Architecting Solutions: Buildinga Proof of Concept for a Serverless Solution

Architecting Solutions: Buildinga Proof of Concept for a Serverless Solution

Serverless Solution

Dharamjeet Singh's photo
Dharamjeet Singh
·

10 min read

The exercises in this course will incur charges on your AWS account. In this exercise, you will create the following resources:

  • AWS Identity and Access Management (IAM) policy and user (these are AWS account features and are offered at no additional charge)

  • Amazon DynamoDB table

  • AWS Lambda functions

  • Amazon Simple Queue Service (Amazon SQS) queue

  • Amazon Simple Notification Service (Amazon SNS) topic

  • Amazon API Gateway

  • Amazon CloudWatch Logs

The final task includes instructions to delete all the resources you create.

Familiarize yourself with the following:

  • DynamoDB pricing

  • Amazon SQS pricing

  • Amazon SNS pricing

  • Lambda pricing

  • API Gateway pricing

  • CloudWatch Logs pricing

  • AWS Free Tier

Exercise 1: Architecting Solutions - Building a Proof of Concept for a Serverless Solution

In this exercise, you will build a proof of concept for a serverless solution in the AWS Cloud.

Suppose you have a customer who needs a serverless web backend hosted on AWS. The customer sells cleaning supplies and experiences spikes in website demand, requiring an architecture that can easily scale. Additionally, the application should have decoupled components.

The architectural diagram below shows the flow for the serverless solution you will build.

Architecture Diagram for Exercise 1

In this architecture, a REST API places a database entry in the Amazon SQS queue. Amazon SQS invokes the first Lambda function, which inserts the entry into a DynamoDB table. DynamoDB Streams captures a record of the new entry and invokes a second Lambda function, which then passes the database entry to Amazon SNS. After Amazon SNS processes the new record, it sends a notification to a specified email address.

In this exercise, you will learn to:

  • Create IAM policies and roles to follow best practices in the AWS Cloud.

  • Create a DynamoDB table to store data.

  • Create an Amazon SQS queue to handle messages between software components.

  • Create Lambda functions and set up triggers for different AWS services.

  • Enable DynamoDB Streams to capture database table modifications.

  • Configure Amazon SNS for email or text notifications.

  • Create a REST API to insert data into a database.

Notes:

  • To complete this exercise, select the US East (N. Virginia) us-east-1 Region in the AWS Management Console.

  • The instructions might prompt you to enter your 12-digit AWS account ID, found under your account alias in the AWS Management Console. Ensure to remove hyphens (-) when entering your account ID.

Task 1: Setup - Creating IAM Policies and Roles

When you create an AWS account, you become the root user, which we don't recommend for daily tasks. Instead, use IAM users or roles to access services and features. IAM policies, users, and roles are offered at no additional charge.

Step 1.1: Creating Custom IAM Policies

  1. Sign in to the AWS Management Console.

  2. In the search box, enter IAM.

  3. From the results list, choose IAM.

  4. In the navigation pane, choose Policies.

  5. Choose Create policy.

  6. In the JSON tab, paste the following code:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "dynamodb:PutItem",
        "dynamodb:DescribeTable"
      ],
      "Resource": "*"
    }
  ]
}

  1. Choose Next: Tags and then Next: Review.

  2. For the policy name, enter Lambda-Write-DynamoDB.

  3. Choose Create policy.

  4. Repeat the previous steps to create the following policies:

  • Lambda-SNS-Publish

  • Lambda-DynamoDBStreams-Read

  • Lambda-Read-SQS

Step 1.2: Creating IAM Roles and Attaching Policies to the Roles

  1. In the navigation pane of the IAM dashboard, choose Roles.

  2. Choose Create role and configure the following settings:

    • Trusted entity type: AWS service

    • Common use cases: Lambda

  3. Choose Next.

  4. On the Add permissions page, select Lambda-Write-DynamoDB and Lambda-Read-SQS.

  5. Choose Next.

  6. For Role name, enter Lambda-SQS-DynamoDB.

  7. Choose Create role.

  8. Follow the previous steps to create two more IAM roles:

    • Lambda-DynamoDBStreams-SNS

    • APIGateway-SQS

Task 2: Creating a DynamoDB Table

  1. In the AWS Management Console search box, enter DynamoDB.

  2. From the list, choose DynamoDB.

  3. On the Get started card, choose Create table and configure the following settings:

    • Table: orders

    • Partition key: orderID (Data type: String)

