Serverless api gateway + lambda

Download Serverless api gateway + lambda

Post on 22-Mar-2017

40 views

Category:

Technology

0 download

Embed Size (px)

TRANSCRIPT

<ul><li><p> 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.</p><p> Leon Li, Solutions Architect</p><p>&amp;APIAmazon API Gateway and AWS Lambda</p></li><li><p>1. 2. Amazon API GatewayAPI3. AWS Lambda4. AWS IAMAPI Gateway5. SDK6. Streeet7. </p></li><li><p> Restful API</p></li><li><p>Managed</p><p>InternetMobile appsAWS Lambda </p><p>functions</p><p>AWS</p><p>API Gateway cache</p><p>Endpoints on Amazon EC2</p><p>Any other publicly accessible endpoint</p><p>Amazon CloudWatch</p><p>Amazon CloudFront</p><p>API Gateway</p><p>API GatewayOther AWS </p><p>services</p><p>AWS Lambda functions</p></li><li><p>AWS Lambda + Amazon API Gateway </p><p> AWS Identity and Access Management</p><p>Swagger client SDK </p></li><li><p>Amazon API Gateway AWS Lambda AWS Lambda Amazon DynamoDB</p><p>REST APIAPI</p><p> Authorizer NoSql</p></li><li><p>Streeet App</p></li><li><p>Unauthenticated</p><p>API</p><p>Mobile apps AWS Lambda lambdaHandler</p><p>Register</p><p>LoginAPI Gateway</p><p>Authenticated</p><p>Mobile apps AWS Lambda lambdaHandler</p><p>ListPosts</p><p>GetPosts</p><p>API GatewayGetComments</p><p>Invoke with caller credentials</p><p>Authorized by IAM</p></li><li><p>?</p><p>AWS, IAM</p><p>Swagger</p></li><li><p>API Swagger</p></li><li><p>Amazon API Gateway</p><p>API</p><p>Identity and Access Management</p><p>AWS</p><p>DDoS </p></li><li><p>Method and integration</p></li><li><p> POST DynamoDB table/register</p><p> POST /login</p><p> POST GET /comments</p><p> GET Post/post/{id}</p><p>Unauthenticated</p><p>Authenticated</p></li><li><p>Method Response</p><p>Integration Request</p><p>Method Request</p><p>Method</p><p>Swaggerapi</p><p>/register:post:summary: Registers a new userconsumes:- application/json</p><p>produces:- application/json</p><p>parameters:- name: NewUserin: bodyschema:$ref: '#/definitions/User</p><p>x-amazon-apigateway-integration:type: awsuri: arn:aws:apigateway:us-east-1:lambda:path/2015-03-31...</p><p>credentials: arn:aws:iam::964405213927:role/pet_store_lambda_invoke...</p><p>responses:200:schema:$ref: '#/definitions/RegisterUserResponse'</p></li><li><p>Swagger</p><p> APIRepository API</p><p> APIAPI Gateway</p></li><li><p>; </p><p>: Lambda . 100ms</p><p>Bring Your Own Code</p><p>Lambda : </p><p>Node.js, PythonJava</p><p>. AWS Lambda </p><p>AWS Lambda</p></li><li><p>Lambda</p><p>lambdaHandler</p><p>Register action</p><p>Login action</p><p>Create comments action</p><p>Get comments action</p><p>Credentials generation</p><p>Streeetdatabase</p><p>Amazon API Gateway</p></li><li><p>Mapping templates</p><p>http://amzn.to/1L1hSF5</p></li><li><p>AWS credentials</p></li><li><p>JWT Json Web Token</p><p>RFC 7519 / HMAC256 / HMAC512 etc</p></li><li><p>The API definition</p><p> POST username, password DynamoDB JWT </p><p>/register</p><p> POST username, password DynamoDB JWTToken JWT Token</p><p>/login</p></li><li><p> - Lambda</p><p>Client</p><p>Lambda Authfunction</p><p>API Gateway</p><p>OAuth token</p><p>Policy is evaluated</p><p>Policy is cached</p><p>Endpoints on Amazon EC2</p><p>Any other publicly accessible endpoint</p><p>AWS Lambda functions</p><p>403</p><p>AWS KMSJWT Provider</p></li><li><p>IAM PolicyAWS</p><p>Mobile apps AWS Lambda lambdaHandlerAPI Gateway</p><p>Invoke with caller credentials</p><p>Service calls areauthorized using</p><p>the IAM role </p><p>http://amzn.to/1YkxcjR</p><p>DynamoDB</p></li><li><p>API</p></li><li><p>POSTDynamodb</p><p>GET</p><p>/comments</p><p> GET </p><p>/Post/{id}</p></li><li><p>IAM Role{</p><p>"Version": "2012-10-17","Statement": [</p><p>{"Effect": "Allow",</p><p>"Action": ["dynamodb:GetItem","dynamodb:PutItem","dynamodb:Scan","lambda:InvokeFunction","execute-api:invoke"</p><p>],"Resource": [</p><p>"arn:aws:dynamodb:us-east-1:xxxxxx:table/posts","arn:aws:lambda:us-east-1:xxxxx:function:test,"arn:aws:execute-api:us-east-1:xxxx:API_ID/*/POST/comments"</p><p>]}</p><p>]}</p><p>The role allows calls to: DynamoDB API Gateway Lambda</p><p>Role</p></li><li><p>IAMAWS</p><p> AWS</p><p> IAM policies RolesAPI</p></li><li><p>SDK</p></li><li><p>sdk</p></li><li><p>Apex by TJ</p></li><li><p>AWS Lambda + Amazon API Gateway</p><p>Streeethttps://github.com/legocode/Streeet</p><p>IAM</p><p>SwaggerSDK</p></li><li><p>Q&amp;A?</p></li><li><p>Thank You.</p></li></ul>