diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 5605584..48756de 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -13,32 +13,44 @@ jobs: - name: Checkout uses: actions/checkout@v2 - - name: Start up LocalStack + - name: Install tools + run: | + pip install --pre localstack awscli-local[ver1] terraform-local pytest requests + + # Terraform + curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \ + | sudo tee /etc/apt/sources.list.d/hashicorp.list + sudo apt-get update -qq && sudo apt-get install -y terraform + + - name: Start LocalStack env: LOCALSTACK_AUTH_TOKEN: ${{ secrets.LOCALSTACK_AUTH_TOKEN }} run: | docker pull localstack/localstack-pro & - - # install CLI tools - pip install --pre localstack localstack-ext awscli-local[ver1] - - # start LocalStack - DEBUG=1 localstack start -d + DEBUG=1 LOCALSTACK_APPINSPECTOR_ENABLE=1 localstack start -d localstack wait - - name: Run simple test - env: - LOCALSTACK_AUTH_TOKEN: ${{ secrets.LOCALSTACK_AUTH_TOKEN }} + - name: Deploy infrastructure via Terraform run: | - set -e + cd 01-serverless-app/terraform + tflocal init + tflocal apply -auto-approve - # deploy test resources - (cd 00-hello-world; ./deploy.sh) + - name: Build and push fulfillment image + run: | + ECR_REGISTRY="000000000000.dkr.ecr.us-east-1.localhost.localstack.cloud:4566" + awslocal ecr get-login-password | \ + docker login --username AWS --password-stdin "$ECR_REGISTRY" + docker build -t "$ECR_REGISTRY/fulfillment:latest" 01-serverless-app/services/fulfillment + docker push "$ECR_REGISTRY/fulfillment:latest" - # run assertion - curl http://testwebsite.s3-website.localhost.localstack.cloud:4566 | grep 'You are running LocalStack' + - name: Run E2E tests + run: | + cd 02-e2e-testing && pytest tests/ -v - name: Print LocalStack logs + if: always() run: | localstack logs localstack stop diff --git a/00-hello-world/README.md b/00-hello-world/README.md deleted file mode 100644 index b09437e..0000000 --- a/00-hello-world/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# Hello World in LocalStack - -This simple serverless app is the Hello World of LocalStack. -It will deploy an S3 static website with a simple _"Hello World"_ message. - -For more information, visit our [docs](https://docs.localstack.cloud/tutorials/s3-static-website-terraform/). - -## How to run - -Simply start LocalStack with `localstack start -d` and then run the `deploy.sh` script. - -Once deployed, you can open the page in the browser: http://testwebsite.s3-website.localhost.localstack.cloud:4566 - -**Note**: If you are executing in Github Codespaces, you can right-click on port 4566, then "Copy Local Address", and then append the suffix /testwebsite/index.html to the URL. -For example, the final URL may look something like this: https://yourusername-vigilant-umbrella-q94554wwv-4566.preview.app.github.dev/testwebsite/index.html diff --git a/00-hello-world/bucket-policy.json b/00-hello-world/bucket-policy.json deleted file mode 100644 index db6bd52..0000000 --- a/00-hello-world/bucket-policy.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "PublicReadGetObject", - "Effect": "Allow", - "Principal": "*", - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::aws-day/*" - } - ] -} diff --git a/00-hello-world/deploy.sh b/00-hello-world/deploy.sh deleted file mode 100755 index 21339f3..0000000 --- a/00-hello-world/deploy.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -awslocal s3api create-bucket --bucket testwebsite - -awslocal s3api put-bucket-policy --bucket testwebsite --policy file://bucket-policy.json - -awslocal s3 sync ./ s3://testwebsite - -awslocal s3 website s3://testwebsite/ --index-document index.html - -echo "Visit http://testwebsite.s3-website.localhost.localstack.cloud:4566/" -echo -echo "If you're using Github Codespaces, find the public endpoint for port 4566, then visit https://-4566.preview.app.github.dev/testwebsite/index.html" diff --git a/00-hello-world/index.html b/00-hello-world/index.html deleted file mode 100644 index a78aa79..0000000 --- a/00-hello-world/index.html +++ /dev/null @@ -1,27 +0,0 @@ - - - - LocalStack S3 website - - - - -

You are running LocalStack 🎉

-

- Welcome to the EuroPython 2023 LocalStack workshop! -

-

- You are viewing an HTML document in the S3 bucket called testwebsite. - The S3 feature website configuration allows you to serve static websites directly through an S3 bucket URL. -

-

- As you can see, LocalStack fully emulates this behavior! -

- - diff --git a/00-hello-world/list_s3_objects.py b/00-hello-world/list_s3_objects.py deleted file mode 100644 index 7d8e8be..0000000 --- a/00-hello-world/list_s3_objects.py +++ /dev/null @@ -1,29 +0,0 @@ -# This is a simple Python script to illustrate the use of boto3, the AWS SDK -# for Python. We use a boto3 client below to list all S3 buckets and objects. -import os - -import boto3 - -LOCALSTACK_ENDPOINT = "http://localhost:4566" -AWS_REGION = os.environ.get("AWS_DEFAULT_REGION", "us-east-1") - - -def main(): - client = boto3.client( - "s3", - endpoint_url=LOCALSTACK_ENDPOINT, - aws_access_key_id="test", - aws_secret_access_key="test", - region_name=AWS_REGION - ) - - buckets = client.list_buckets()["Buckets"] - for bucket in buckets: - print(f"Found bucket: {bucket['Name']}") - objects = client.list_objects(Bucket=bucket["Name"]).get("Contents", []) - for obj in objects: - print(f"Found object: s3://{bucket['Name']}/{obj['Key']}") - - -if __name__ == "__main__": - main() diff --git a/01-serverless-app/lambdas/order_processor/handler.py b/01-serverless-app/lambdas/order_processor/handler.py index 88d60af..94c906d 100644 --- a/01-serverless-app/lambdas/order_processor/handler.py +++ b/01-serverless-app/lambdas/order_processor/handler.py @@ -6,15 +6,11 @@ import boto3 dynamodb = boto3.resource("dynamodb") -s3 = boto3.client("s3") sfn = boto3.client("stepfunctions") -TABLE_NAME = os.environ["ORDERS_TABLE"] -RECEIPTS_BUCKET = os.environ["RECEIPTS_BUCKET"] +TABLE_NAME = os.environ["ORDERS_TABLE"] STATE_MACHINE_ARN = os.environ["STATE_MACHINE_ARN"] -TERMINAL_STATUSES = {"fulfilled", "failed"} - def now(): return datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") @@ -64,7 +60,6 @@ def handler(event, context): if step == "validate": return validate(order) if step == "process_payment": return process_payment(order) - if step == "fulfill": return fulfill(order) if step == "handle_failure": return handle_failure(order) raise ValueError(f"Unknown step: {step}") @@ -82,20 +77,6 @@ def process_payment(order): return order -def fulfill(order): - time.sleep(2) - set_status(order["order_id"], "fulfilled") - receipt = {k: order[k] for k in ("order_id", "item", "quantity")} - receipt["status"] = "fulfilled" - s3.put_object( - Bucket=RECEIPTS_BUCKET, - Key=f"receipts/{order['order_id']}.json", - Body=json.dumps(receipt), - ContentType="application/json", - ) - return order - - def handle_failure(order): set_status(order["order_id"], "failed") return order diff --git a/01-serverless-app/services/fulfillment/Dockerfile b/01-serverless-app/services/fulfillment/Dockerfile new file mode 100644 index 0000000..3e05645 --- /dev/null +++ b/01-serverless-app/services/fulfillment/Dockerfile @@ -0,0 +1,5 @@ +FROM python:3.12-slim +WORKDIR /app +RUN pip install --no-cache-dir boto3 +COPY fulfill.py . +CMD ["python", "fulfill.py"] diff --git a/01-serverless-app/services/fulfillment/fulfill.py b/01-serverless-app/services/fulfillment/fulfill.py new file mode 100644 index 0000000..538bf9a --- /dev/null +++ b/01-serverless-app/services/fulfillment/fulfill.py @@ -0,0 +1,53 @@ +"""ECS task: fulfill an order — update DynamoDB status and write S3 receipt.""" +import json +import os +from datetime import datetime, timezone + +import boto3 + +ORDER_ID = os.environ["ORDER_ID"] +TABLE_NAME = os.environ["ORDERS_TABLE"] +RECEIPTS_BUCKET = os.environ["RECEIPTS_BUCKET"] + +endpoint = os.environ.get("AWS_ENDPOINT_URL", "") +print(f"Connecting to endpoint: {endpoint or '(default AWS)'}", flush=True) + +dynamodb = boto3.resource("dynamodb") +s3 = boto3.client("s3") + + +def now(): + return datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") + + +table = dynamodb.Table(TABLE_NAME) + +resp = table.get_item(Key={"order_id": ORDER_ID}) +order = resp["Item"] + +fulfilled_at = now() + +# Write receipt to S3 first — DynamoDB status is updated last so the test +# (and any consumer) only sees "fulfilled" once the receipt already exists. +receipt = { + "order_id": ORDER_ID, + "item": order["item"], + "quantity": int(order["quantity"]), + "status": "fulfilled", + "fulfilled_at": fulfilled_at, +} +s3.put_object( + Bucket=RECEIPTS_BUCKET, + Key=f"receipts/{ORDER_ID}.json", + Body=json.dumps(receipt), + ContentType="application/json", +) + +table.update_item( + Key={"order_id": ORDER_ID}, + UpdateExpression="SET #s = :s, fulfilled_at = :ts", + ExpressionAttributeNames={"#s": "status"}, + ExpressionAttributeValues={":s": "fulfilled", ":ts": fulfilled_at}, +) + +print(f"Order {ORDER_ID} fulfilled: {order['item']} x{order['quantity']}") diff --git a/01-serverless-app/terraform/main.tf b/01-serverless-app/terraform/main.tf index 1757116..0fdcaf3 100644 --- a/01-serverless-app/terraform/main.tf +++ b/01-serverless-app/terraform/main.tf @@ -16,6 +16,14 @@ provider "aws" { skip_requesting_account_id = true } +# ── VPC (required for FARGATE awsvpc network mode) ──────────────────────────── + +resource "aws_default_vpc" "default" {} + +resource "aws_default_subnet" "default" { + availability_zone = "us-east-1a" +} + # ── DynamoDB ────────────────────────────────────────────────────────────────── resource "aws_dynamodb_table" "products" { @@ -64,6 +72,92 @@ resource "aws_dynamodb_table" "orders" { } } +# ── ECR ─────────────────────────────────────────────────────────────────────── + +resource "aws_ecr_repository" "fulfillment" { + name = "fulfillment" +} + +# ── ECS ─────────────────────────────────────────────────────────────────────── + +resource "aws_ecs_cluster" "main" { + name = "workshop" +} + +resource "aws_iam_role" "ecs_execution" { + name = "ecs-execution-role" + + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [{ + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { Service = "ecs-tasks.amazonaws.com" } + }] + }) +} + +resource "aws_iam_role_policy_attachment" "ecs_execution" { + role = aws_iam_role.ecs_execution.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" +} + +resource "aws_iam_role" "ecs_task" { + name = "ecs-task-role" + + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [{ + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { Service = "ecs-tasks.amazonaws.com" } + }] + }) +} + +resource "aws_iam_role_policy" "ecs_task" { + role = aws_iam_role.ecs_task.id + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Effect = "Allow" + Action = ["dynamodb:GetItem", "dynamodb:UpdateItem"] + Resource = aws_dynamodb_table.orders.arn + }, + { + Effect = "Allow" + Action = ["s3:PutObject"] + Resource = "${aws_s3_bucket.receipts.arn}/*" + } + ] + }) +} + +resource "aws_ecs_task_definition" "fulfillment" { + family = "fulfillment" + requires_compatibilities = ["FARGATE"] + network_mode = "awsvpc" + cpu = 256 + memory = 512 + execution_role_arn = aws_iam_role.ecs_execution.arn + task_role_arn = aws_iam_role.ecs_task.arn + + container_definitions = jsonencode([{ + name = "fulfillment" + image = "${aws_ecr_repository.fulfillment.repository_url}:latest" + environment = [ + { name = "ORDERS_TABLE", value = aws_dynamodb_table.orders.name }, + { name = "RECEIPTS_BUCKET", value = aws_s3_bucket.receipts.bucket }, + { name = "AWS_ENDPOINT_URL", value = "http://localhost.localstack.cloud:4566" }, + { name = "AWS_DEFAULT_REGION", value = "us-east-1" }, + { name = "AWS_ACCESS_KEY_ID", value = "test" }, + { name = "AWS_SECRET_ACCESS_KEY", value = "test" }, + ] + }]) +} + # ── S3 ──────────────────────────────────────────────────────────────────────── resource "aws_s3_bucket" "receipts" { @@ -107,8 +201,9 @@ resource "aws_iam_role_policy" "lambda_policy" { Version = "2012-10-17" Statement = [ { + # dynamodb:PutItem intentionally omitted — see 03-iam-enforcement for the IAM demo Effect = "Allow" - Action = ["dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:GetItem", "dynamodb:Scan"] + Action = ["dynamodb:UpdateItem", "dynamodb:GetItem", "dynamodb:Scan"] Resource = [aws_dynamodb_table.orders.arn, aws_dynamodb_table.products.arn] }, { @@ -148,11 +243,28 @@ resource "aws_iam_role_policy" "sfn_policy" { policy = jsonencode({ Version = "2012-10-17" - Statement = [{ - Effect = "Allow" - Action = "lambda:InvokeFunction" - Resource = aws_lambda_function.order_processor.arn - }] + Statement = [ + { + Effect = "Allow" + Action = "lambda:InvokeFunction" + Resource = aws_lambda_function.order_processor.arn + }, + { + Effect = "Allow" + Action = ["ecs:RunTask", "ecs:StopTask", "ecs:DescribeTasks"] + Resource = "*" + }, + { + Effect = "Allow" + Action = "iam:PassRole" + Resource = [aws_iam_role.ecs_execution.arn, aws_iam_role.ecs_task.arn] + }, + { + Effect = "Allow" + Action = ["events:PutTargets", "events:PutRule", "events:DescribeRule"] + Resource = "*" + } + ] }) } @@ -202,7 +314,6 @@ resource "aws_lambda_function" "order_processor" { environment { variables = { ORDERS_TABLE = aws_dynamodb_table.orders.name - RECEIPTS_BUCKET = aws_s3_bucket.receipts.bucket STATE_MACHINE_ARN = local.state_machine_arn } } @@ -251,12 +362,27 @@ resource "aws_sfn_state_machine" "order_processing" { } FulfillOrder = { Type = "Task" - Resource = aws_lambda_function.order_processor.arn + Resource = "arn:aws:states:::ecs:runTask.sync" Parameters = { - "step" = "fulfill" - "order.$" = "$.order" + LaunchType = "FARGATE" + Cluster = aws_ecs_cluster.main.arn + TaskDefinition = aws_ecs_task_definition.fulfillment.arn + NetworkConfiguration = { + AwsvpcConfiguration = { + Subnets = [aws_default_subnet.default.id] + AssignPublicIp = "ENABLED" + } + } + Overrides = { + ContainerOverrides = [{ + Name = "fulfillment" + Environment = [ + { "Name" = "ORDER_ID", "Value.$" = "$.order.order_id" } + ] + }] + } } - ResultPath = "$.order" + ResultPath = null Catch = [{ ErrorEquals = ["States.ALL"], Next = "HandleFailure", ResultPath = "$.error" }] End = true } diff --git a/01-serverless-app/website/index.html b/01-serverless-app/website/index.html index 6b21e27..ad09ab4 100644 --- a/01-serverless-app/website/index.html +++ b/01-serverless-app/website/index.html @@ -258,6 +258,9 @@

