CategoriesInfrastructureServerless

Custom API Gateway Authorizer with Golang

One of the nice things about building with Serverless is that you can design things in a way that the pieces are composeable. This means that you can put logic cohesively with other like-minded logic and then keep things loosely coupled from other components so that things are easy to change without being too fragile. When building an API, you often need an Authorizer of sorts to validate the token that is being supplied. In this article, I’m going to walk through building a custom API Gateway Authorizer with Golang.

CategoriesInfrastructureServerless

Testing Step Function workflows Locally

If you’ve been following along for a bit, you know how much of a fan of Serverless I am. And even more specifically, how much I love Step Functions. If you have the problem of needing a highly available workflow coordinator, you can’t do any better than picking it as your tool of choice. However, I am also unapologetically a fan of local development. And this is one place where I feel that Step Functions falls a little bit. So follow me along on this epic towards being able to test Step Function workflows locally.

CategoriesProgramming

CDK ASL Definition Extractor

I’ve been working a good bit lately to push testing down when using Step Functions and building some patterns with AWS State Machines Locally. In that same spirit, I’m wanting to be able to create the State Machine in my local container and that comes from the ASL. However, when using CDK and the builder libraries you don’t have an ASL file to work from. So I built this program which I’m calling CDK ASL Definition Extractor which extracts the Definitions from a CDK synth’d CloudFormation file.

CategoriesServerless

Cross-Origin Allowlist with API Gateway

Cross-Origin Allowlist with API Gateway

Cross-Origin Resource Sharing is a topic that most developers don’t generally like to talk about it. It is usually a higher-level item that “is just in place” when building and shipping APIs. However, allowing * is not always the best approach. That is a touch outside of this article but I do want to walk through how to build a Allowlist of domains approach with API Gateway and Lambda.

CategoriesInfrastructureServerless

EventBus Mesh

I’ve been thinking about this topic a lot lately when bringing EventBridge’s EventBus into some applications. On the current projects I’m working on with existing code, I’ve said 100 times, if EventBridge existed when I started them, I wouldn’t have so much SNS->SQS based code lying around. But such is life when working in evolving tech. Enter the EventBus Mesh

CategoriesServerless

Subscribe SNS to EventBridge Pipes

Legacy Serverless to New Serverless

I’ve been thinking and working hard on how I can start to introduce EventBridge and Pipes into some of my existing applications. Unfortunately, I have SNS in front of a lot of my service code and you can’t natively subscribe SNS to EventBridge Pipes. So I’ve started pondering this idea of how to integrate Legacy Serverless Applications into an ecosystem as new features are developed with more modern Serverless concepts. What I really want is a way to connect SNS to EventBridge Pipes.

CategoriesServerless

Streaming DynamoDB to EventBridge Pipes

There is a real push and thought process around moving as much of your boilerplate code up into your serverless cloud components as possible. By streaming DynamoDB to EventBridge Pipes, you can move a large chunk of that boilerplate into the cloud. The thinking is that for things that really don’t differentiate your solution, why not let your cloud provider take care of that for you. Their integrations are well tested, highly scalable and highly available and can be more cost effective as you don’t waste CPU cycles on things like

  • Polling
  • Error handling
  • Data transformation
  • Filtering
  • Enrichment
  • Event management

All of those things “could” be done say in a container or in a Lambda but again, why pay the cycles, write all of this code over and over and over when you can push it up as configuration and as a part of your CDK or SAM code that handles the deployments

As usual, if you want to skip straight to a working sample, here’s the Github repository. Feel free to pull it and then run cdk deploy npx ts-node bin/app.ts and off you go.

CategoriesServerless

Extending and Customizing the JWT from Cognito via AWS Lambda using Go

I’ve been working a lot lately with Cognito and User Pools in AWS as I’ve been wanting to migrate and existing app into a serverless Identity and Access provider. The promise of Cognito is this “Implement secure, frictionless customer identity and access management that scales” – AWS

Honestly there are so many identity providers out there. This article won’t go into the alternatives and other options out there but will specifically touch upon something that I know was a big question for me when I started with Cognito which was, “how can I customize the private claims in a token?”. So let’s discuss that a little further

As usual, if you want to skip straight to code, feel free to jump over to the repository here

CategoriesServerless

Creating an AWS Cognito User with an Auto-Incrementing ID using AWS Step Functions

So there are a couple of interesting topics in here.

  1. I’ve been really leaning into code-less workflows with AWS Step Functions and this State Machine has nothing but native SDK integrations which include
    • DynamoDB (Put, Delete, Get)
    • Cognito/User Pools (AdminCreateUser)
  2. I’ve run into some legacy code that requires a Username to be a bigint and I don’t want to use an RDBMS so I’m using DynamoDB to generate one for me while also being “race condition” proof

As always, if you want to jump straight to the code, here is the Github repository