sapessi

html {
    margin: 0;
    font-family: 'Amazon Ember', 'Calibri';
    font-size: 11pt;
}

body {
    margin: 0;
    color: #000;
    background-color: #fff;

sapessi

HttpApiFunction: 
  Type: AWS::Serverless::Function
  Properties:
    CodeUri: ./
    Handler: index.handler
    Runtime: nodejs12.x
    Events:
      Basic:
        Type: HttpApi
        Properties:

sapessi

Continuous deployment of React websites to Amazon S3

This sample includes a continuous deployment pipiline for websites built with React. We use AWS CodePipeline, CodeBuild, and SAM to deploy the application. To deploy the application to S3 using SAM we use a custom CloudFormation resource.

Files included

• buildspec.yml: YAML configuration for CodeBuild, this file should be in the root of your code repository
• configure.js: Script executed in the build step to generate a config.json file for the application, this is used to include values exported by other CloudFormation stacks (separate services of the same application).
• index.js: Custom CloudFormation resource that publishes the website to an S3 bucket. As you can see from the buildspec and SAM template, this function is located in a s3-deployment-custom-resource sub-folder of the repo
• app-sam.yaml: Serverless Application model YAML file. This configures the S3 bucket and the cu

sapessi

You can use CodePipeline and CodeBuild to create a continuous deployment/integration pipeline for serverless applications build on AWS Lambda and Amazon API Gateway. This sample application is written in Go with the Gin framework and uses the eawsy API Gateway proxy shim: https://github.com/eawsy/aws-lambda-go-net

We initially detailed our methodology in this blog post: https://aws.amazon.com/blogs/compute/continuous-deployment-for-serverless-applications/

We have used the shim technology created by eawsy to run Golang applications inside AWS Lambda (https://github.com/eawsy/aws-lambda-go-shim) and created a container that can be used with CodeBuild as part of our original pipeline template.

The container is available on DockerHub and is called sapessi/aws-lambda-go18-codebuild:latest. To use this container, simply change the Image property of the CodeBuild project environment.

The pipeline template, sample app, buildspec and SAM files are attached to this gist.

sapessi

package com.sapessi.sample.jersey;

import com.amazonaws.serverless.proxy.internal.model.AwsProxyRequest;
import com.amazonaws.serverless.proxy.internal.model.AwsProxyResponse;
import com.amazonaws.serverless.proxy.jersey.JerseyLambdaContainerHandler;
import com.amazonaws.services.lambda.runtime.Context;
import com.amazonaws.services.lambda.runtime.RequestHandler;
import org.glassfish.jersey.jackson.JacksonFeature;
import org.glassfish.jersey.server.ResourceConfig;

sapessi

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1476979875000",
            "Effect": "Allow",
            "Action": [
                "dynamodb:GetItem",
                "dynamodb:Query",
                "dynamodb:Scan",

sapessi

Keybase proof

I hereby claim:

• I am sapessi on github.
• I am sapessi (https://keybase.io/sapessi) on keybase.
• I have a public key whose fingerprint is 0889 9627 A3EA 0264 4B03 34F2 8E50 1AD6 40A6 02B3

To claim this, I am signing this object:

sapessi

@gene_wood Glad you find the import functionality useful! Using the API you can also merge multiple Swagger files in a single API.

API Gateway calls Lambda functions using the public invoke endpoint. There are 2 ways to authorize a call to Lambda:
1. You can use roles in your account (what was call the invocation role). API Gateway will assume the role in your account and invoke the Lambda function. In this case your role needs to allow invocations in Lambda and have a trust relationship with apigateway.amazonaws.com that allows sts:AssumeRole
2. Using resource policies in Lambda, this is why you see the popup in the console. In this case the API Gateway console makes an AddPermission call to Lambda in the background to authorize API Gateway as a caller on your Lambda function (http://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html)

when deploying APIs using the Swagger import you can use either method. For the first one, simply specify the invocation role ARN in the credentials field of the x-a

sapessi

# First we update the authorizer to call the right lambda function including the qualifier :xxx at the end of the function ARN
aws apigateway update-authorizer --rest-api-id XXXXXXXXX --authorizer-id XXXXX --patch-operations op=replace,path=/authorizerUri,value=arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:XXXXXXXXXXX:function:Authorize2:AliasOrVersion/invocations

# Then we give API Gateway permission to invoke the authorizer using resource policies on the Lambda function
aws lambda add-permission --function-name Authorize2 --statement-id mystatement12334 --action lambda:InvokeFunction --principal apigateway.amazonaws.com --qualifier AliasOrVersion --source-arn arn:aws:execute-api:us-west-2:XXXXXXXXXXX:XXApiIdXX/authorizers/XXAuthorizerIdXX

# You can check the structure of your authorizer with
aws apigateway get-authorizer --rest-api-id XXXXXX --authorizer-id XXXX

# You can also check the policy against the lambda function with

sapessi

{
#set($queryMap = $input.params().querystring)

#foreach( $key in $queryMap.keySet())
  "$key" : "$queryMap.get($key)"
  #if($foreach.hasNext),#end
#end
}