Order Processing Pipeline

+ @@ -332,6 +335,80 @@

Products

+ +
+
+

IAM Enforcement

+

+ By default LocalStack is permissive — IAM policies are not evaluated, + so every API call succeeds regardless of what's in your Terraform. + This makes fast iteration easy, but means a missing permission won't surface until + you deploy to real AWS. IAM enforcement changes that: + LocalStack validates every call against the attached IAM policies, exactly + like production. +

+
+
+

Step 1 — Spot the gap (default, no enforcement)

+

The Terraform deployment ships with a deliberately incomplete + IAM policy: the order-handler Lambda role is missing + dynamodb:PutItem on the orders table.

+
    +
  • Go to Orders and place an order — it works fine
    • +
  • Without enforcement, LocalStack lets the call through anyway
    • +
+
+
+

Step 2 — Enable enforcement

+

Toggle IAM Enforcement in the sidebar + (or run make iam-enforce).

+
    +
  • Try placing an order — it now fails with a 500 error
    • +
  • The Lambda gets AccessDeniedException from DynamoDB
    • +
  • Open App Inspector (localhost:4566/_localstack/appinspector) to see the denied call highlighted in red
    • +
+
+
+

Step 3 — Fix the permission

+

Run make iam-fix to attach an inline policy + granting the missing dynamodb:PutItem action to the Lambda role:

+ 
awslocal iam put-role-policy \
+  --role-name lambda-exec-role \
+  --policy-name order-handler-putitem \
+  --policy-document file://03-iam-enforcement/policies/lambda-putitem-grant.json
+
    +
  • Place an order again — the full pipeline succeeds
    • +
  • In a real workflow you'd fix the Terraform and redeploy
    • +
+
+
+
+ +
+

Why this matters

+
+
+

Shift-left security

+

IAM mistakes are the #1 cause of "works locally, fails in prod" bugs. + LocalStack's enforcement mode lets you catch missing permissions on your + laptop — in seconds, not minutes after a prod deploy.

+
+
+

App Inspector

+

Every denied call appears highlighted in the App Inspector UI. + You see exactly which principal, action, and resource was blocked — + far faster to diagnose than CloudTrail in a real account.

+
+
+

Lean policies

+

With enforcement on you can use least-privilege iteration: + start with an empty policy, run your tests, add only the actions + that actually failed. The result is a tight, auditable IAM policy.

+
+
+
+
+
@@ -462,6 +539,21 @@

Chaos Mode

+
+

IAM Enforcement

+
+ Off + +
+ +
+

API Endpoint

@@ -633,6 +725,12 @@

API Endpoint

quantity: parseInt(document.getElementById("quantity").value), }), }); + if (!res.ok) { + const body = await res.text(); + const iamHint = body.includes("AccessDenied") || res.status === 403 + ? " (IAM AccessDeniedException — run make iam-fix)" : ""; + throw new Error(`HTTP ${res.status}${iamHint}`); + } const data = await res.json(); flash.className = "flash success"; flash.textContent = `Order placed! ID: ${data.order_id}`; @@ -718,10 +816,42 @@

