Skip to content

Latest commit

 

History

History
174 lines (120 loc) · 6.23 KB

README.md

File metadata and controls

174 lines (120 loc) · 6.23 KB
Raw

Authentication Using IAM / Identity Pool

  • A request wiith some signed authentication headers will be sent to our API
  • AWS will use the headers to figure out which Identity Pool is tied to it
  • The Identity Pool will ensure that the request is signed by somebody that has authenticated with our User Pool - Federated Identity Management
  • If so, then it'll assign the Auth IAM Role to this request
  • Finally, IAM will check to ensure that this role has access to our API

Testing API Security

  • First authenticate against our User Pool and acquire a user token
  • With the user token get temporary IAM credentials from our Identity Pool
  • Use the IAM credentials to sign our API request with Signature Version 4

Understanding CORS

There are two things weneed to do to support CORS in our Serverless API:

  • Preflight OPTIONS request: For certain types of cross-domain requests (PUT, DELETE, ones with Authentication headers, etc.) your browser will first make a preflight request using the request method OPTIONS. These need to respond with the domains that are allowed to access this API and the HTTP methods that are allowed.

  • Respond with CORS headers: For all other types of requests we need to make sure to include the appropriate CORS headers. These headers, just like the one above, need to include the domains that are allowed.

If the above is not set up, you'll experience the common HTTP response error:

No 'Access-Control-Allow-Origin' header is present on the requested resource

(CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain.

Serverless Node.js Starter

A Serverless starter that adds ES6, TypeScript, serverless-offline, linting, environment variables, and unit test support. Part of the Serverless Stack guide.

Serverless Node.js Starter uses the serverless-bundle plugin and the serverless-offline plugin. It supports:

  • Generating optimized Lambda packages with Webpack
  • Using ES6 or TypeScript in your handler functions
  • Run API Gateway locally
    • Use serverless offline start
  • Support for unit tests
    • Run npm test to run your tests
  • Sourcemaps for proper error messages
    • Error message show the correct line numbers
    • Works in production with CloudWatch
  • Lint your code with ESLint
  • Add environment variables for your stages
  • No need to manage Webpack or Babel configs

Demo

A demo version of this service is hosted on AWS - https://z6pv80ao4l.execute-api.us-east-1.amazonaws.com/dev/hello

And here is the ES6 source behind it

export const hello = async (event, context) => {
  return {
    statusCode: 200,
    body: JSON.stringify({
      message: `Go Serverless v1.0! ${(await message({ time: 1, copy: 'Your function executed successfully!'}))}`,
      input: event,
    }),
  };
};

const message = ({ time, ...rest }) => new Promise((resolve, reject) =>
  setTimeout(() => {
    resolve(`${rest.copy} (with a delay)`);
  }, time * 1000)
);

Upgrading from v1.x

We have detailed instructions on how to upgrade your app to the v2.0 of the starter if you were using v1.x before. Read about it here.

Requirements

Installation

To create a new Serverless project.

$ serverless install --url https://github.com/AnomalyInnovations/serverless-nodejs-starter --name my-project

Enter the new directory

$ cd my-project

Install the Node.js packages

$ npm install

Usage

To run a function on your local

$ serverless invoke local --function hello

To simulate API Gateway locally using serverless-offline

$ serverless offline start

Deploy your project

$ serverless deploy

Deploy a single function

$ serverless deploy function --function hello

Running Tests

Run your tests using

$ npm test

We use Jest to run our tests. You can read more about setting up your tests here.

Environment Variables

To add environment variables to your project

  1. Rename env.example to .env.
  2. Add environment variables for your local stage to .env.
  3. Uncomment environment: block in the serverless.yml and reference the environment variable as ${env:MY_ENV_VAR}. Where MY_ENV_VAR is added to your .env file.
  4. Make sure to not commit your .env.

TypeScript

If serverless-bundle detects a tsconfig.json in your service root, it'll compile it using TypeScript. We have a separate starter for TypeScript here, Serverless TypeScript Starter.

Linting

We use ESLint to lint your code via serverless-bundle.

You can turn this off by adding the following to your serverless.yml.

custom:
  bundle:
    linting: false

To override the default config, add a .eslintrc.json file. To ignore ESLint for specific files, add it to a .eslintignore file.

Support

  • Open a new issue if you've found a bug or have some suggestions.
  • Or submit a pull request!

This repo is maintained by Anomaly Innovations; makers of Seed and Serverless Stack.