I have built and deployed a react front end on AWS amplify. I don't want to use amplify for the back end. What I want to do is deploy a node back end with express and sequelize and interact with a postgres database with a lamda server running the node code.
I can't seem to find a decent tutorial for this. A lot of stuff pushes you to use Amplify and quite frankly, it is terrible.
I've looked at a few blog articles that use serverless and don't talk about hooking up to a database - just deploying the back end and using it to respond to a request.
Any help is appreciated.
Hooking up to a database would be like any other code. Basically, you just need to ensure that your lambda has the credentials to log into the database. There are a few ways to skin this cat though. For instance, you could:
Pass the database information (host, creds, etc) as environment vars to the lambda.
Add your credentials to Secrets Manager, and add code to your lambda to pull the secrets
A combination of the above.
This article provides a good starting point for this as a proof of concept:
https://aws.amazon.com/blogs/security/how-to-securely-provide-database-credentials-to-lambda-functions-by-using-aws-secrets-manager/
Basically, it leverages secrets manager for the creds, and you pass the ARN of the secret to the lambda. This is likely the most secure option.
Now, to interact with this lambda from your frontend, you will want to leverage API Gateway. However, another option would be to use a newer feature: function urls:
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-lambda-function-urls-built-in-https-endpoints/
I am not sure of your use case exactly. If you are just experimenting, maybe lambda function urls are enough. If you are looking to do something that's a bit more...beefy... just go API Gateway; you'll have more options for extensibility.
Related
I'm developing an Android app that needs to work with an existing Amazon Web Service RDS database as well as an S3 bucket server also on AWS. My issue is that I'm struggling to find much in the way on guidance on the best approach to do so.
Currently the best thing I've found is Amazon's Amplify, the alternatives so far being SQLiteOpenHelper (seemingly unideal given that it looks to work almost exclusively with local databases, but an interesting caching option) and using Apache, which seems bad as it is extremely manual and largely deprecated.
Am I correct in then concluding Amplify is the best direction to take, or am I missing something big (it feels this way), in which case advice on how better to research this task would be immensely appreciated.
Amplify allows you to connect your app with any kind of datasource using AppSync, which is a GraphQL service managed, via resolvers that connects to anything that you want.
AppSync provides a GraphQL API including features like request and response mapping, authentication, cache and other useful things. Here you can have an overview about how it works https://aws.amazon.com/blogs/mobile/appsync-microservices/.
About how to use S3, Amplify can help with it, using amplify/cli is easy to add that resource, just running amplify add storage, as explained here https://docs.amplify.aws/lib/storage/getting-started/q/platform/android/.
I have a system which uses AWS IoT to send data to a DynamoDB table. This is simple weather data and stores time, temperature, humidity and pressure. So far that side is working well.
I want to display data from this table on a webpage hosted on S3. In its most simple form this would just display the latest row of data. I had though that this would be a case of a simple client-side javascript to query the database, but looking on Amazon it gets quite complicated with Lambda functions called through API gateway using IAM to certify.
Is there a simpler way to go about this? Data should be publicly readable, and non-writeable, so I thought should be easier than what I have read so far.
Please have a look at the Simple Web Service CDK Pattern. It helps you create a simple end-to-end service using API Gateway, a Lambda function, and access to a DynamoDB table with just a few lines of code. It is available in multiple programming languages.
As a general note: Whenever you want to provide dynamic content, you need some kind of application that takes care of it. An API Gateway backed by an AWS Lambda function is no more complicated than running a web server with all the undifferentiated heavy lifting like network configuration, firewall setup, OS patching, and maintenance. And proper handling of identity and access control needs to be done in any case.
If you really want to just display the latest row, and you prefer to keep you webpage as static as possible, I would consider just writing out the latest row of dynamodb to a simple json file using whatever backend process you want, then that file can be consumed by your front end application without having to worry about IAM Credentials or even the AWS JS SDK - keep it as simple and lightweight as possible.
No need to repeatedly hit your dynamodb to pull back the same data for each page load either - which should also save you some money in the long run.
There is a in-browser JavaScript SDK. It allows the JavaScript on your web page to make calls directly to DynamoDB, without having to make API calls through API Gateway that trigger a Lambda function that itself makes calls to DynamoDB on your behalf.
The main consideration here is how to authenticate your web browser client. It cannot make DynamoDB API calls without AWS credentials. I'm assuming that you have no server-side component that can return AWS credentials to the client.
You could embed read-only, minimally-permissioned AWS credentials in the page itself - this is definitely not a best practice, but it's simple and in some cases might be acceptable. Other options include requiring the web site user to authenticate via Web Identity Federation, which would dynamically yield a set of usable, time-limited AWS credentials. Another, more sophisticated option, would be AWS Amplify which supports both authenticated and unauthenticated clients. This is generally preferable to hard-coding (read-only) AWS credentials in a web page but is a little more complex to set up.