API Endpoint

} } + // ── IAM enforcement ─────────────────────────────────────────────────────── + + async function checkIAM() { + try { + const res = await fetch(`${window.location.origin}/_aws/iam/config`); + const data = await res.json(); + const on = data.state === "ENFORCED"; + const toggle = document.getElementById("iam-toggle"); + const label = document.getElementById("iam-status-label"); + const hint = document.getElementById("iam-hint"); + toggle.checked = on; + label.textContent = on ? "On" : "Off"; + label.className = "chaos-status " + (on ? "on" : "off"); + hint.style.display = on ? "block" : "none"; + } catch (_) {} + } + + document.getElementById("iam-toggle").addEventListener("change", async function () { + try { + await fetch(`${window.location.origin}/_aws/iam/config`, { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ state: this.checked ? "ENFORCED" : "ENGINE_ONLY" }), + }); + await checkIAM(); + } catch (e) { + this.checked = !this.checked; + } + }); + // ── Init ────────────────────────────────────────────────────────────────── checkChaos(); setInterval(checkChaos, 5000); + checkIAM(); + setInterval(checkIAM, 5000); loadOrders(); loadProducts(); diff --git a/01-serverless-image-resizer/.gitignore b/01-serverless-image-resizer/.gitignore deleted file mode 100644 index e27f06c..0000000 --- a/01-serverless-image-resizer/.gitignore +++ /dev/null @@ -1,62 +0,0 @@ -*.pyc -*.pyo -*.class -*.log -*.iml -.coverage.* -htmlcov - -/node_modules/ -package-lock.json -/nosetests.xml - -.env -venv -/.venv* -/.coverage -.settings/ -.project -.classpath -.DS_Store -*.egg-info/ -.eggs/ -.vagrant/ -*.sw* -~* -*~ - -node_modules/ -/build/ -/dist/ -/target/ - -.idea -.vscode - -**/obj/** -**/lib/** -**/libs/** - -!bin/docker-entrypoint.sh - -requirements.copy.txt -.serverless/ - -**/.terraform/* -*.tfstate -*.tfstate.* -*tfplan -*.terraform.lock.hcl - -.python-version - -venv -api_states - -tmp/ - -volume/ - -# lambda packages -lambdas/*/package/ -lambdas/*/lambda.zip diff --git a/01-serverless-image-resizer/CODE_OF_CONDUCT.md b/01-serverless-image-resizer/CODE_OF_CONDUCT.md deleted file mode 100644 index e7a16ee..0000000 --- a/01-serverless-image-resizer/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,128 +0,0 @@ -# Contributor Covenant Code of Conduct - -## Our Pledge - -We, as members, contributors, and leaders, pledge to make participation in our -community a harassment-free experience for everyone, regardless of age, body -size, visible or invisible disability, ethnicity, sex characteristics, gender -identity and expression, level of experience, education, socio-economic status, -nationality, personal appearance, race, religion, or sexual identity -and orientation. - -We pledge to act and interact in ways that contribute to an open, welcoming, -diverse, inclusive, and healthy community. - -## Our Standards - -Examples of behavior that contributes to a positive environment for our -community include: - -* Demonstrating empathy and kindness toward other people -* Being respectful of differing opinions, viewpoints, and experiences -* Giving and gracefully accepting constructive feedback -* Accepting responsibility and apologizing to those affected by our mistakes, - and learning from the experience -* Focusing on what is best not just for us as individuals but for the - overall community - -Examples of unacceptable behavior include: - -* The use of sexualized language or imagery and sexual attention or - advances of any kind -* Trolling, insulting or derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or email - address without their explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting - -## Enforcement Responsibilities - -Community leaders are responsible for clarifying and enforcing our standards of -acceptable behavior and will take appropriate and fair corrective action in -response to any behavior that they deem inappropriate, threatening, offensive, -or harmful. - -Community leaders have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, and will communicate reasons for moderation -decisions when appropriate. - -## Scope - -This Code of Conduct applies within all community spaces and also applies when -an individual is officially representing the community in public spaces. -Examples of representing our community include using an official e-mail address, -posting via an official social media account or acting as an appointed -representative at an online or offline event. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported to the community leaders responsible for enforcement at -info@localstack.cloud. -All complaints will be reviewed and investigated promptly and fairly. - -All community leaders are obligated to respect the privacy and security of the -reporter of any incident. - -## Enforcement Guidelines - -Community leaders will follow these Community Impact Guidelines in determining -the consequences for any action they deem in violation of this Code of Conduct: - -### 1. Correction - -**Community Impact**: Use of inappropriate language or other behavior deemed -unprofessional or unwelcome in the community. - -**Consequence**: A private, written warning from community leaders, providing -clarity around the nature of the violation and an explanation of why the -behavior was inappropriate. A public apology may be requested. - -### 2. Warning - -**Community Impact**: A violation through a single incident or series -of actions. - -**Consequence**: A warning with consequences for continued behavior. No -interaction with the people involved, including unsolicited interaction with -those enforcing the Code of Conduct, for a specified period of time. This -includes avoiding interactions in community spaces as well as external channels -like social media. Violating these terms may lead to a temporary or -permanent ban. - -### 3. Temporary Ban - -**Community Impact**: A serious violation of community standards, including -sustained inappropriate behavior. - -**Consequence**: A temporary ban from any interaction or public -communication with the community for a specified period of time. No public or -private interaction with the people involved, including unsolicited interaction -with those enforcing the Code of Conduct, is allowed during this period. -Violating these terms may lead to a permanent ban. - -### 4. Permanent Ban - -**Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an -individual, or aggression toward or disparagement of classes of individuals. - -**Consequence**: A permanent ban from any public interaction within -the community. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 2.0, available at -https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. - -Community Impact Guidelines were inspired by [Mozilla's code of conduct -enforcement ladder](https://github.com/mozilla/diversity). - -[homepage]: https://www.contributor-covenant.org - -For answers to common questions about this code of conduct, see the FAQ at -https://www.contributor-covenant.org/faq. Translations are available at -https://www.contributor-covenant.org/translations. diff --git a/01-serverless-image-resizer/CONTRIBUTING.md b/01-serverless-image-resizer/CONTRIBUTING.md deleted file mode 100644 index 10dc801..0000000 --- a/01-serverless-image-resizer/CONTRIBUTING.md +++ /dev/null @@ -1,54 +0,0 @@ -# Contributing Guidelines - -Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional -documentation, we greatly value feedback and contributions from our community. - -Please read through this document before submitting any issues or pull requests to ensure we have all the necessary -information to effectively respond to your bug report or contribution. - - -## Reporting Bugs/Feature Requests - -We welcome you to use the GitHub issue tracker to report bugs or suggest features. - -When filing an issue, please check existing open or recently closed issues to make sure somebody else hasn't already -reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: - -* A reproducible test case or series of steps -* The version of our code being used -* Any modifications you've made relevant to the bug -* Anything unusual about your environment or deployment - - -## Contributing via Pull Requests -Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure the following: - -1. You are working against the latest source on the *main* branch. -2. You check existing open and recently merged pull requests to make sure someone else hasn't addressed the problem already. -3. You open an issue to discuss any significant work - we would hate to waste your time. - -To send us a pull request, please: - -1. Fork the repository. -2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. -3. Ensure local tests pass. -4. Commit to your fork using clear commit messages. -5. Send us a pull request, answering any default questions in the pull request interface. -6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. - -GitHub provides additional documents on [forking a repository](https://help.github.com/articles/fork-a-repo/) and -[creating a pull request](https://help.github.com/articles/creating-a-pull-request/). - - -## Finding contributions to work on -Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. - - -## Code of Conduct -Please review the adopted [code of conduct](CODE_OF_CONDUCT.md) and make sure you follow the guidelines. - - -## Licensing - -See the [LICENSE](LICENSE) file for our project's licensing. By contributing, you agree that your contributions will be licensed under the existing license. - diff --git a/01-serverless-image-resizer/LICENSE b/01-serverless-image-resizer/LICENSE deleted file mode 100644 index 061fa11..0000000 --- a/01-serverless-image-resizer/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2023 LocalStack GmbH - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/01-serverless-image-resizer/README.md b/01-serverless-image-resizer/README.md deleted file mode 100644 index 91a8b87..0000000 --- a/01-serverless-image-resizer/README.md +++ /dev/null @@ -1,262 +0,0 @@ -# Serverless image resizer - -[![LocalStack Pods Launchpad](https://localstack.cloud/gh/launch-pod-badge.svg)](https://app.localstack.cloud/launchpad?url=https://github.com/localstack/sample-serverless-image-resizer-s3-lambda/releases/download/latest/release-pod.zip) - -| Key | Value | -|--------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Environment | | -| Services | S3, SSM, Lambda, SNS, SES | -| Integrations | AWS SDK, AWS CLI, GitHub actions, pytest | -| Categories | Serverless, S3 notifications, S3 website, Lambda function URLs, LocalStack developer endpoints, JavaScript, Python | | -| Level | Intermediate | - -## Introduction - -This is an app to resize images uploaded to S3 in a serverless way. -A simple web fronted using HTML and JavaScript provides a way for users to upload images that are resized and listed. -We use a Lambda to generate S3 pre-signed URLs so the upload form can upload directly to S3 rather than going through the Lambda. -S3 bucket notifications are used to trigger a Python Lambda that runs image resizing. -Another Lambda is used to list all uploaded and resized images, and provide pre-signed URLs for the browser to display them. -We also demonstrate how Lambda failures can submit to SNS, which can then trigger an SES email. -Using the LocalStack internal `/_localstack/aws/ses` endpoint, we can run end-to-end integration tests to verify that emails have been sent correctly. - -Here's a short summary of AWS service features we use: -* S3 bucket notifications to trigger a Lambda -* S3 pre-signed POST -* S3 website -* Lambda function URLs -* Lambda SNS on failure destination -* SNS to SES Subscriptions -* SES LocalStack testing endpoint - -Here's the web application in action: - -https://user-images.githubusercontent.com/3996682/229314248-86122e9e-0150-4292-b889-401e6fb8f398.mp4 - -Moreover, the repo includes a GitHub actions workflow to demonstrate how to run end-to-end tests of your AWS apps using LocalStack in CI. -The GitHub workflow runs a set of integration tests using pytest. - -## Architecture overview - -![Screenshot at 2023-04-02 01-32-56](https://user-images.githubusercontent.com/3996682/229322761-92f52eec-5bfb-412a-a3cb-8af4ee1fed24.png) - -## Prerequisites - -### Dev environment - -Make sure you use the same version as the Python Lambdas to make Pillow work. -If you use pyenv, then first install and activate Python 3.9: - -```bash -pyenv install 3.9.16 -pyenv global 3.9.16 -``` - -```console -% python --version -Python 3.9.16 -``` - -Create a virtualenv and install all the development dependencies there: - -```bash -python -m venv .venv -source .venv/bin/activate -pip install -r requirements-dev.txt -``` - -### LocalStack - -Start LocalStack Pro with the appropriate CORS configuration for the S3 Website: - -```bash -LOCALSTACK_AUTH_TOKEN=... localstack start -``` - -## Instructions - -You can create the AWS infrastructure on LocalStack by running `bin/deploy.sh`. -Make sure you have Python 3.9 activated before running the script. - -Here are instructions to deploy it manually step-by-step. - -### Create the buckets - -The names are completely configurable via SSM: - -```bash -awslocal s3 mb s3://localstack-thumbnails-app-images -awslocal s3 mb s3://localstack-thumbnails-app-resized -``` - -### Put the bucket names into the parameter store - -```bash -awslocal ssm put-parameter --name /localstack-thumbnail-app/buckets/images --type "String" --value "localstack-thumbnails-app-images" -awslocal ssm put-parameter --name /localstack-thumbnail-app/buckets/resized --type "String" --value "localstack-thumbnails-app-resized" -``` - -### Create the DLQ Topic for failed lambda invokes - -```bash -awslocal sns