AWS
Amazon Web Services
Lambda Java samples:
User credentials
https://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html
https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Instead of sharing the credentials of the AWS account root user, create individual IAM users, granting each user only the permissions they require.
Follow the best practice of using the root user only to create your first IAM user.
There are two types of credentials:
- Root user credentials, allow full access to all resources in the AWS account.
- IAM credentials, control access to AWS services and resources for users in your AWS account
Serverless blog web application architecture
https://s3.amazonaws.com/aws-lambda-serverless-web-refarch/RefArch_BlogApp_Serverless.png
- Amazon Route 53 (routes to specific places based on region)
Amazon CloudFront (deliver static content per region hosted inside S3)
- Amazon Simple Storage Service (S3)
- Amazon Cognito (Authentication and authorization)
- Amazon API Gateway (routes requests to backend logic)
- AWS Lambda (backend business logic)
- AWS DynamoDB (managed DB)
- AWS Identity and Access Management (IAM) - web service to control access to AWS resources
Localstack in Debian
1 sudo apt install python3-pip
2 sudo apt install python-pip
3 pip3 install localstack
4 pip install localstack
5 .local/bin/localstack start
6 docker run --rm -it -p 4566:4566 -p 4571:4571 localstack/localstack
7 curl http://localhost:4566/health
8 pip3 install awscli
9 pip3 install awscli-local
10 .local/bin/awslocal kinesis list-streams
11 .local/bin/awslocal s3api list-buckets
12 PATH=$PATH:/usr/sbin:~/.local/bin in ~/.bashrc
13 docker exec -it silly_greider bash
14 awslocal s3api list-buckets
15 awslocal s3api create-bucket --bucket my-bucket --region us-east-1
16 # https://docs.aws.amazon.com/cli/latest/reference/s3api/
17 echo "test" > test.txt
18 awslocal s3api put-object --bucket my-bucket --key dir-1/test.txt --body test.txt
19 awslocal s3api get-object --bucket my-bucket --key dir-1/test.txt test2.txt
20 cat test2.txt
Localstack - lambda and s3
run.sh
1 zip py-my-function.zip lambda_function.py
2 awslocal lambda delete-function --function-name py-my-function
3 awslocal lambda create-function --function-name py-my-function --zip-file fileb://py-my-function.zip --handler lambda_function.lambda_handler --runtime python3.9 --role arn:aws:iam::000000000000:role/lambda-ex
4 awslocal lambda invoke --function-name py-my-function --payload '{ "first_name": "Bob","last_name":"Squarepants" }' response.json
5 cat response.json
lambda_function.py
1 import boto3
2 import os
3
4 def lambda_handler(event, context):
5 message = 'Hello {} {}!'.format(event['first_name'], event['last_name'])
6 session = boto3.session.Session()
7
8 s3_client = session.client(
9 service_name='s3',
10 aws_access_key_id=os.environ["AWS_ACCESS_KEY_ID"],
11 aws_secret_access_key=os.environ["AWS_SECRET_ACCESS_KEY"],
12 endpoint_url='http://localhost:4566',
13 )
14
15 buckets=[]
16 for bucket in s3_client.list_buckets()['Buckets']:
17 buckets.append(bucket['Name'])
18
19 response = s3_client.create_bucket(Bucket='examplebucket')
20
21 body = {
22 'message' : message,
23 'buckets' : buckets,
24 'AWS_ACCESS_KEY_ID' : os.environ["AWS_ACCESS_KEY_ID"],
25 'AWS_SECRET_ACCESS_KEY' : os.environ["AWS_SECRET_ACCESS_KEY"]
26 }
27
28 s3_client.put_object(Body=str(body), Bucket='examplebucket', Key='examplebucket/response.txt')
29 return body
Access localstack from docker container
1 docker run -d --name localstack --rm -it -p 4566:4566 -p 4571:4571 localstack/localstack # run container
2 docker exec -it localstack bash # connect to container
3 lsb_release -a
4 curl http://localhost:4566/health
5 awslocal s3api list-buckets
6 awslocal s3api create-bucket --bucket my-bucket
7 echo "test" > test.txt
8 awslocal s3api put-object --bucket my-bucket --key dir-1/test.txt --body test.txt
9 awslocal s3api get-object --bucket my-bucket --key dir-1/test.txt test2.txt
10 cat test2.txt
11 apt install nano vim yajl-tools -y
12 # https://hub.docker.com/r/localstack/localstack