  4. Keep the remaining settings at their default values, and choose Create table.

Task 3: Creating an SQS Queue

  1. In the AWS Management Console search box, enter SQS and choose Simple Queue Service.

  2. On the Get started card, choose Create queue.

  3. Configure the following settings:

    • Name: POC-Queue

    • Access Policy: Basic

    • Define who can send messages to the queue: Only the specified AWS accounts, IAM users and roles (paste the ARN for the APIGateway-SQS IAM role)

    • Define who can receive messages from the queue: Only the specified AWS accounts, IAM users and roles (paste the ARN for the Lambda-SQS-DynamoDB IAM role)

  4. Choose Create queue.

Task 4: Creating a Lambda Function and Setting Up Triggers

Step 4.1: Creating a Lambda Function for the Lambda-SQS-DynamoDB Role

  1. In the AWS Management Console search box, enter Lambda.

  2. Choose Create function and configure the following settings:

    • Function option: Author from scratch

    • Function name: POC-Lambda-1

    • Runtime: Python 3.9

    • Change default execution role: Use an existing role

    • Existing role: Lambda-SQS-DynamoDB

  3. Choose Create function.

Step 4.2: Setting Up Amazon SQS as a Trigger to Invoke the Function

  1. Expand the Function overview section if needed.

  2. Choose Add trigger.

  3. For Trigger configuration, enter SQS and choose the service from the list.

  4. For SQS queue, choose POC-Queue.

  5. Add the trigger by choosing Add.

Step 4.3: Adding and Deploying the Function Code

  1. On the POC-Lambda-1 page, in the Code tab, replace the default Lambda function code with the following code:
import boto3, uuid
client = boto3.resource('dynamodb')
table = client.Table("orders")

def lambda_handler(event, context):
    for record in event['Records']:
        print("test")
        payload = record["body"]
        print(str(payload))
        table.put_item(Item={
            'orderID': str(uuid.uuid4()),
            'order': payload
        })
  1. Choose Deploy.

Step 4.4: Testing the POC-Lambda-1 Lambda Function

  1. In the Test tab, create a new event with the following settings:

    • Event name: POC-Lambda-Test-1

    • Template-Optional: SQS

  2. Save your changes and choose Test.

Step 4.5: Verifying the Lambda Function Adds the Test Message to the Database

  1. In the AWS Management Console search box, enter DynamoDB and choose DynamoDB.

  2. In the navigation pane, choose Explore items.

  3. Select the orders database. Under Items returned, the orders table should return "Hello from SQS!" from the Lambda function test.

Task 5: Enabling DynamoDB Streams

  1. In the DynamoDB console, in the Tables section of the navigation pane, choose Update settings.

  2. In the Tables card, ensure the orders table is selected.

  3. Choose the Exports and streams tab.

  4. In the DynamoDB stream details section, choose Enable.

  5. For View type, choose New image.

  6. Choose Enable stream.

Task 6: Creating an SNS Topic and Setting Up Subscriptions

Step 6.1: Creating a Topic in the Notification Service

  1. In the AWS Management Console, search for SNS and choose Simple Notification Service.

  2. On the Create topic card, enter POC-Topic and choose Next step.

  3. In the Details section, keep the Standard topic type selected and choose Create topic.

  4. On the POC-Topic page, copy the ARN of the topic for reference.

Step 6.2: Subscribing to Email Notifications

  1. On the Subscriptions tab, choose Create subscription.

  2. For Topic ARN, ensure the box contains the ARN for POC-Topic.

3.For Protocol, choose Email.

  1. Provide Endpoint Email Address:

    • Enter your email address for the Endpoint.

  2. Create Subscription:

    • Choose Create subscription. A confirmation message will be sent to the specified email address.

  3. Confirm Subscription:

    • After receiving the confirmation email, confirm the subscription. If you don’t receive an email within a few minutes, check your spam folder.

Task 7: Creating an AWS Lambda Function to Publish a Message to the SNS Topic

In this task, you will create a Lambda function to publish messages to an SNS topic triggered by DynamoDB Streams.

Step 7.1: Creating the POC-Lambda-2 Function

  1. Navigate to AWS Lambda:

    • Search for and open AWS Lambda in the AWS Management Console.