create-topic --name failed-resize-topic -``` - -Subscribe an email address to it (to alert us immediately if an image resize fails!). - -```bash -awslocal sns subscribe \ - --topic-arn arn:aws:sns:us-east-1:000000000000:failed-resize-topic \ - --protocol email \ - --notification-endpoint my-email@example.com -``` - -### Create the lambdas - -#### S3 pre-signed POST URL generator - -This Lambda is responsible for generating pre-signed POST URLs to upload files to an S3 bucket. - -```bash -(cd lambdas/presign; rm -f lambda.zip; zip lambda.zip handler.py) -awslocal lambda create-function \ - --function-name presign \ - --runtime python3.9 \ - --timeout 10 \ - --zip-file fileb://lambdas/presign/lambda.zip \ - --handler handler.handler \ - --role arn:aws:iam::000000000000:role/lambda-role -``` - -Create the function URL: - -```bash -awslocal lambda create-function-url-config \ - --function-name presign \ - --auth-type NONE -``` - -Copy the `FunctionUrl` from the response, you will need it later to make the app work. - -### Image lister lambda - -The `list` Lambda is very similar: - -```bash -(cd lambdas/list; rm -f lambda.zip; zip lambda.zip handler.py) -awslocal lambda create-function \ - --function-name list \ - --handler handler.handler \ - --zip-file fileb://lambdas/list/lambda.zip \ - --runtime python3.9 \ - --role arn:aws:iam::000000000000:role/lambda-role -``` - -Create the function URL: - -```bash -awslocal lambda create-function-url-config \ - --function-name list \ - --auth-type NONE -``` - -### Resizer Lambda - -```bash -( - cd lambdas/resize - rm -rf package lambda.zip - mkdir package - pip install -r requirements.txt -t package - zip lambda.zip handler.py - cd package - zip -r ../lambda.zip *; -) -awslocal lambda create-function \ - --function-name resize \ - --runtime python3.9 \ - --timeout 10 \ - --zip-file fileb://lambdas/resize/lambda.zip \ - --handler handler.handler \ - --dead-letter-config TargetArn=arn:aws:sns:us-east-1:000000000000:failed-resize-topic \ - --role arn:aws:iam::000000000000:role/lambda-role -``` - -### Connect the S3 bucket to the resizer lambda - -```bash -awslocal s3api put-bucket-notification-configuration \ - --bucket localstack-thumbnails-app-images \ - --notification-configuration "{\"LambdaFunctionConfigurations\": [{\"LambdaFunctionArn\": \"$(awslocal lambda get-function --function-name resize | jq -r .Configuration.FunctionArn)\", \"Events\": [\"s3:ObjectCreated:*\"]}]}" -``` - -### Create the static s3 webapp - -```bash -awslocal s3 mb s3://webapp -awslocal s3 sync --delete ./website s3://webapp -awslocal s3 website s3://webapp --index-document index.html -``` - -### Using the application - -Once deployed, visit http://webapp.s3-website.localhost.localstack.cloud:4566 - -Paste the Function URL of the presign Lambda you created earlier into the form field. -```bash -awslocal lambda list-function-url-configs --function-name presign -awslocal lambda list-function-url-configs --function-name list -``` - -After uploading a file, you can download the resized file from the `localstack-thumbnails-app-resized` bucket. - -### Testing failures - -If the `resize` Lambda fails, an SNS message is sent to a topic that an SES subscription listens to. -An email is then sent with the raw failure message. -In a real scenario you'd probably have another lambda sitting here, but it's just for demo purposes. -Since there's no real email server involved, you can use the [SES developer endpoint](https://docs.localstack.cloud/user-guide/aws/ses/) to list messages that were sent via SES: - -```bash -curl -s http://localhost.localstack.cloud:4566/_aws/ses -``` - -An alternative is to use a service like MailHog or smtp4dev, and start LocalStack using `SMTP_HOST=host.docker.internal:1025` pointing to the mock SMTP server. - -### Run integration tests - -Once all resource are created on LocalStack, you can run the automated integration tests. - -```bash -pytest tests/ -``` - -### GitHub Action - -The demo LocalStack in CI, `.github/workflows/integration-test.yml` contains a GitHub Action that starts up LocalStack, -deploys the infrastructure to it, and then runs the integration tests. - -## Contributing - -We appreciate your interest in contributing to our project and are always looking for new ways to improve the developer experience. We welcome feedback, bug reports, and even feature ideas from the community. -Please refer to the [contributing file](CONTRIBUTING.md) for more details on how to get started. - -## Cloud Pods - -[Cloud Pods](https://docs.localstack.cloud/user-guide/tools/cloud-pods/) are a mechanism that allows you to take a snapshot of the state in your current LocalStack instance, persist it to a storage backend, and easily share it with your team members. - -You can convert your current AWS infrastructure state to a Cloud Pod using the `localstack` CLI. -Check out our [Getting Started guide](https://docs.localstack.cloud/user-guide/tools/cloud-pods/getting-started/) and [LocalStack Cloud Pods CLI reference](https://docs.localstack.cloud/user-guide/tools/cloud-pods/pods-cli/) to learn more about Cloud Pods and how to use them. - -To inject a Cloud Pod you can use [Cloud Pods Launchpad](https://docs.localstack.cloud/user-guide/tools/cloud-pods/launchpad/) wich quickly injects Cloud Pods into your running LocalStack container. - -Click here [![LocalStack Pods Launchpad](https://localstack.cloud/gh/launch-pod-badge.svg)](https://app.localstack.cloud/launchpad?url=https://github.com/localstack/sample-serverless-image-resizer-s3-lambda/releases/download/latest/release-pod.zip) to launch the Cloud Pods Launchpad and inject the Cloud Pod for this application by clicking the `Inject` button. - - -Alternatively, you can inject the pod by using the `localstack` CLI. -First, you need to download the pod you want to inject from the [releases](https://github.com/localstack/sample-serverless-image-resizer-s3-lambda/releases). -Then run: - -```sh -localstack pod load file://$(pwd)/release-pod.zip -``` diff --git a/01-serverless-image-resizer/bin/deploy.sh b/01-serverless-image-resizer/bin/deploy.sh deleted file mode 100755 index 53fb904..0000000 --- a/01-serverless-image-resizer/bin/deploy.sh +++ /dev/null @@ -1,129 +0,0 @@ -#!/bin/bash - -jq --version || { - echo "Please make sure you install jq before running the deploy script" - echo " Mac: brew install jq" - echo " Ubuntu: sudo apt install jq" - exit 1 -} - -export AWS_ACCOUNT_ID=000000000000 -if [ "$AWS_DEFAULT_REGION" = "" ]; then - export AWS_DEFAULT_REGION=us-east-1 -fi - -awslocal s3 mb s3://localstack-thumbnails-app-images -awslocal s3 mb s3://localstack-thumbnails-app-resized - -awslocal ssm put-parameter --name /localstack-thumbnail-app/buckets/images --type "String" --value "localstack-thumbnails-app-images" -awslocal ssm put-parameter --name /localstack-thumbnail-app/buckets/resized --type "String" --value "localstack-thumbnails-app-resized" - -awslocal sns create-topic --name failed-resize-topic -awslocal sns subscribe \ - --topic-arn arn:aws:sns:$AWS_DEFAULT_REGION:$AWS_ACCOUNT_ID:failed-resize-topic \ - --protocol email \ - --notification-endpoint my-email@example.com - -(cd lambdas/presign; rm -f lambda.zip; zip lambda.zip handler.py) -awslocal lambda create-function \ - --function-name presign \ - --runtime python3.10 \ - --timeout 10 \ - --zip-file fileb://lambdas/presign/lambda.zip \ - --handler handler.handler \ - --role arn:aws:iam::$AWS_ACCOUNT_ID:role/lambda-role - -awslocal lambda wait function-active-v2 --function-name presign - -awslocal lambda create-function-url-config \ - --function-name presign \ - --auth-type NONE - -(cd lambdas/list; rm -f lambda.zip; zip lambda.zip handler.py) -awslocal lambda create-function \ - --function-name list \ - --runtime python3.10 \ - --timeout 10 \ - --zip-file fileb://lambdas/list/lambda.zip \ - --handler handler.handler \ - --role arn:aws:iam::$AWS_ACCOUNT_ID:role/lambda-role - -awslocal lambda wait function-active-v2 --function-name list - -awslocal lambda create-function-url-config \ - --function-name list \ - --auth-type NONE - -os=$(uname -s) -if [ "$os" == "Darwin" ] || [ "$CODESPACES" != "true" ]; then - ( - cd lambdas/resize - rm -rf lambda.zip - docker run --platform linux/x86_64 -v "$PWD":/var/task "public.ecr.aws/sam/build-python3.10" /bin/sh -c "pip install -r requirements.txt -t libs; exit" - (cd libs && zip -r ../lambda.zip .) - zip lambda.zip handler.py - ) -else - ( - cd lambdas/resize - rm -rf package lambda.zip - mkdir -p package - pip install -r requirements.txt -t package - zip lambda.zip handler.py - cd package - zip -r ../lambda.zip * - ) -fi - -awslocal lambda create-function \ - --function-name resize \ - --runtime python3.10 \ - --timeout 10 \ - --zip-file fileb://lambdas/resize/lambda.zip \ - --handler handler.handler \ - --dead-letter-config TargetArn=arn:aws:sns:$AWS_DEFAULT_REGION:$AWS_ACCOUNT_ID:failed-resize-topic \ - --role arn:aws:iam::$AWS_ACCOUNT_ID:role/lambda-role - -awslocal lambda wait function-active-v2 --function-name resize - -# additionally expose API Gateway endpoints for the list/presign Lambdas, to enable path-based execution in Codespaces -presignLambdaArn=arn:aws:lambda:$AWS_DEFAULT_REGION:$AWS_ACCOUNT_ID:function:presign -apiId=$(awslocal apigatewayv2 create-api --name presign --protocol-type HTTP --tags '_custom_id_=presign' | jq -r .ApiId) -intId=$(awslocal apigatewayv2 create-integration --api-id $apiId --integration-type AWS_PROXY --payload-format-version 2.0 --integration-uri $presignLambdaArn | jq -r .IntegrationId) -awslocal apigatewayv2 create-route --api-id $apiId --authorization-type NONE --route-key "GET /{proxy+}" --target "integrations/$intId" | jq -r .RouteId -awslocal apigatewayv2 create-stage --api-id $apiId --stage-name '$default' --auto-deploy - -listLambdaArn=arn:aws:lambda:$AWS_DEFAULT_REGION:$AWS_ACCOUNT_ID:function:list -apiId=$(awslocal apigatewayv2 create-api --name list --protocol-type HTTP --tags '_custom_id_=list' | jq -r .ApiId) -intId=$(awslocal apigatewayv2 create-integration --api-id $apiId --integration-type AWS_PROXY --payload-format-version 2.0 --integration-uri $listLambdaArn | jq -r .IntegrationId) -awslocal apigatewayv2 create-route --api-id $apiId --authorization-type NONE --route-key "GET /" --target "integrations/$intId" | jq -r .RouteId -awslocal apigatewayv2 create-stage --api-id $apiId --stage-name '$default' --auto-deploy - - -awslocal s3api put-bucket-notification-configuration \ - --bucket localstack-thumbnails-app-images \ - --notification-configuration "{\"LambdaFunctionConfigurations\": [{\"LambdaFunctionArn\": \"$(awslocal lambda get-function --function-name resize | jq -r .Configuration.FunctionArn)\", \"Events\": [\"s3:ObjectCreated:*\"]}]}" - -awslocal s3 mb s3://webapp -awslocal s3 sync --delete ./website s3://webapp -awslocal s3 website s3://webapp --index-document index.html - -echo "---------------------------------------------------------------------" -echo "" -echo "🎉 Success!" -echo "" - -# print the function URLs -echo "Function URL for 'presign' Lambda: $(awslocal lambda list-function-url-configs --function-name presign | jq -r '.FunctionUrlConfigs[0].FunctionUrl')" -echo "Function URL for 'list' Lambda: $(awslocal lambda list-function-url-configs --function-name list | jq -r '.FunctionUrlConfigs[0].FunctionUrl')" -echo -echo "Note: When using Codespaces, we need to use slightly different Lambda function endpoints." -echo "Replace '' with the endpoint of your Codespace environment in the URLs below:" -echo "'presign' Lambda: https://-4566.preview.app.github.dev/restapis/presign/dev/_user_request_" -echo "'list' Lambda: https://-4566.preview.app.github.dev/restapis/list/dev/_user_request_" - -# Optional: use the following to test Lambda hot reloading: -# scriptDir=$(dirname "$0") -# awslocal lambda update-function-code --function-name list --s3-bucket hot-reload --s3-key "$scriptDir/lambdas/list" -# or, when running from the terminal directly (instead of this script): -# awslocal lambda update-function-code --function-name list --s3-bucket hot-reload --s3-key "$(pwd)/lambdas/list" diff --git a/01-serverless-image-resizer/lambdas/list/handler.py b/01-serverless-image-resizer/lambdas/list/handler.py deleted file mode 100644 index a18440e..0000000 --- a/01-serverless-image-resizer/lambdas/list/handler.py +++ /dev/null @@ -1,76 +0,0 @@ -import json -import os -import typing - -import boto3 - -if typing.TYPE_CHECKING: - from mypy_boto3_s3 import S3Client - from mypy_boto3_ssm import SSMClient - -endpoint_url = os.getenv("AWS_ENDPOINT_URL") - -s3: "S3Client" = boto3.client("s3", endpoint_url=endpoint_url) -ssm: "SSMClient" = boto3.client("ssm", endpoint_url=endpoint_url) - - -def get_bucket_name_images() -> str: - parameter = ssm.get_parameter(Name="/localstack-thumbnail-app/buckets/images") - return parameter["Parameter"]["Value"] - - -def get_bucket_name_resized() -> str: - parameter = ssm.get_parameter(Name="/localstack-thumbnail-app/buckets/resized") - return parameter["Parameter"]["Value"] - - -def handler(event, context): - images_bucket = get_bucket_name_images() - images = s3.list_objects(Bucket=images_bucket) - - result = {} - # collect the original images - for obj in images.get("Contents", []): - result[obj["Key"]] = { - "Name": obj["Key"], - "Timestamp": obj["LastModified"].isoformat(), - "Original": { - "Size": obj["Size"], - "URL": s3.generate_presigned_url( - ClientMethod="get_object", - Params={"Bucket": images_bucket, "Key": obj["Key"]}, - ExpiresIn=3600, - ), - }, - } - - # collect the associated resized images - resized_bucket = get_bucket_name_resized() - images = s3.list_objects(Bucket=resized_bucket) - for obj in images.get("Contents", []): - if obj["Key"] not in result: - continue - result[obj["Key"]]["Resized"] = { - "Size": obj["Size"], - "URL": s3.generate_presigned_url( - ClientMethod="get_object", - Params={"Bucket": resized_bucket, "Key": obj["Key"]}, - ExpiresIn=3600, - ), - } - - result = list(sorted(result.values(), key=lambda k: k["Timestamp"], reverse=True)) - - if "routeKey" in event: - # looks like an API Gateway event -> convert to JSON string - result = json.dumps(result) - - # Note: modify result here, to test Lambda hot reloading. For example, uncomment the following code: - # result = [] - # result.append({"Name": "Test Entry", "Original": {}, "Resized": {"URL":"https://localstack.cloud/images/header-logo-new.svg"}}) - - return result - - -if __name__ == "__main__": - print(handler(None, None)) diff --git a/01-serverless-image-resizer/lambdas/presign/handler.py b/01-serverless-image-resizer/lambdas/presign/handler.py deleted file mode 100644 index 771b71b..0000000 --- a/01-serverless-image-resizer/lambdas/presign/handler.py +++ /dev/null @@ -1,49 +0,0 @@ -import json -import os -import typing - -import boto3 -from botocore.exceptions import ClientError - -if typing.TYPE_CHECKING: - from mypy_boto3_s3 import S3Client - from mypy_boto3_ssm import SSMClient - -endpoint_url = os.getenv("AWS_ENDPOINT_URL") - -s3: "S3Client" = boto3.client("s3", endpoint_url=endpoint_url) -ssm: "SSMClient" = boto3.client("ssm", endpoint_url=endpoint_url) - - -def get_bucket_name() -> str: - parameter = ssm.get_parameter(Name="/localstack-thumbnail-app/buckets/images") - return parameter["Parameter"]["Value"] - - -def handler(event, context): - bucket = get_bucket_name() - - key = event["rawPath"].lstrip("/") - if not key: - raise ValueError("no key given") - - # make sure the bucket exists - s3.create_bucket(Bucket=bucket) - - # make sure the object does not exist - try: - s3.head_object(Bucket=bucket, Key=key) - return {"statusCode": 409, "body": f"{bucket}/{key} already exists"} - except ClientError as e: - if e.response["ResponseMetadata"]["HTTPStatusCode"] != 404: - raise - - # generate the pre-signed POST url - url = s3.generate_presigned_post(Bucket=bucket, Key=key) - - # return it! - return {"statusCode": 200, "body": json.dumps(url)} - - -if __name__ == "__main__": - print(handler(None, None)) diff --git a/01-serverless-image-resizer/lambdas/resize/handler.py b/01-serverless-image-resizer/lambdas/resize/handler.py deleted file mode 100644 index 2e773ab..0000000 --- a/01-serverless-image-resizer/lambdas/resize/handler.py +++ /dev/null @@ -1,61 +0,0 @@ -# adapted from https://docs.aws.amazon.com/lambda/latest/dg/with-s3-tutorial.html -import os -import typing -import uuid -from urllib.parse import unquote_plus - -import boto3 -from PIL import Image - -if typing.TYPE_CHECKING: - from mypy_boto3_s3 import S3Client - from mypy_boto3_ssm import SSMClient - -MAX_DIMENSIONS = 400, 400 -"""The max width and height to scale the image to.""" - -endpoint_url = os.getenv("AWS_ENDPOINT_URL") - -s3: "S3Client" = boto3.client("s3", endpoint_url=endpoint_url) -ssm: "SSMClient" = boto3.client("ssm", endpoint_url=endpoint_url) - - -def get_bucket_name() -> str: - parameter = ssm.get_parameter(Name="/localstack-thumbnail-app/buckets/resized") - return parameter["Parameter"]["Value"] - - -def resize_image(image_path, resized_path): - with Image.open(image_path) as image: - # Calculate the thumbnail size - width, height = image.size - max_width, max_height = MAX_DIMENSIONS - if width > max_width or height > max_height: - ratio = max(width / max_width, height / max_height) - width = int(width / ratio) - height = int(height / ratio) - size = width, height - # Generate the resized image - image.thumbnail(size) - image.save(resized_path) - - -def download_and_resize(bucket, key) -> str: - tmpkey = key.replace("/", "") - download_path = f"/tmp/{uuid.uuid4()}{tmpkey}" - upload_path = f"/tmp/resized-{tmpkey}" - s3.download_file(bucket, key, download_path) - resize_image(download_path, upload_path) - return upload_path - - -def handler(event, context): - target_bucket = get_bucket_name() - - for record in event["Records"]: - source_bucket = record["s3"]["bucket"]["name"] - key = unquote_plus(record["s3"]["object"]["key"]) - print(source_bucket, key) - - resized_path = download_and_resize(source_bucket, key) - s3.upload_file(resized_path, target_bucket, key) diff --git a/01-serverless-image-resizer/lambdas/resize/requirements.txt b/01-serverless-image-resizer/lambdas/resize/requirements.txt deleted file mode 100644 index a6d4d60..0000000 --- a/01-serverless-image-resizer/lambdas/resize/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -Pillow==9.2.0 diff --git a/01-serverless-image-resizer/requirements-dev.txt b/01-serverless-image-resizer/requirements-dev.txt deleted file mode 100644 index cf19395..0000000 --- a/01-serverless-image-resizer/requirements-dev.txt +++ /dev/null @@ -1,11 +0,0 @@ -boto3 -requests>=2.20 -Pillow==9.2.0 -mypy_boto3_ssm -mypy_boto3_sns -mypy_boto3_s3 -mypy_boto3_lambda -black -pytest -awscli -awscli-local diff --git a/01-serverless-image-resizer/tests/nyan-cat.png b/01-serverless-image-resizer/tests/nyan-cat.png deleted file mode 100644 index 0535986..0000000 Binary files a/01-serverless-image-resizer/tests/nyan-cat.png and /dev/null differ diff --git a/01-serverless-image-resizer/tests/some-file.txt b/01-serverless-image-resizer/tests/some-file.txt deleted file mode 100644 index e693855..0000000 --- a/01-serverless-image-resizer/tests/some-file.txt +++ /dev/null @@ -1,2 +0,0 @@ -not an image! -when processing this file, the lambda will fail. diff --git a/01-serverless-image-resizer/tests/test_integration.py b/01-serverless-image-resizer/tests/test_integration.py deleted file mode 100644 index d6cb670..0000000 --- a/01-serverless-image-resizer/tests/test_integration.py +++ /dev/null @@ -1,87 +0,0 @@ -import os -import time -import typing -import uuid - -import boto3 -import pytest -import requests - -if typing.TYPE_CHECKING: - from mypy_boto3_s3 import S3Client - from mypy_boto3_ssm import SSMClient - from mypy_boto3_lambda import LambdaClient - -os.environ["AWS_DEFAULT_REGION"] = "us-east-1" -os.environ["AWS_ACCESS_KEY_ID"] = "test" -os.environ["AWS_SECRET_ACCESS_KEY"] = "test" - -s3: "S3Client" = boto3.client( - "s3", endpoint_url="http://localhost.localstack.cloud:4566" -) -ssm: "SSMClient" = boto3.client( - "ssm", endpoint_url="http://localhost.localstack.cloud:4566" -) -awslambda: "LambdaClient" = boto3.client( - "lambda", endpoint_url="http://localhost.localstack.cloud:4566" -) - - -@pytest.fixture(autouse=True) -def _wait_for_lambdas(): - # makes sure that the lambdas are available before running integration tests - awslambda.get_waiter("function_active").wait(FunctionName="presign") - awslambda.get_waiter("function_active").wait(FunctionName="resize") - awslambda.get_waiter("function_active").wait(FunctionName="list") - - -def test_s3_resize_integration(): - file = os.path.join(os.path.dirname(__file__), "nyan-cat.png") - key = os.path.basename(file) - - parameter = ssm.get_parameter(Name="/localstack-thumbnail-app/buckets/images") - source_bucket = parameter["Parameter"]["Value"] - - parameter = ssm.get_parameter(Name="/localstack-thumbnail-app/buckets/resized") - target_bucket = parameter["Parameter"]["Value"] - - s3.upload_file(file, Bucket=source_bucket, Key=key) - - # wait for the resized image to appear - s3.get_waiter("object_exists").wait(Bucket=target_bucket, Key=key) - - s3.head_object(Bucket=target_bucket, Key=key) - s3.download_file( - Bucket=target_bucket, Key=key, Filename="/tmp/nyan-cat-resized.png" - ) - - assert os.stat("/tmp/nyan-cat-resized.png").st_size < os.stat(file).st_size - - s3.delete_object(Bucket=source_bucket, Key=key) - s3.delete_object(Bucket=target_bucket, Key=key) - - -def test_failure_sns_to_ses_integration(): - file = os.path.join(os.path.dirname(__file__), "some-file.txt") - key = f"{uuid.uuid4()}-{os.path.basename(file)}" - - parameter = ssm.get_parameter(Name="/localstack-thumbnail-app/buckets/images") - source_bucket = parameter["Parameter"]["Value"] - - s3.upload_file(file, Bucket=source_bucket, Key=key) - - def _check_message(): - response = requests.get("http://localhost:4566/_aws/ses") - messages = response.json()["messages"] - assert key in messages[-1]["Body"]["text_part"] - - # retry to check for the message - for i in range(9): - try: - _check_message() - except: - time.sleep(1) - _check_message() - - # clean up resources - s3.delete_object(Bucket=source_bucket, Key=key) diff --git a/01-serverless-image-resizer/website/app.js b/01-serverless-image-resizer/website/app.js deleted file mode 100644 index faae117..0000000 --- a/01-serverless-image-resizer/website/app.js +++ /dev/null @@ -1,167 +0,0 @@ -(function ($) { - let functionUrlPresign = localStorage.getItem("functionUrlPresign"); - if (functionUrlPresign) { - $("#functionUrlPresign").val(functionUrlPresign); - } - - let functionUrlList = localStorage.getItem("functionUrlList"); - if (functionUrlList) { - console.log("function url list is", functionUrlList); - $("#functionUrlList").val(functionUrlList); - } - - let imageItemTemplate = Handlebars.compile($("#image-item-template").html()); - - const injectHostnameInUrl = (url, urlWithHost) => { - if (url.match(/https?:\/\/[\d.]+(:\d+)?\/.*/)) { - const parsedUrl = new URL(url); - const parsedUrlWithHost = new URL(urlWithHost); - parsedUrl.hostname = parsedUrlWithHost.hostname; - parsedUrl.protocol = parsedUrlWithHost.protocol; - url = parsedUrl.href; - } - return url; - }; - - $("#configForm").submit(function (event) { - if (event.preventDefault) - event.preventDefault(); - else - event.returnValue = false; - - event.preventDefault(); - - let action = $(this).find("button[type=submit]:focus").attr('name'); - - if (action == "save") { - localStorage.setItem("functionUrlPresign", $("#functionUrlPresign").val()); - localStorage.setItem("functionUrlList", $("#functionUrlList").val()); - alert("Configuration saved"); - } else if (action == "clear") { - localStorage.removeItem("functionUrlPresign"); - localStorage.removeItem("functionUrlList"); - $("#functionUrlPresign").val("") - $("#functionUrlList").val("") - alert("Configuration cleared"); - } else { - alert("Unknown action"); - } - - }); - - $("#uploadForm").submit(function (event) { - $("#uploadForm button").addClass('disabled'); - - if (event.preventDefault) - event.preventDefault(); - else - event.returnValue = false; - - event.preventDefault(); - - let fileName = $("#customFile").val().replace(/C:\\fakepath\\/i, ''); - let functionUrlPresign = $("#functionUrlPresign").val(); - - // modify the original form - console.log(fileName, functionUrlPresign); - - let urlToCall = functionUrlPresign + "/" + fileName - console.log(urlToCall); - - let form = this; - - $.ajax({ - url: urlToCall, - success: function (data) { - console.log("got pre-signed POST URL", data); - if (!data.fields) { - data = JSON.parse(data); - } - - // set form fields to make it easier to serialize - let fields = data.fields; - $(form).attr("action", data.url); - for (let key in fields) { - $("#" + key).val(fields[key]); - } - - let formData = new FormData($("#uploadForm")[0]); - console.log("sending form data", formData); - - // make sure we have the right hostname in the presigned URL - let url = injectHostnameInUrl(data.url, functionUrlPresign); - - $.ajax({ - type: "POST", - url, - data: formData, - processData: false, - contentType: false, - success: function () { - alert("success!"); - updateImageList(); - }, - error: function () { - alert("error! check the logs"); - }, - complete: function (event) { - console.log("done", event); - $("#uploadForm button").removeClass('disabled'); - } - }); - }, - error: function (e) { - console.log("error", e); - alert("error getting pre-signed URL. check the logs!"); - $("#uploadForm button").removeClass('disabled'); - } - }); - }); - - function updateImageList() { - let listUrl = $("#functionUrlList").val(); - if (!listUrl) { - alert("Please set the function URL of the list Lambda"); - return - } - if (!listUrl.endsWith("/")) { - listUrl += "/"; - } - - $.ajax({ - url: listUrl, - success: function (response) { - $('#imagesContainer').empty(); // Empty imagesContainer - response = response || []; - if (!Array.isArray(response)) { - response = JSON.parse(response); - } - response.forEach(function (item) { - console.log(item); - const functionUrlPresign = $("#functionUrlPresign").val(); - if (item.Original && item.Original.URL) { - item.Original.URL = injectHostnameInUrl(item.Original.URL, functionUrlPresign); - } - if (item.Resized && item.Resized.URL) { - item.Resized.URL = injectHostnameInUrl(item.Resized.URL, functionUrlPresign); - } - let cardHtml = imageItemTemplate(item); - $("#imagesContainer").append(cardHtml); - }); - }, - error: function (jqXHR, textStatus, errorThrown) { - console.log("Error:", textStatus, errorThrown); - alert("error! check the logs"); - } - }); - } - - $("#updateImageListButton").click(function (event) { - updateImageList(); - }); - - if (functionUrlList) { - updateImageList(); - } - -})(jQuery); diff --git a/01-serverless-image-resizer/website/favicon.ico b/01-serverless-image-resizer/website/favicon.ico deleted file mode 100644 index 2e20dd3..0000000 Binary files a/01-serverless-image-resizer/website/favicon.ico and /dev/null differ diff --git a/01-serverless-image-resizer/website/index.html b/01-serverless-image-resizer/website/index.html deleted file mode 100644 index 4562aa1..0000000 --- a/01-serverless-image-resizer/website/index.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - Serverless image resizer - - - - - - -
-
- - Serverless thumbnail generator - -
- -
-
-
- Configuration -
-
-
- Set the Lambda Function URLs here -
-
-
- - -
-
- - -
-
- - -
-
-
-
-
- -
-

