Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history 
Signed-off-by: Muram Mohamed <[email protected]>
  • Loading branch information
@muram
muram committed Jul 21, 2023
0 parents commit 9abb2d0
Show file tree
Hide file tree
Showing 8 changed files with 5,409 additions and 0 deletions.
86 changes: 86 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
# Distribution / packaging
.Python
env/
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
*.egg-info/
.installed.cfg
*.egg

# Serverless directories
.serverless
.idea
.env
.env.*
.DS_Store

# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*

# Runtime data
pids
*.pid
*.seed
*.pid.lock

# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov

# Coverage directory used by tools like istanbul
coverage

# nyc test coverage
.nyc_output

# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
.grunt

# Bower dependency directory (https://bower.io/)
bower_components

# node-waf configuration
.lock-wscript

# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release

# Dependency directories
node_modules/
jspm_packages/

# TypeScript v1 declaration files
typings/

# Optional npm cache directory
.npm

# Optional eslint cache
.eslintcache

# Optional REPL history
.node_repl_history

# Output of 'npm pack'
*.tgz

# Yarn Integrity file
.yarn-integrity

# dotenv environment variables file
.env

# next.js build output
.next
21 changes: 21 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2023 Muram Mohamed

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
62 changes: 62 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# ⚡ Serverless AWS Python Application

[![serverless](http://public.serverless.com/badges/v3.svg)](http://www.serverless.com)

This repository contains a serverless application that demonstrates an AWS Lambda-based system. The application uses AWS Lambda, Amazon S3, Amazon SQS, Amazon API Gateway, and Amazon CloudWatch Logs.

## Overview

The application consists of three AWS Lambda functions:

1. `lambda1` is triggered by an API Gateway endpoint. It logs the request and puts the request body on an SQS queue.
2. `lambda2` is triggered by the SQS queue. It logs the SQS event and puts the event into an object in the S3 bucket.
3. `lambda3` is triggered by S3 events. It logs the bucket and key of the created object.

```sequence {theme="hand"}
participant Client
participant API Gateway
participant Lambda1
participant SQS
participant Lambda2
participant S3
participant Lambda3
Client->API Gateway: HTTP POST
API Gateway->Lambda1: Trigger
Lambda1->SQS: Put message
SQS->Lambda2: Trigger
Lambda2->S3: Put object
S3->Lambda3: Trigger
Lambda3-->Client: Response
```

## Prerequisites

- Node.js and npm installed (npm is distributed with Node.js - which means that when you download Node.js, you automatically get npm installed on your computer)
- Serverless Framework installed (`npm install -g serverless`)
- AWS account
- AWS CLI installed and configured

## Deployment

1. Clone this repository to your local machine.
2. Navigate to the project directory.
3. Install the required Serverless plugins (`npm install`).
4. (Optional) Install the Serverless Python Requirements plugin (`npm install --save-dev serverless-python-requirements`).
5. Modify the values of environment variables and tags in the provider section of the [serverless.yml](serverless.yml) file according to your preferences.
6. Configure your credentials as outlined in this [guide](https://www.serverless.com/framework/docs/providers/aws/guide/credentials). For the purpose of this demonstration, we'll be setting up the credentials directly on the machine that will deploy the application. You can do this by running the following command in your terminal:
```sh
sls config credentials --provider aws --key YOUR_ACCESS_KEY --secret YOUR_SECRET_KEY
```
7. Deploy the application by running `sls deploy`.

After the deployment, the output should include the API Gateway endpoint which you can use to trigger the `lambda1` function with a `{"key":"value"}` POST request.
```sh
curl -X POST https://<api-id>.execute-api.<region>.amazonaws.com/dev/trigger -d '{"key":"value"}'
```

If the request is successful, you should see a response from your Lambda function on your terminal.

## Cleanup

To delete the deployed resources, run `sls remove`.