  2. Create Lambda Function:

    • Choose Create function and configure:

      • Function option: Author from scratch

      • Function name: POC-Lambda-2

      • Runtime: Python 3.9

      • Change default execution role: Use an existing role

      • Existing role: Lambda-DynamoDBStreams-SNS

  3. Save and Create Function:

    • Choose Create function.

Step 7.2: Setting Up DynamoDB as a Trigger

  1. Add Trigger:

    • In the Function overview section, choose Add trigger and configure:

      • Trigger configuration: DynamoDB

      • DynamoDB table: orders

  2. Enable Trigger:

    • Ensure the DynamoDB state is Enabled in the Configuration tab.

Step 7.3: Configure Second Lambda Function

  1. Update Function Code:

    • Choose the Code tab and replace the Lambda function code.

  2. Deploy Changes:

    • Choose Deploy.

Step 7.4: Test the POC-Lambda-2 Function

  1. Create Test Event:

    • On the Test tab, create a new event with POC-Lambda-Test-2 as the Event name.

  2. Run Test:

    • Save changes and choose Test.

    • Check for successful execution in the notification banner.

Task 8: Creating an API with Amazon API Gateway

In this task, you will create a REST API in Amazon API Gateway to serve as a communication gateway between your application and AWS services.

  1. Open API Gateway:

    • Search for and open API Gateway in the AWS Management Console.

  2. Create REST API:

    • Choose Build on the REST API card with public authentication and configure settings:

      • Choose the protocol: REST

      • Create new API: New API

      • API name: POC-API

      • Endpoint Type: Regional

  3. Create API:

    • Choose Create API.

  4. Configure Method:

    • Choose Create Method from the Actions menu.

    • Choose POST from the method menu and save changes.

  5. Setup POST - Integration:

    • Configure integration type, AWS Region, AWS Service, Path override, Execution role, and Content Handling.

  6. Save Changes:

    • Save your changes.

  7. Configure Integration Request:

    • Configure HTTP Headers and Mapping Templates.

  8. Save Changes:

    • Save your changes.

Task 9: Testing the Architecture with API Gateway

In this task, you will use API Gateway to send mock data to Amazon SQS as a proof of concept for the serverless solution.

  1. Test API Gateway:

    • Return to the POST - Method Execution page and choose Test.

  2. Enter Request Body:

    • Enter the request body in the box.

  3. Run Test:

    • Choose Test to run the test.

Task 10: Cleaning Up

In this task, you will delete the AWS resources created for this exercise to avoid unnecessary costs.

  1. Delete DynamoDB Table:

    • Open the DynamoDB console, select the orders table, and choose Delete.

  2. Delete Lambda Functions:

    • Open the Lambda console, select POC-Lambda-1 and POC-Lambda-2, and choose Delete.

  3. Delete SQS Queue:

    • Open the SQS console, select the queue, and choose Delete.

  4. Delete SNS Topic and Subscriptions:

    • Open the SNS console, delete the topic, and delete any subscriptions associated with it.

  5. Delete API Gateway:

    • Open the API Gateway console, select POC-API, and choose Delete.

  6. Delete IAM Roles and Policies:

    • Open the IAM console, delete the roles and policies created for this exercise.

3.5

more

ChatGPT

Sure, here's the continuation:

  1. Delete DynamoDB Table:

    • Open the DynamoDB console, navigate to Tables, select the orders table, and choose Delete.

  2. Delete Lambda Functions:

    • Open the Lambda console, select POC-Lambda-1 and POC-Lambda-2, then click Delete.

  3. Delete SQS Queue:

    • Go to the SQS console, select the queue created for this exercise, and choose Delete Queue.

  4. Delete SNS Topic and Subscriptions:

    • In the SNS console, choose Topics, select the POC-Topic, then choose Delete Topic. Also, delete any subscriptions associated with it.

  5. Delete API Gateway:

    • Open the API Gateway console, choose APIs, select POC-API, then choose Delete API.

  6. Delete IAM Roles and Policies:

    • In the IAM console, navigate to Roles and Policies, delete the roles (APIGateway-SQS, Lambda-SQS-DynamoDB, Lambda-DynamoDBStreams-SNS) and associated policies.

Ensure to follow these steps to clean up and avoid incurring unnecessary costs.

serverlesscomputingAWSaws lambdaAWS Certified Solutions Architect Associate