13 # https://github.com/localstack/localstack
14 node -v # v14.18.1
15 python -V # Python 3.8.12
16 pip3 freeze
17 curl http://localhost:4566/health | json_reformat
18 awslocal ec2 run-instances --image-id prod-df2jln3gjtwps --count 1 --instance-type t2.micro
19 awslocal ec2 describe-instances --filters "Name=instance-type,Values=t2.micro" --query "Reservations[].Instances[].InstanceId"
20 awslocal ec2 describe-instances
Localstack - java8
build.sh
1 FUNCTION_NAME=lambda-function
2 awslocal lambda delete-function --function-name $FUNCTION_NAME
3 sleep 5
4 mvn clean install
5 sleep 5
6 awslocal lambda create-function --function-name $FUNCTION_NAME \
7 --zip-file fileb://target/lambda-function-1.0-SNAPSHOT.jar \
8 --handler com.mooo.bitarus.Handler --runtime java8 \
9 --role arn:aws:iam::000000000000:role/lambda-ex --timeout 30
10 #awslocal lambda update-function-configuration --function-name $FUNCTION_NAME \
11 # --timeout 15
12 sleep 15
latest_log.sh
1 LOG_GROUP="/aws/lambda/lambda-function"
2 LOG_STREAM=$(awslocal logs describe-log-streams \
3 --log-group-name $LOG_GROUP \
4 --order-by LastEventTime --descending | \
5 grep logStreamName | head -1 | awk '//{print $2}' | sed "s/,//g" | sed 's/\"//g' )
6 echo $LOG_GROUP
7 echo $LOG_STREAM
8 awslocal logs get-log-events --log-group-name $LOG_GROUP \
9 --log-stream-name "$LOG_STREAM" \
10 | grep message \
11 | sed 's/"message"\://g' \
12 | sed 's/ //g'
pom.xml
1 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
2 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
3 <modelVersion>4.0.0</modelVersion>
4 <groupId>com.mooo.bitarus</groupId>
5 <artifactId>lambda-function</artifactId>
6 <packaging>jar</packaging>
7 <version>1.0-SNAPSHOT</version>
8 <name>lambda-function</name>
9 <properties>
10 <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
11 <maven.compiler.source>1.8</maven.compiler.source>
12 <maven.compiler.target>1.8</maven.compiler.target>
13 </properties>
14 <dependencies>
15 <dependency>
16 <groupId>com.amazonaws</groupId>
17 <artifactId>aws-lambda-java-core</artifactId>
18 <version>1.2.1</version>
19 </dependency>
20 <dependency>
21 <groupId>com.google.code.gson</groupId>
22 <artifactId>gson</artifactId>
23 <version>2.8.9</version>
24 </dependency>
25 </dependencies>
26
27 <build>
28 <plugins>
29 <plugin>
30 <artifactId>maven-surefire-plugin</artifactId>
31 <version>2.22.2</version>
32 </plugin>
33 <plugin>
34 <groupId>org.apache.maven.plugins</groupId>
35 <artifactId>maven-shade-plugin</artifactId>
36 <version>3.2.2</version>
37 <configuration>
38 <createDependencyReducedPom>false</createDependencyReducedPom>
39 </configuration>
40 <executions>
41 <execution>
42 <phase>package</phase>
43 <goals>
44 <goal>shade</goal>
45 </goals>
46 </execution>
47 </executions>
48 </plugin>
49 <plugin>
50 <groupId>org.apache.maven.plugins</groupId>
51 <artifactId>maven-compiler-plugin</artifactId>
52 <version>3.8.1</version>
53 <configuration>
54 <source>1.8</source>
55 <target>1.8</target>
56 </configuration>
57 </plugin>
58 </plugins>
59 </build>
60 </project>
run.sh
src/main/java/com/mooo/bitarus/Handler.java
1 package com.mooo.bitarus;
2
3 import com.amazonaws.services.lambda.runtime.Context;
4 import com.amazonaws.services.lambda.runtime.RequestHandler;
5 import com.amazonaws.services.lambda.runtime.LambdaLogger;
6 import com.google.gson.Gson;
7 import com.google.gson.GsonBuilder;
8 import java.util.Map;
9 import java.util.HashMap;
10
11 public class Handler implements RequestHandler<Map<String,String>, String>{
12 Gson gson = new GsonBuilder().setPrettyPrinting().create();
13 @Override
14 public String handleRequest(Map<String,String> event, Context context)
15 {
16 LambdaLogger logger = context.getLogger();
17 System.out.println(">>> sout test");
18 logger.log("Stuff logged");
19 String response = "Java Lambda invocation response 3";
20 logger.log( event.get("first_name") );
21 logger.log("EVENT TYPE: " + event.getClass());
22 Map<String,String> hashReturn = new java.util.HashMap<String,String>();
23 hashReturn.put("response",response);
24 return gson.toJson(hashReturn);
25 }
26 }