186 changes: 186 additions & 0 deletions ServerlessLimitedIamPolicy.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,186 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:ValidateTemplate"
],
"Resource": ["*"]
},
{
"Effect": "Allow",
"Action": [
"cloudformation:CreateChangeSet",
"cloudformation:CreateStack",
"cloudformation:CreateUploadBucket",
"cloudformation:DeleteChangeSet",
"cloudformation:DeleteStack",
"cloudformation:Describe*",
"cloudformation:ExecuteChangeSet",
"cloudformation:UpdateStack"
],
"Resource": [
"arn:aws:cloudformation:*:*:stack/awsdevops-serverless-fundamentals*/*"
]
},
{
"Effect": "Allow",
"Action": ["lambda:CreateFunction", "lambda:Get*", "lambda:List*"],
"Resource": ["*"]
},
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:PutAccelerateConfiguration",
"s3:PutBucketNotification",
"s3:PutBucketPolicy",
"s3:PutBucketTagging",
"s3:PutEncryptionConfiguration"
],
"Resource": [
"arn:aws:s3:::awsdevops-serverless-fundamentals*serverlessdeploy*",
"arn:aws:s3:::awsdevops-serverless-fundamentals*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::awsdevops-serverless-fundamentals*serverlessdeploy*/*",
"arn:aws:s3:::awsdevops-serverless-fundamentals*/*"
]
},
{
"Effect": "Allow",
"Action": [
"lambda:AddPermission",
"lambda:CreateAlias",
"lambda:DeleteFunction",
"lambda:InvokeFunction",
"lambda:PublishVersion",
"lambda:RemovePermission",
"lambda:TagResource",
"lambda:Update*"
],
"Resource": [
"arn:aws:lambda:*:*:function:awsdevops-serverless-fundamentals-*-*"
]
},
{
"Effect": "Allow",
"Action": ["cloudwatch:GetMetricStatistics"],
"Resource": ["*"]
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DeleteLogGroup",
"logs:TagResource"
],
"Resource": ["arn:aws:logs:*:*:*"],
"Effect": "Allow"
},
{
"Action": ["logs:PutLogEvents"],
"Resource": ["arn:aws:logs:*:*:*"],
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:FilterLogEvents"
],
"Resource": ["*"]
},
{
"Effect": "Allow",
"Action": ["events:Delete*", "events:Put*", "events:Remove*"],
"Resource": [
"arn:aws:events:*:*:rule/awsdevops-serverless-fundamentals-*-*"
]
},
{
"Effect": "Allow",
"Action": ["events:DescribeRule"],
"Resource": [
"arn:aws:events:*:*:rule/awsdevops-serverless-fundamentals-*-*"
]
},
{
"Effect": "Allow",
"Action": ["iam:PassRole"],
"Resource": ["arn:aws:iam::*:role/*"]
},
{
"Effect": "Allow",
"Action": [
"iam:CreateRole",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:Get*",
"iam:PutRolePolicy",
"iam:TagRole"
],
"Resource": [
"arn:aws:iam::*:role/awsdevops-serverless-fundamentals-*-*-lambdaRole"
]
},
{
"Effect": "Allow",
"Action": [
"apigateway:DELETE",
"apigateway:GET",
"apigateway:PATCH",
"apigateway:POST",
"apigateway:PUT"
],
"Resource": [
"arn:aws:apigateway:*::/apikeys*",
"arn:aws:apigateway:*::/apis*",
"arn:aws:apigateway:*::/restapis*",
"arn:aws:apigateway:*::/usageplans*",
"arn:aws:apigateway:*::/tags*"
]
},
{
"Effect": "Allow",
"Action": "sqs:*",
"Resource": ["arn:aws:sqs:*:*:awsdevops-serverless-fundamentals"]
},
{
"Effect": "Allow",
"Action": "logs:PutSubscriptionFilter",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/api-gateway/*",
"arn:aws:logs:*:*:log-group:/aws/lambda/*"
]
},
{
"Effect": "Allow",
"Action": [
"lambda:CreateEventSourceMapping",
"lambda:DeleteEventSourceMapping"
],
"Resource": "*"
}
]
}
Loading

0 comments on commit 9abb2d0

Please sign in to comment.