There is also a blog post: Dynamic Websites Using the AWS SDK for JavaScript in the Browser.
In all these scenarios, the page itself would make API calls directly to DynamoDB, and you should ensure that the IAM role associated with the credentials is heavily restricted (just the relevant DynamoDB table(s) and just the necessary query/get permissions).
I want to preface this with the fact that I'm not knowledgable with AWS really at all. I mostly do front end development and some very (very, very) basic MySQL.
Recently a new manager has joined my company and despite telling him, he seems to think I'm a backend developer. Because of that I've been tasked with hooking up an AWS flow that was in place (A DynamoDB table, an Gateway API and Lambda Function that connects them and also creates gists with tokens) to an external API that accepts data with a POST function.
Ideally I'd like to not have to touch anything to do with the Lambda function as I'm not 100% of how it works and the files are too big to do inline editing within the AWS dashboard.
Is there anyway I can set this up easily? Any help would be incredibly appreciated
p.s. Don't feel bad about talking down to me or anything. The easier and more clearly explained the better
The answer is not something I can just spit out here. You will have to do some learning and homework. That said here are some resources where you can learn quickly what you are trying to find out.
AWS Serverless home page
Serverless.com lambda information
AWS Serverless blog
AWS Serverless tutorials
AWS Serverless hands on building apps
AWS Serverless youtube channel
AWS Amplify
Free Amazon DynamoDB online training from Linux Academy
I have been thinking about building a backend with graphQL.
The aim is to make the life of the backend team easier and iterate quicker rather then have to build REST endpoints or wss actions for each dataset retreivale.
GraphQL seems to be one of solution. We are very familliar with the Lambda environement and therefore in our research we found AppSync. I looks like a perfect solution, however I have some concerened around being locked in AWS and by designing the whole architecture around AppSync.
The beauty of serverless is that with the Serverless Framework, we could redeploy all functions to another cloud provider (Azure Functions) or even dockerize the functions for a deployment onprem.
I am concerned that with AppSync there is really no alternative in either other cloud providers or to easly do this onprem. Does anybody have any experience with this? Would it be more worth it to do the work to deploy an appolo server in lambda and build the connectors/listeners to the data sources our selfs with something like this: https://github.com/michalkvasnicak/aws-lambda-graphql/tree/aws-lambda-graphql%400.13.0#design-michalkvasnicak ?
IMHO, it comes down to how exactly the client of the GraphQL endpoint will secure data. One strategy is to secure an app with Amazon identity services like IAM and Cognito. Amplify's strength is secure integration with IAM, Cognito, API Gateway, DynamoDB, S3, and AppSync. A secure GraphQL endpoint on AppSync, for example. The data hosted in each AWS cloud service can be secured with Amplify and there are many other strategies too.
The serverless framework is a break through for serverless developer operations. The framework is beautiful. I don't disagree with your concern that Amplify generated cloudformation is not portable. Cloudformation is different DevSecOps culture than the Serverless framework. Amplify's generated DevSecOps code simply lands in Cloudformation culture.
I'm awfully new to GraphQL on the cloud, FWIW. I don't have experience with Apollo on Lambda. I cried, it looked difficult to automate the security though a seasoned pro may know. I certainly hope you get to a point where you never have to throw a single line of code away. I'm not even close, yet.
An easy entry point to the AWS eco system is to use AWS Amplify.
It has documentation guidance on security, GraphQL API, etc.
I am currently working on a web portal for a foundation. Applicants for a grant will receive access data in advance independently of this portal. New applications will then be created and processed in the portal itself. Once an application is complete, it is sent off. Later the application will be approved or rejected.
There are a number of technical specifications on which I have no influence. The frontend should be implemented using Html+Javascript. The backend should use the Amazon Web Services (AWS). If there is a need to program something for the backend - then C# should be used.
I know how to implement the classic client-server solution. At the moment, however, AWS offers me an unmanageable set of services. And here I'm hoping for suggestions as to which of the services I should take a closer look at. Ideally, no complete 'server solution' should run on a virtual server. Instead, Lambda functions are mentioned again and again. So would Amazon RDS and AWS Lambda be a sensible and sufficient combination? Did I miss something?
Thank you very much for your suggestions.
One solution would be to use AWS S3 to server HTML, CSS, JS, Images and other static content. You could use AWS Lambda via AWS API Gateway to serve as a backend. AWS Lambda would then connect to AWS RDS or AWS DynamoDB if you would prefer a NoSQL solution.
Image taken from AWS Github repo
You can get a more detailed description of how to set this up at
https://github.com/aws-samples/aws-serverless-workshops/tree/master/WebApplication/