Upload your file

-
-
-
- Input -
-
-
Form
-

- This form calls the presign Lambda to request a S3 pre-signed POST URL, - and then forwards the POST request directly to S3. - Resizing the image to max 400x400 pixels happens asynchronously through S3 bucket notifications. - If the resizing of an image fails, then an SNS message will be sent, which will trigger an SES email - notification. You can find those by visiting http://localhost.localstack.cloud:4566/_aws/ses -

-
-
- - -
-
- -
- - - - - -
-
-
-
- -
-
-
-

List your files

-
-
- -
-
-

- The images you uploaded should be shown here. - When the refresh action is triggered, the browser makes a request to the list Lambda URL - which returns a JSON document of all items in the images and the resized images bucket. The Javascript - then populates the list below using a Handlebars template. -

-
-
-
-
-
- Created by the LocalStack team - © 2023 -
-
- - - - - - - - - - - - - - - - - diff --git a/02-e2e-testing/tests/conftest.py b/02-e2e-testing/tests/conftest.py index 6fed019..680c550 100644 --- a/02-e2e-testing/tests/conftest.py +++ b/02-e2e-testing/tests/conftest.py @@ -33,4 +33,4 @@ def api_endpoint(): ["tflocal", "output", "-json", "api_endpoint"], cwd="../01-serverless-app/terraform", ) - return json.loads(result)["value"] + return json.loads(result) diff --git a/02-e2e-testing/tests/test_order_flow.py b/02-e2e-testing/tests/test_order_flow.py index 11b4fdb..4bf0068 100644 --- a/02-e2e-testing/tests/test_order_flow.py +++ b/02-e2e-testing/tests/test_order_flow.py @@ -4,7 +4,7 @@ def test_create_order_returns_order_id(api_endpoint): - resp = requests.post(f"{api_endpoint}/orders", json={"item": "book", "quantity": 2}) + resp = requests.post(f"{api_endpoint}/orders", json={"item": "LocalStack T-Shirt", "quantity": 2}) assert resp.status_code == 201 data = resp.json() assert "order_id" in data @@ -12,31 +12,43 @@ def test_create_order_returns_order_id(api_endpoint): def test_order_persisted_in_dynamodb(api_endpoint, dynamodb): - resp = requests.post(f"{api_endpoint}/orders", json={"item": "mug", "quantity": 1}) + resp = requests.post(f"{api_endpoint}/orders", json={"item": "LocalStack Mug", "quantity": 1}) order_id = resp.json()["order_id"] table = dynamodb.Table("orders") item = table.get_item(Key={"order_id": order_id})["Item"] - assert item["item"] == "mug" + assert item["item"] == "LocalStack Mug" assert item["status"] == "pending" -def test_order_processed_and_receipt_in_s3(api_endpoint, dynamodb, s3): - resp = requests.post(f"{api_endpoint}/orders", json={"item": "t-shirt", "quantity": 3}) +def test_order_fulfilled_and_receipt_in_s3(api_endpoint, dynamodb, s3): + resp = requests.post(f"{api_endpoint}/orders", json={"item": "LocalStack Hoodie", "quantity": 1}) + assert resp.status_code == 201 order_id = resp.json()["order_id"] - # Wait for async SQS → Lambda processing (up to 10s) + # Wait for full pipeline: SQS → Lambda → Step Functions → ECS (up to 60s) table = dynamodb.Table("orders") - for _ in range(20): + for _ in range(300): item = table.get_item(Key={"order_id": order_id})["Item"] - if item["status"] == "processed": + if item["status"] in ("fulfilled", "failed"): break time.sleep(0.5) else: - raise AssertionError(f"Order {order_id} never reached 'processed' status") + raise AssertionError(f"Order {order_id} never reached terminal status (last: {item['status']})") + + assert item["status"] == "fulfilled", f"Expected fulfilled, got {item['status']}" - # Verify receipt uploaded to S3 + # Verify receipt uploaded to S3 by the ECS fulfillment task obj = s3.get_object(Bucket="order-receipts", Key=f"receipts/{order_id}.json") receipt = json.loads(obj["Body"].read()) assert receipt["order_id"] == order_id - assert receipt["status"] == "processed" + assert receipt["status"] == "fulfilled" + + +def test_products_listed(api_endpoint): + resp = requests.get(f"{api_endpoint}/products") + assert resp.status_code == 200 + products = resp.json() + assert len(products) > 0 + names = [p["name"] for p in products] + assert any("LocalStack" in n for n in names) diff --git a/02-serverless-api-ecs-apigateway/.gitignore b/02-serverless-api-ecs-apigateway/.gitignore deleted file mode 100644 index efee2d9..0000000 --- a/02-serverless-api-ecs-apigateway/.gitignore +++ /dev/null @@ -1,323 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# Lockfiles -.terraform.lock.hcl - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log -crash.*.log - -# Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars -*.tfvars.json - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Ignore CLI configuration files -.terraformrc -terraform.rc - -# Logs -logs -*.log -npm-debug.log* -yarn-debug.log* -yarn-error.log* -lerna-debug.log* -.pnpm-debug.log* - -# Diagnostic reports (https://nodejs.org/api/report.html) -report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json - -# Runtime data -pids -*.pid -*.seed -*.pid.lock - -# Directory for instrumented libs generated by jscoverage/JSCover -lib-cov - -# Coverage directory used by tools like istanbul -coverage -*.lcov - -# nyc test coverage -.nyc_output - -# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) -.grunt - -# Bower dependency directory (https://bower.io/) -bower_components - -# node-waf configuration -.lock-wscript - -# Compiled binary addons (https://nodejs.org/api/addons.html) -build/Release - -# Dependency directories -node_modules/ -jspm_packages/ - -# Snowpack dependency directory (https://snowpack.dev/) -web_modules/ - -# TypeScript cache -*.tsbuildinfo - -# Optional npm cache directory -.npm - -# Optional eslint cache -.eslintcache - -# Optional stylelint cache -.stylelintcache - -# Microbundle cache -.rpt2_cache/ -.rts2_cache_cjs/ -.rts2_cache_es/ -.rts2_cache_umd/ - -# Optional REPL history -.node_repl_history - -# Output of 'npm pack' -*.tgz - -# Yarn Integrity file -.yarn-integrity - -# dotenv environment variable files -.env -.env.development.local -.env.test.local -.env.production.local -.env.local - -# parcel-bundler cache (https://parceljs.org/) -.cache -.parcel-cache - -# Next.js build output -.next -out - -# Nuxt.js build / generate output -.nuxt -dist - -# Gatsby files -.cache/ -# Comment in the public line in if your project uses Gatsby and not Next.js -# https://nextjs.org/blog/next-9-1#public-directory-support -# public - -# vuepress build output -.vuepress/dist - -# vuepress v2.x temp and cache directory -.temp -.cache - -# Docusaurus cache and generated files -.docusaurus - -# Serverless directories -.serverless/ - -# FuseBox cache -.fusebox/ - -# DynamoDB Local files -.dynamodb/ - -# TernJS port file -.tern-port - -# Stores VSCode versions used for testing VSCode extensions -.vscode-test - -# yarn v2 -.yarn/cache -.yarn/unplugged -.yarn/build-state.yml -.yarn/install-state.gz -.pnp.* - -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ -cover/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -.pybuilder/ -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -# For a library or package, you might want to ignore these files since the code is -# intended to run in multiple environments; otherwise, check them in: -# .python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# poetry -# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. -# This is especially recommended for binary packages to ensure reproducibility, and is more -# commonly ignored for libraries. -# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control -#poetry.lock - -# pdm -# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. -#pdm.lock -# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it -# in version control. -# https://pdm.fming.dev/#use-with-ide -.pdm.toml - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ - -# pytype static type analyzer -.pytype/ - -# Cython debug symbols -cython_debug/ - -# PyCharm -# JetBrains specific template is maintained in a separate JetBrains.gitignore that can -# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore -# and can be added to the global gitignore or merged into this file. For a more nuclear -# option (not recommended) you can uncomment the following to ignore the entire idea folder. -#.idea/ \ No newline at end of file diff --git a/02-serverless-api-ecs-apigateway/LICENSE b/02-serverless-api-ecs-apigateway/LICENSE deleted file mode 100644 index 261eeb9..0000000 --- a/02-serverless-api-ecs-apigateway/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/02-serverless-api-ecs-apigateway/Makefile b/02-serverless-api-ecs-apigateway/Makefile deleted file mode 100644 index 404de4b..0000000 --- a/02-serverless-api-ecs-apigateway/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -export AWS_ACCESS_KEY_ID ?= test -export AWS_SECRET_ACCESS_KEY ?= test -export AWS_DEFAULT_REGION=us-east-1 -SHELL := /bin/bash - -usage: ## Show this help - @fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//' - -install: ## Install dependencies - @which localstack || pip install localstack - @which awslocal || pip install awscli-local - @which tflocal || pip install --upgrade terraform-local - -terraform-setup: ## Set up Terraform - cd terraform; \ - tflocal init; \ - echo "Deploying Terraform configuration 🚀"; \ - tflocal apply --auto-approve; - -cloudformation-setup: ## Set up CloudFormation - cd cloudformation; \ - STACK="stack1"; \ - CF_FILE="ecsapi-demo-cloudformation.yaml"; \ - echo "Deploying CloudFormation stack 🚀"; \ - awslocal cloudformation create-stack --stack-name $$STACK --template-body file://$$CF_FILE; \ - -run: ## Run the sample app - @echo "Building Web assets and uploading to local S3 bucket đŸĒŖ"; \ - cd client-application-react; \ - test -e node_modules || yarn; \ - test -e build/index.html || NODE_OPTIONS=--openssl-legacy-provider yarn build; \ - awslocal s3 mb s3://sample-app; \ - awslocal s3 sync build s3://sample-app; \ - API_ID=$$(awslocal apigatewayv2 get-apis | jq -r '.Items[] | select(.Name=="ecsapi-demo") | .ApiId'); \ - POOL_ID=$$(awslocal cognito-idp list-user-pools --max-results 1 | jq -r '.UserPools[0].Id'); \ - CLIENT_ID=$$(awslocal cognito-idp list-user-pool-clients --user-pool-id $$POOL_ID | jq -r '.UserPoolClients[0].ClientId'); \ - URL="http://sample-app.s3.localhost.localstack.cloud:4566/index.html?stackregion=us-east-1&stackhttpapi=$$API_ID&stackuserpool=$$POOL_ID&stackuserpoolclient=$$CLIENT_ID"; \ - echo "Check out the sample application 🤩"; \ - echo $$URL - -start: ## Start LocalStack in detached mode - EXTRA_CORS_ALLOWED_ORIGINS=http://sample-app.s3.localhost.localstack.cloud:4566 DISABLE_CUSTOM_CORS_APIGATEWAY=1 localstack start -d - -stop: ## Stop the running LocalStack container - @echo - localstack stop - -ready: ## Make sure the LocalStack container is up - @echo Waiting on the LocalStack container... - @localstack wait -t 30 && echo LocalStack is ready to use! || (echo Gave up waiting on LocalStack, exiting. && exit 1) - -logs: ## Save the logs in a logs.txt file - @localstack logs > logs.txt - -.PHONY: usage install run start stop ready logs diff --git a/02-serverless-api-ecs-apigateway/README.md b/02-serverless-api-ecs-apigateway/README.md deleted file mode 100644 index a6e850f..0000000 --- a/02-serverless-api-ecs-apigateway/README.md +++ /dev/null @@ -1,299 +0,0 @@ -# Serverless Container-based APIs with Amazon ECS and Amazon API Gateway - -| Key | Value | -| ------------ | ------------------------------------------------------------------------------------- | -| Environment | | -| Services | S3, DynamoDB, Elastic Container Service, API Gateway, Cognito, IAM | -| Integrations | Terraform, CloudFormation, AWS CLI | -| Categories | Serverless; Containers; Security, Identity, and Compliance | -| Level | Intermediate | -| GitHub | [Repository link](https://github.com/localstack/serverless-api-ecs-apigateway-sample) | - -## Introduction - -The Serverless Container-based APIs with Amazon ECS and Amazon API Gateway application sample demonstrate how you can launch and test a sample container-based API. This application sample implements an example API with two services — “Food store” to `PUT` & `GET` foods, and “Pet store” to `PUT` & `GET` pets. The application client is implemented using ReactJS, which allows unauthenticated users to use only `GET` requests, while authenticated users can utilize `GET` and `PUT` requests. Users can deploy this application sample on AWS & LocalStack using CloudFormation & Terraform with minimal changes. To test this application sample, we will demonstrate how you use LocalStack to deploy the infrastructure on your developer machine and your CI environment. - -## Architecture diagram - -The following diagram shows the architecture that this sample application builds and deploys: - -![Architecture diagram for Serverless Container-based APIs with Amazon ECS and Amazon API Gateway sample application](./images/serverless-container-api.png) - -We are using the following AWS services and their features to build our infrastructure: - -- [Elastic Container Service](https://docs.localstack.cloud/user-guide/aws/elastic-container-service/) to create and deploy our containerized application. -- [DynamoDB](https://docs.localstack.cloud/user-guide/aws/dynamodb/) as a key-value and document database to persist our data. -- [API Gateway](https://docs.localstack.cloud/user-guide/aws/apigatewayv2/) to expose the containerized services to the user through HTTP APIs. -- [Cognito User Pools](https://docs.localstack.cloud/user-guide/aws/cognito/) for user authentication and authorizing requests to container APIs. -- [Amplify](https://docs.localstack.cloud/user-guide/aws/amplify/) to create the user client with ReactJS to send requests to container APIs. -- [S3](https://docs.localstack.cloud/user-guide/aws/s3/) to deploy the Amplify application to make the web application available to users. -- [IAM](https://docs.localstack.cloud/user-guide/aws/iam/) to create policies to specify roles and permissions for various AWS services. - -## Prerequisites - -- LocalStack Pro with the [`localstack` CLI](https://docs.localstack.cloud/getting-started/installation/#localstack-cli). -- [AWS CLI](https://docs.localstack.cloud/user-guide/integrations/aws-cli/) with the [`awslocal` wrapper](https://docs.localstack.cloud/user-guide/integrations/aws-cli/#localstack-aws-cli-awslocal). -- [Terraform](https://docs.localstack.cloud/user-guide/integrations/terraform/) with the [`tflocal` wrapper](https://docs.localstack.cloud/user-guide/integrations/terraform/#using-the-tflocal-script). -- [Node.js](https://nodejs.org/en/download/) with `npm` package manager. - -Start LocalStack Pro with the appropriate configuration to enable the S3 website to send requests to the container APIs: - -```shell -export LOCALSTACK_AUTH_TOKEN= -EXTRA_CORS_ALLOWED_ORIGINS=http://sample-app.s3.localhost.localstack.cloud:4566 DISABLE_CUSTOM_CORS_APIGATEWAY=1 DEBUG=1 localstack start -``` - -The `DISABLE_CUSTOM_CORS_APIGATEWAY` configuration variable disables CORS override by API Gateway. The `EXTRA_CORS_ALLOWED_ORIGINS` configuration variable allows our website to send requests to the container APIs. -We specified DEBUG=1 to get the printed LocalStack logs directly in the terminal (it helps later, when we need to get the Cognito confirmation code). -If you prefer running LocalStack in detached mode, you can add the `-d` flag to the `localstack start` command, and use Docker Desktop to view the logs. - -## Instructions - -You can build and deploy the sample application on LocalStack by running our `Makefile` commands. Run `make terraform-setup` or `make cloudformation-setup` to create the infrastructure on LocalStack. -Run `make run` to deploy the S3 Website and get a URL to access the application. Run `make stop` to delete the infrastructure by stopping LocalStack. - -Alternatively, here are instructions to deploy it manually step-by-step. - -## Creating the infrastructure - -To create the AWS infrastructure locally, you can either use Terraform or CloudFormation. - -### Terraform - -To create the infrastructure using Terraform, run the following commands: - -```shell -cd terraform -tflocal init -tflocal apply --auto-approve -``` - -We are using the `tflocal` wrapper to configure the local service endpoints, and send the API requests to LocalStack, instead of AWS. You can use the same Terraform configuration to deploy the infrastructure on AWS as well. - -#### CloudFormation - -To create the infrastructure using CloudFormation, run the following commands: - -```shell -cd cloudformation -export STACK="stack1" -awslocal cloudformation create-stack --stack-name $STACK --template-body file://ecsapi-demo-cloudformation.yaml -``` - -Wait for a few seconds for the infrastructure to be created. You can check the status of the stack using the following command: - -```shell -awslocal cloudformation describe-stacks --stack-name $STACK | grep StackStatus -``` - -If the `StackStatus` is `CREATE_COMPLETE`, you can proceed to the next step. - -## Building the web application - -To build the web application, navigate to the root directory of the sample application and run the following commands: - -```shell -cd client-application-react -yarn -NODE_OPTIONS=--openssl-legacy-provider yarn build -``` - -Ensure a `build` directory is created in the `client-application-react` directory. - -## Deploying the web application - -To deploy the web application, we will make an S3 bucket and sync the `build` directory to the S3 bucket. Run the following commands from the `client-application-react` directory: - -```shell -awslocal s3 mb s3://sample-app -awslocal s3 sync build s3://sample-app -``` - -To access the web application, you can run the following commands: - -```shell -export API_ID=$(awslocal apigatewayv2 get-apis | jq -r '.Items[] | select(.Name=="ecsapi-demo") | .ApiId') -export POOL_ID=$(awslocal cognito-idp list-user-pools --max-results 1 | jq -r '.UserPools[0].Id') -export CLIENT_ID=$(awslocal cognito-idp list-user-pool-clients --user-pool-id $POOL_ID | jq -r '.UserPoolClients[0].ClientId') -export URL="http://sample-app.s3.localhost.localstack.cloud:4566/index.html?stackregion=us-east-1&stackhttpapi=$API_ID&stackuserpool=$POOL_ID&stackuserpoolclient=$CLIENT_ID" -echo $URL -``` - -## Testing the web application - -To test the web application, follow these steps: - -- Open your application URL in your browser if it is displayed in the terminal. -- Create a user by clicking the **Go to Sign In!** button and navigating to the **Create Account** page. -- Follow the prompts to fill in your details, and click the **Create account** button. -- You will be prompted to enter a confirmation code displayed in the terminal, in the LocalStack logs. Use this code to confirm your Account. - -Once you have confirmed your Account, skip the email recovery step, as that endpoint is not yet implemented. The application endpoints can now add and retrieve information on your pets and food. You will find a few entries in the resources folder to get you started and explore the application. - -![Serverless Container-based APIs with Amazon ECS and Amazon API Gateway Web Interface](./images/interface.png) - -### Visualizing your data - -Navigate to [**app.localstack.cloud**](https://app.localstack.cloud/) and go to **Resources** -> **DynamoDB**. You can now see the tables created, as well as the data stored in them: - -![Displaying DynamoDB tables in the LocalStack Web Application](./images/web-app-tables.png) - -![Displaying DynamoDB table items in the LocalStack Web Application](./images/web-app-items.png) - -Alternatively, you can use the AWS CLI to query the table data. For example, to query the `FoodStoreFoods` table, run the following command: - -```bash -awslocal dynamodb scan --table-name FoodStoreFoods -``` - - -### Write a small unit test - -To test our application, we could write a simple unit test in Python. -Let us make a simple example, assuming that we have the requirements that: -- each item in the `TablePetstoreFood` table has a `foodName` key; -- each item in the `TablePetstorePets` table has a `petName` key; - -A trivial test case would look like this: - -```python -import pytest -import boto3 - - -endpoint_url = "http://localhost.localstack.cloud:4566" - -@pytest.mark.parametrize('tableName,key', [("TablePetstoreFood", "foodName"), ("TablePetstorePets", "petName")]) -def test_database(tableName, key): - dynamodb = boto3.client("dynamodb", endpoint_url=endpoint_url, region_name='us-east-1', aws_access_key_id="test", - aws_secret_access_key="test") - - response = dynamodb.scan(TableName=tableName) - - items = response["Items"] - - for item in items: - assert key in item -``` - -To make this test succeeds, we would need to first put some data in our application. Naturally, such data should be as close as possible to the "production" data. This action is usually called _seeding_ of the testing environment. -In the next step, we will explore [Cloud Pods](https://docs.localstack.cloud/user-guide/tools/cloud-pods/) as a tool to do such seeding. - -## Cloud Pods - -[Cloud Pods](https://docs.localstack.cloud/user-guide/tools/cloud-pods/) are a mechanism that allows you to take a snapshot of the state in your current LocalStack instance, persist it to a storage backend, and easily share it with your team members. - -To save your local AWS infrastructure state using Cloud Pods, you can use the `save` command with a desired name for your Cloud Pod as the first argument: - -```bash -localstack pod save -``` - -You can alternatively use the `save` command with a local file path as the first argument to save the Cloud Pod on your local file system and not the LocalStack Web Application: - -```bash -localstack pod save file:/// -``` - -The above command will create a zip file named `` to the specified location on the disk. - -The `load` command is the inverse operation of the `save` command. It retrieves the content of a previously stored Cloud Pod from the local file system or the LocalStack Web Application and injects it into the application runtime. On an alternate machine, start LocalStack with the auth token configured, and pull the Cloud Pod we created previously using the `load` command with the Cloud Pod name as the first argument: - -```bash -localstack pod load -``` - -### Generate the seed data - -Let us now generate some seeding data. -First, let us restart LocalStack to have a clean instance. -Then, let us execute the [following script](https://github.com/giograno/serverless-api-ecs-apigateway-sample/tree/main/cloud-pod-seed-tests/table.sh) to simply create the two DynamoDB tables and insert some data. - -``` -#!