an AddPermission call to Lambda in the background to authorize API Gateway as a caller on your Lambda function (http://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html) | |
when deploying APIs using the Swagger import you can use either method. For the first one, simply specify the invocation role ARN in the credentials field of the x-a |
I hereby claim:
To claim this, I am signing this object:
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "Stmt1476979875000", | |
"Effect": "Allow", | |
"Action": [ | |
"dynamodb:GetItem", | |
"dynamodb:Query", | |
"dynamodb:Scan", |
package com.sapessi.sample.jersey; | |
import com.amazonaws.serverless.proxy.internal.model.AwsProxyRequest; | |
import com.amazonaws.serverless.proxy.internal.model.AwsProxyResponse; | |
import com.amazonaws.serverless.proxy.jersey.JerseyLambdaContainerHandler; | |
import com.amazonaws.services.lambda.runtime.Context; | |
import com.amazonaws.services.lambda.runtime.RequestHandler; | |
import org.glassfish.jersey.jackson.JacksonFeature; | |
import org.glassfish.jersey.server.ResourceConfig; |
You can use CodePipeline and CodeBuild to create a continuous deployment/integration pipeline for serverless applications build on AWS Lambda and Amazon API Gateway. This sample application is written in Go with the Gin framework and uses the eawsy API Gateway proxy shim: https://github.com/eawsy/aws-lambda-go-net
We initially detailed our methodology in this blog post: https://aws.amazon.com/blogs/compute/continuous-deployment-for-serverless-applications/
We have used the shim technology created by eawsy to run Golang applications inside AWS Lambda (https://github.com/eawsy/aws-lambda-go-shim) and created a container that can be used with CodeBuild as part of our original pipeline template.
The container is available on DockerHub and is called sapessi/aws-lambda-go18-codebuild:latest
. To use this container, simply change the Image
property of the CodeBuild project environment.
The pipeline template, sample app, buildspec and SAM files are attached to this gist.
This sample includes a continuous deployment pipiline for websites built with React. We use AWS CodePipeline, CodeBuild, and SAM to deploy the application. To deploy the application to S3 using SAM we use a custom CloudFormation resource.
buildspec.yml
: YAML configuration for CodeBuild, this file should be in the root of your code repositoryconfigure.js
: Script executed in the build step to generate a config.json file for the application, this is used to include values exported by other CloudFormation stacks (separate services of the same application).index.js
: Custom CloudFormation resource that publishes the website to an S3 bucket. As you can see from the buildspec and SAM template, this function is located in a s3-deployment-custom-resource
sub-folder of the repoapp-sam.yaml
: Serverless Application model YAML file. This configures the S3 bucket and the cuHttpApiFunction: | |
Type: AWS::Serverless::Function | |
Properties: | |
CodeUri: ./ | |
Handler: index.handler | |
Runtime: nodejs12.x | |
Events: | |
Basic: | |
Type: HttpApi | |
Properties: |
html { | |
margin: 0; | |
font-family: 'Amazon Ember', 'Calibri'; | |
font-size: 11pt; | |
} | |
body { | |
margin: 0; | |
color: #000; | |
background-color: #fff; |