Today (20 Sep 2020) I started working on my first full-stack Serverless app with the Serverless Stack project.
This is the API side notes for my first AWS Serverless infrastructure. API notes are here
Cognito User Pool
Created my first Cognito User Pool. There are two settings to be noted:
- DISABLE client secret generation: user pool apps with a client secret are not supported by the JavaScript SDK. We need to un-select the option.
- Enable username password auth for admin APIs for authentication: required by AWS CLI when managing the pool users via command line interface. We will be creating a test user through the command line interface in the next chapter.
Serverless Framework
The serverless framework makes it easier for developers to make serverless applications locally.
See here for the detailed tutorial on setting up a node server from the serverless framework starter.
Lambda Handler
- Lambda handlers are invoked when a request is made to the API. Serverless Framework takes care of the mapping between the API endpoint and the handler, as long as we specify it in the
functions
part of theserverless.yml
. - Lambda Handlers need to call DynamoDB to persist data, using the DynamoDB SDK for Node.js. Serverless comes with a transpiler between Node.js and JavaScript/TypeScript.
DynamoDB SDK
See Class: AWS.DynamoDB documentation. When configuring the Lambda handlers, you can configure the params as needed by the methods and call these DynamoDB methods. With Serverless Framework, the Lambda is given the permission to work on DynamoDB in the iamRoleStatements
section in serverless.yml.
Add rights to the Lambda functions by IAM
To add specific rights to this service-wide Role, define statements in provider.iamRoleStatements which will be merged into the generated policy. As those statements will be merged into the CloudFormation template, you can use Join, Ref or any other CloudFormation method or feature.
Cognito Identity Pool v.s. Cognito User Pool
- Cognito User Pool handles user registration, authentication, and account recovery
- Cognito Identity Pool provides authorization for users to use the various AWS services.
- The Cognito Identity Pool simply takes all your identity providers and puts them together (federates them). And with all of this it can now give your users secure access to your AWS services, regardless of where they come from.
Infrastructure as Code
Serverless Framework supports defining CloudFormation for the infrastructure.