AWS

Amazon Web Services

User credentials

• https://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html

• https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html

• https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Instead of sharing the credentials of the AWS account root user, create individual IAM users, granting each user only the permissions they require.

Follow the best practice of using the root user only to create your first IAM user.

There are two types of credentials:

• Root user credentials, allow full access to all resources in the AWS account.
• IAM credentials, control access to AWS services and resources for users in your AWS account

Serverless blog web application architecture

• https://github.com/aws-samples/lambda-refarch-webapp

• https://s3.amazonaws.com/aws-lambda-serverless-web-refarch/RefArch_BlogApp_Serverless.png

  • Amazon Route 53 (routes to specific places based on region)

  • Amazon CloudFront (deliver static content per region hosted inside S3)

  • Amazon Simple Storage Service (S3)
  • Amazon Cognito (Authentication and authorization)
  • Amazon API Gateway (routes requests to backend logic)
  • AWS Lambda (backend business logic)
  • AWS DynamoDB (managed DB)
  • AWS Identity and Access Management (IAM) - web service to control access to AWS resources

Localstack in Debian

• https://github.com/localstack/localstack

• sudo apt install python3-pip
• sudo apt install python-pip
• pip3 install localstack
• pip install localstack
• .local/bin/localstack start
• docker run --rm -it -p 4566:4566 -p 4571:4571 localstack/localstack

• curl http://localhost:4566/health

• pip3 install awscli
• pip3 install awscli-local
• .local/bin/awslocal kinesis list-streams
• .local/bin/awslocal s3api list-buckets

• PATH=$PATH:/usr/sbin:~/.local/bin in ~/.bashrc

• docker exec -it silly_greider bash
• awslocal s3api list-buckets
• awslocal s3api create-bucket --bucket my-bucket --region us-east-1

• https://docs.aws.amazon.com/cli/latest/reference/s3api/

• echo "test" > test.txt

• awslocal s3api put-object --bucket my-bucket --key dir-1/test.txt --body test.txt
• awslocal s3api get-object --bucket my-bucket --key dir-1/test.txt test2.txt
• cat test2.txt

Localstack - lambda and s3

run.sh

   1 zip py-my-function.zip lambda_function.py
   2 awslocal lambda delete-function --function-name py-my-function
   3 awslocal lambda create-function --function-name py-my-function --zip-file fileb://py-my-function.zip --handler lambda_function.lambda_handler  --runtime python3.9 --role arn:aws:iam::000000000000:role/lambda-ex
   4 awslocal lambda invoke --function-name py-my-function --payload '{ "first_name": "Bob","last_name":"Squarepants" }' response.json 
   5 cat response.json

lambda_function.py

   1 import boto3
   2 import os
   3 
   4 def lambda_handler(event, context):
   5     message = 'Hello {} {}!'.format(event['first_name'], event['last_name'])
   6     session = boto3.session.Session()
   7 
   8     s3_client = session.client(
   9         service_name='s3',
  10         aws_access_key_id=os.environ["AWS_ACCESS_KEY_ID"],
  11         aws_secret_access_key=os.environ["AWS_SECRET_ACCESS_KEY"],
  12         endpoint_url='http://localhost:4566',
  13     )
  14 
  15     buckets=[]
  16     for bucket in s3_client.list_buckets()['Buckets']:
  17         buckets.append(bucket['Name'])
  18 
  19     response = s3_client.create_bucket(Bucket='examplebucket')
  20 
  21     body = {
  22         'message' : message,
  23         'buckets' : buckets,
  24         'AWS_ACCESS_KEY_ID' : os.environ["AWS_ACCESS_KEY_ID"],
  25         'AWS_SECRET_ACCESS_KEY' : os.environ["AWS_SECRET_ACCESS_KEY"]
  26     }
  27 
  28     s3_client.put_object(Body=str(body), Bucket='examplebucket', Key='examplebucket/response.txt')
  29     return body