/bin/bash - -awslocal dynamodb create-table --cli-input-json file://food.json - -awslocal dynamodb create-table --cli-input-json file://pet.json - -awslocal dynamodb put-item \ - --table-name TablePetstorePets \ - --item '{ - "petId": {"S": "1"}, - "petName": {"S": "Dog"} - }' \ - --return-consumed-capacity TOTAL - - -awslocal dynamodb put-item \ - --table-name TablePetstoreFood \ - --item '{ - "foodId": {"S": "1"}, - "foodName": {"S": "Cat food"} - }' \ - --return-consumed-capacity TOTAL -``` - -Finally, we export a Cloud Pod with the following command: - -``` -localstack pod save file://bootstrap -``` - -Conceptually, we are now able to: - -- start our application; -- simply seed the test environment with some data; -- run our unit tests. - -In the next step, we will see how to do all this in CI. - - -## GitHub Action - -This application sample hosts an example GitHub Action workflow that starts up LocalStack, deploys the infrastructure, and checks the created resources using `awslocal`. You can find the workflow in the `.github/workflows/main.yml` file. To run the workflow, you can fork this repository and push a commit to the `main` branch. - -The most relevant steps in the CI pipeline are: - -- Starting LocalStack, after setting the auth token as a secret in GitHub. - -```yaml - - name: Start LocalStack - env: - LOCALSTACK_AUTH_TOKEN: ${{ secrets.LOCALSTACK_AUTH_TOKEN }} - DNS_ADDRESS: 0 - run: | - pip install localstack awscli-local[ver1] - pip install terraform-local - docker pull localstack/localstack-pro:latest - - # Start LocalStack in the background - localstack start -d -``` - -- Load the Cloud Pod with the seeding data after starting the application - -```yaml - - name: Seed test environment with Cloud Pod - run: | - localstack pod load https://raw.githubusercontent.com/giograno/serverless-api-ecs-apigateway-sample/main/cloud-pods-seed-tests/bootstrap - sleep 10 -``` - -- Finally, run the tests - -```yaml - - name: Run tests - run: | - cd tests - pip install pytest - pip install boto3 - pytest . -``` - - -Users can adapt this example workflow to run in their own CI environment. LocalStack supports various CI environments, including GitHub Actions, CircleCI, Jenkins, Travis CI, and more. You can find more information about the CI integration in the [LocalStack documentation](https://docs.localstack.cloud/user-guide/ci/). - -## Learn more - -The sample application is based on a public [AWS sample app](https://github.com/aws-samples/ecs-apigateway-sample) that deploys ECS containers with API Gateway to connect to. See this AWS blog post for more details: [Field Notes: Serverless Container-based APIs with Amazon ECS and Amazon API Gateway.](https://aws.amazon.com/blogs/architecture/field-notes-serverless-container-based-apis-with-amazon-ecs-and-amazon-api-gateway/) diff --git a/02-serverless-api-ecs-apigateway/client-application-react/.gitignore b/02-serverless-api-ecs-apigateway/client-application-react/.gitignore deleted file mode 100644 index 6401dae..0000000 --- a/02-serverless-api-ecs-apigateway/client-application-react/.gitignore +++ /dev/null @@ -1,40 +0,0 @@ -# See https://help.github.com/articles/ignoring-files/ for more about ignoring files. - -# dependencies -/node_modules -/.pnp -.pnp.js -.eslintcache - -# testing -/coverage - -# production -/build - -# misc -.DS_Store -.env.local -.env.development.local -.env.test.local -.env.production.local - -npm-debug.log* -yarn-debug.log* -yarn-error.log* - -#amplify -amplify/\#current-cloud-backend -amplify/.config/local-* -amplify/mock-data -amplify/backend/amplify-meta.json -amplify/backend/awscloudformation -build/ -dist/ -node_modules/ -aws-exports.js -awsconfiguration.json -amplifyconfiguration.json -amplify-build-config.json -amplify-gradle-config.json -amplifyxc.config diff --git a/02-serverless-api-ecs-apigateway/client-application-react/amplify/backend/backend-config.json b/02-serverless-api-ecs-apigateway/client-application-react/amplify/backend/backend-config.json deleted file mode 100644 index 9e26dfe..0000000 --- a/02-serverless-api-ecs-apigateway/client-application-react/amplify/backend/backend-config.json +++ /dev/null @@ -1 +0,0 @@ -{} \ No newline at end of file diff --git a/02-serverless-api-ecs-apigateway/client-application-react/amplify/team-provider-info.json b/02-serverless-api-ecs-apigateway/client-application-react/amplify/team-provider-info.json deleted file mode 100644 index 20583c9..0000000 --- a/02-serverless-api-ecs-apigateway/client-application-react/amplify/team-provider-info.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "dev": { - "awscloudformation": { - "AuthRoleName": "amplify-ecsapidemotestapi-dev-164209-authRole", - "UnauthRoleArn": "arn:aws:iam::315359227436:role/amplify-ecsapidemotestapi-dev-164209-unauthRole", - "AuthRoleArn": "arn:aws:iam::315359227436:role/amplify-ecsapidemotestapi-dev-164209-authRole", - "Region": "us-east-1", - "DeploymentBucketName": "amplify-ecsapidemotestapi-dev-164209-deployment", - "UnauthRoleName": "amplify-ecsapidemotestapi-dev-164209-unauthRole", - "StackName": "amplify-ecsapidemotestapi-dev-164209", - "StackId": "arn:aws:cloudformation:us-east-1:315359227436:stack/amplify-ecsapidemotestapi-dev-164209/6aa03c30-a0f1-11ea-b1b7-0e29088293c9", - "AmplifyAppId": "d13a5c9356pwbf" - } - } -} \ No newline at end of file diff --git a/02-serverless-api-ecs-apigateway/client-application-react/package.json b/02-serverless-api-ecs-apigateway/client-application-react/package.json deleted file mode 100644 index 270774d..0000000 --- a/02-serverless-api-ecs-apigateway/client-application-react/package.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "name": "react-amplified", - "version": "0.1.0", - "private": true, - "dependencies": { - "@aws-amplify/ui-react": "^1.2.20", - "@testing-library/jest-dom": "^5.14.1", - "@testing-library/react": "^12.1.2", - "@testing-library/user-event": "^7.2.1", - "aws-amplify": "^4.3.2", - "react": "^16.14.0", - "react-dom": "^16.14.0" - }, - "devDependencies": { - "react-scripts": "^4.0.2" - }, - "scripts": { - "start": "react-scripts start", - "build": "react-scripts build", - "test": "react-scripts test", - "eject": "react-scripts eject" - }, - "eslintConfig": { - "extends": "react-app" - }, - "browserslist": { - "production": [ - ">0.2%", - "not dead", - "not op_mini all" - ], - "development": [ - "last 1 chrome version", - "last 1 firefox version", - "last 1 safari version" - ] - } - } diff --git a/02-serverless-api-ecs-apigateway/client-application-react/public/favicon.ico b/02-serverless-api-ecs-apigateway/client-application-react/public/favicon.ico deleted file mode 100644 index bcd5dfd..0000000 Binary files a/02-serverless-api-ecs-apigateway/client-application-react/public/favicon.ico and /dev/null differ diff --git a/02-serverless-api-ecs-apigateway/client-application-react/public/index.html b/02-serverless-api-ecs-apigateway/client-application-react/public/index.html deleted file mode 100644 index aa069f2..0000000 --- a/02-serverless-api-ecs-apigateway/client-application-react/public/index.html +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - - - - - React App - - - -
- - - diff --git a/02-serverless-api-ecs-apigateway/client-application-react/public/logo192.png b/02-serverless-api-ecs-apigateway/client-application-react/public/logo192.png deleted file mode 100644 index fc44b0a..0000000 Binary files a/02-serverless-api-ecs-apigateway/client-application-react/public/logo192.png and /dev/null differ diff --git a/02-serverless-api-ecs-apigateway/client-application-react/public/logo512.png b/02-serverless-api-ecs-apigateway/client-application-react/public/logo512.png deleted file mode 100644 index a4e47a6..0000000 Binary files a/02-serverless-api-ecs-apigateway/client-application-react/public/logo512.png and /dev/null differ diff --git a/02-serverless-api-ecs-apigateway/client-application-react/public/manifest.json b/02-serverless-api-ecs-apigateway/client-application-react/public/manifest.json deleted file mode 100644 index 080d6c7..0000000 --- a/02-serverless-api-ecs-apigateway/client-application-react/public/manifest.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "short_name": "React App", - "name": "Create React App Sample", - "icons": [ - { - "src": "favicon.ico", - "sizes": "64x64 32x32 24x24 16x16", - "type": "image/x-icon" - }, - { - "src": "logo192.png", - "type": "image/png", - "sizes": "192x192" - }, - { - "src": "logo512.png", - "type": "image/png", - "sizes": "512x512" - } - ], - "start_url": ".", - "display": "standalone", - "theme_color": "#000000", - "background_color": "#ffffff" -} diff --git a/02-serverless-api-ecs-apigateway/client-application-react/public/robots.txt b/02-serverless-api-ecs-apigateway/client-application-react/public/robots.txt deleted file mode 100644 index 2d1aa03..0000000 --- a/02-serverless-api-ecs-apigateway/client-application-react/public/robots.txt +++ /dev/null @@ -1,3 +0,0 @@ -# https://www.robotstxt.org/robotstxt.html -User-agent: * -Disallow: / \ No newline at end of file diff --git a/02-serverless-api-ecs-apigateway/client-application-react/src/App.css b/02-serverless-api-ecs-apigateway/client-application-react/src/App.css deleted file mode 100644 index 74b5e05..0000000 --- a/02-serverless-api-ecs-apigateway/client-application-react/src/App.css +++ /dev/null @@ -1,38 +0,0 @@ -.App { - text-align: center; -} - -.App-logo { - height: 40vmin; - pointer-events: none; -} - -@media (prefers-reduced-motion: no-preference) { - .App-logo { - animation: App-logo-spin infinite 20s linear; - } -} - -.App-header { - background-color: #282c34; - min-height: 100vh; - display: flex; - flex-direction: column; - align-items: center; - justify-content: center; - font-size: calc(10px + 2vmin); - color: white; -} - -.App-link { - color: #61dafb; -} - -@keyframes App-logo-spin { - from { - transform: rotate(0deg); - } - to { - transform: rotate(360deg); - } -} diff --git a/02-serverless-api-ecs-apigateway/client-application-react/src/App.js b/02-serverless-api-ecs-apigateway/client-application-react/src/App.js deleted file mode 100644 index 86c7dd9..0000000 --- a/02-serverless-api-ecs-apigateway/client-application-react/src/App.js +++ /dev/null @@ -1,212 +0,0 @@ -// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: MIT - -import React from 'react' -import { Amplify, Auth } from 'aws-amplify' -import { AmplifyAuthenticator, AmplifySignOut, AmplifySignUp } from '@aws-amplify/ui-react' -import { onAuthUIStateChange } from '@aws-amplify/ui-components' -// import awsconfig from './aws-exports' -import axios from 'axios' - -const searchParams = new URLSearchParams( window.location.search ) -const searchParamsList = { - regionID: searchParams.get('stackregion'), - HttpApiID: searchParams.get('stackhttpapi'), - UserPoolID: searchParams.get('stackuserpool'), - UserPoolClientID: searchParams.get('stackuserpoolclient'), -} -if( !searchParamsList.regionID.match(/^[a-zA-Z0-9\-]+$/) ){ throw new Error('Invalid Region ID!!'); } -if( !searchParamsList.HttpApiID.match(/^[a-zA-Z0-9\-]+$/) ){ throw new Error('Invalid API ID!!'); } -const awsconfig = {}; -awsconfig.Auth = { - region: searchParamsList.regionID, - userPoolId: searchParamsList.UserPoolID, - userPoolWebClientId: searchParamsList.UserPoolClientID, - endpoint: 'http://localhost:4566' -} -Amplify.configure(awsconfig) -Auth.configure(awsconfig) - -var MyPropsMethods = {} - -const App = () => { - return ( - - ) -} - -const MyAuth = () => { - - const [authState, setAuthState] = React.useState() - const [showLogin, setShowLogin] = React.useState(false) - const goToSignIn = () => setShowLogin(true) - const exitFromSignIn = () => setShowLogin(false) - const showAuthenticator = (showLogin || authState == 'signedin') - const showApp = (!showLogin || authState == 'signedin') - const showgoToSignIn = !(showLogin || authState == 'signedin') && authState != null - - React.useEffect(() => { - return onAuthUIStateChange(newAuthState => { - setAuthState(newAuthState) - if(newAuthState=='signedin'){ - setShowLogin(false) - } - }) - }, []) - - return ( -
- -
-
- -
- - - - -
- - { showApp && -
- { showgoToSignIn && } - -
- } - -
- ) - -} - -MyPropsMethods.APIProperties = { - 'foodstore/foods/':['foodId'], - 'petstore/pets/':['petId'], -} - -const ApiForm = (props) => { - - const [selectedMethod, setSelectedMethod] = React.useState() - const [selectedAPI, setSelectedAPI] = React.useState() - const [selectedVariable, setSelectedVariable] = React.useState() - const [selectedPayload, setSelectedPayload] = React.useState() - - const handleMethodChange = (e) => setSelectedMethod(e.target.value) - const handleAPIChange = (e) => setSelectedAPI(e.target.value) - const handleVariableChange = (e) => setSelectedVariable(e.target.value) - const handlePayloadChange = (e) => setSelectedPayload( selectedMethod == 'GET' ? undefined : e.target.value ) - - const pathVariable = selectedAPI ? MyPropsMethods.APIProperties[selectedAPI][0] : '' - - const enableFormSubmission = !!( selectedMethod && selectedAPI && selectedVariable && ( selectedMethod == 'GET' || selectedPayload ) ) - - return ( -
-
MyPropsMethods.invokeAPI(e,enableFormSubmission, selectedMethod, selectedAPI, selectedVariable, selectedPayload, props.authState) }> -

- { props.authState == 'signedin' - ? Looks like you're signed in! - : Looks like you're NOT signed in - } -

-

- { props.authState == 'signedin' - ? You should be able to invoke GET and also PUT. Try it out! - : You should be able to invoke GET but not PUT. Try it out! - } -

-
-
- Method: -
- -
- -
-
-
-
-
- API: -
- -
- -
-
-
-
-
- {'{'+pathVariable+'}'}:
- -
-
-
- Body (JSON):
-