How To Build a Serverless Web Application On AWS with ‘Contact Us’ reCAPTCHA Form
This is based on my experience on hosting my personal web in AWS (adityacprtm.com). I don’t want to have servers running just to handle ‘contact us’ form which rarely gets invoked. Oh, and I also need Captcha because we don’t have time in our lives for spam. So I used serverless architecture and google recaptcha for that
Application Architecture
The application architecture uses:
- AWS Lambda
- Amazon API Gateway
- Amazon S3
- Amazon SNS
- Amazon CloudFront
- Amazon Route 53
- AWS Certificate Manager
- Google reCaptcha
Create a Bucket on S3
- Go to S3 console on https://console.aws.amazon.com/s3/
- Create a bucket with your domain name like example.com
- We will upload the file later
Create a SNS Topic and Subscription
- Go to SNS Console on https://console.aws.amazon.com/sns/
- Create a Topic name
- Create a Subscription, select the Topic ARN that was created in point 2
- Select email on protocol type, create subscription
- Check your email and verify the subscription from AWS
Build a Serverless Back-end on Lambda
- On Lambda Console https://console.aws.amazon.com/lambda/, create function
- Keep the default Author from scratch card selected
- Enter a Function name and select Node.js for the Runtime
- Click on Create function
We will develop lambda with JavaScript. Unfortunately we cannot easily insert scripts into the AWS Lambda online editor which has external dependencies such as Axios. So we need to create a small Node project with the following package.json.
{
"name": "contactForm",
"version": "0.0.1",
"private": true,
"scripts": {},
"dependencies": {
"aws-sdk": "^2.560.0",
"axios": "^0.18.0"
}
}We will use the Environment variable in lambda to make it easier when there are changes to ARN SNS Topic and reCaptcha Secret Key, so the index.js.
'use strict';
const AWS = require("aws-sdk");
const axios = require('axios');
const completeUrl = "https://www.google.com";
// verify recaptcha url
const reCapUrl = "https://www.google.com/recaptcha/api/siteverify";
const reCaptchaSecret = process.env.RECAPTCHA_SECRET_KEY;
// from Amazon SNS
const snsTopic = process.env.ARN_SNS_TOPIC;module.exports.handler = async (event, context, callback) => {
console.log("Starting ContactForm Processing for website form.");
// console.log("data event: " + JSON.stringify(event));
// verify the result by POSTing to google backend with secret and frontend recaptcha token as payload
let verifyResult = await axios({
method: 'post',
url: reCapUrl,
params: {
secret: reCaptchaSecret,
response: event.captcha
}
})// print out the result of that. Its a bit verbose though
// console.log("verify result: " + JSON.stringify(verifyResult.data));
if (verifyResult.data.success) {
let sns = new AWS.SNS();
// The structure of the email
let emailbody = "Someone left a message for you.\n\nName\t\t: " + event.name + "\nEmail\t\t: " + event.email + "\nSubject\t\t: " + event.subject + "\nMessage\t\t: " + event.message + "\n\nThanks!";
let params = {
Message: emailbody,
Subject: "Contact Form: " + event.subject,
TopicArn: snsTopic
};
// we publish the created message to Amazon SNS now…
sns.publish(params, context.done);
// now we return a HTTP 302 together with a URL to redirect the browser to success URL (we put in google.com for simplicty)
callback(null, {
statusCode: 302,
headers: {
Location: completeUrl,
}
});
console.log("End of the ContactForm Process With Success");
} else {
console.log("reCaptcha check failed. Most likely SPAM.");
callback(null, {
statusCode: '500',
body: JSON.stringify({
message: 'Invalid recaptcha'
})
});
}
};
After build the project, we need to ZIP the folder for upload to Lambda.
While still in Lambda Console in Function that was created before, upload the ZIP and define the environment variable with the following.
Save the function.
Deploy a Restful API Gateway
- Go to API Gateway Console https://console.aws.amazon.com/apigateway/
- Choose Create API and choose REST
- Select New API and enter API Name
- Click Create API
- In the left nav, click on Resources under your API
- From the Actions dropdown select Create Resource
- Enter the Resource Name like contact or prod then click Create Resource
- With the newly created resource selected, from the Action dropdown select Create Method
- Select
Postthen click the checkmark - Select Lambda Function for the integration type
- Select the Region you are using for Lambda Region
- Enter the name of the function you created before then choose Save
- [Optional CORS] With the newly created resource selected, from the Action dropdown select Enable CORS then click enable and replacing
- In the Actions drop-down list select Deploy API, enter Stage Name then choose Deploy
- Note the Invoke URL
Create own website
Before that, you can use reCAPTCHA by registering your domain here: https://www.google.com/recaptcha/admin
The HTML
You can follow Google documentation for the reCaptcha, which means you should put this:
<script src=’https://www.google.com/recaptcha/api.js'></script>
in the head section of your website. And put this:
<div class=”g-recaptcha” data-sitekey=”xxxxxxxxxxxxxxxxxxx”></div>
somewhere down below your form just before your submit button.
The JavaScript
We can use Ajax to Perform an asynchronous HTTP (Ajax) request. Enter the URL of Ajax with Invoke URL that we get when build an API gateway.
Host a Static Website
- Back to S3 console, select the bucket that was made before
- Upload your files
- click on Properties tab
- Select Static website hosting
- Fill in index and error document
- Make sure Block Public access is unchecked
- While still in the Permissions tab, choose Bucket Policy.
Enter the following policy document into the bucket policy editor replacing [YOUR_BUCKET_NAME] with the name of the bucket you created.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::[YOUR_BUCKET_NAME]/*"
}
]
}Configure Domain on Route 53
- On Amazon Route 53 we can Registering a new domain or making Route 53 as DNS Service for existing domain
- I already have my own domain, so I make Amazon Route 53 as DNS Service for my domain
- On Route 53 Console https://console.aws.amazon.com/route53/
- Choose Create Hosted Zone.
- In the Create Hosted Zone pane, enter a domain name
- For Type, accept the default value of Public Hosted Zone
- Choose Create.
Request SSL Certificate on ACM
- Go to ACM Console https://console.aws.amazon.com/acm/
- Click on Request a Certificate
- Choose Request a public certificate
- Add domain name with your custom domain like example.com and *.example.com
- We need to validate certificate request, we can choose DNS validation or email validation. In here we use DNS validation because it is faster and easier.
- Add CNAME in Amazon Route 53 or just click the button below your domain to automatically add it.
Create CloudFront Web Distribution
- Go to https://console.aws.amazon.com/cloudfront/
- Create your distribution
- Choose Origin Domain Name with the bucket that you created before.
- Choose Redirect HTTP to HTTPS
- in Restrict Bucket Access, Select Yes
- In Distribution Settings, use Custom SSL Certificate and choose certificate you created before on ACM
- Scroll and find Default Root Object, enter the default file like
Index.html - Leave the rest as is and create your distribution.
- wait until the status is deployed. this takes a few minutes.
- Note the Domain name of your cloudfront
Use Custom Domain on Route 53
- back to Route 53 Console
- Select domain that was register before
- Select Create Record Set
- we will create two record set
- First one is example.com and the second one is www.example.com
- Use A record and select the CloudFront that you created before
That’s it, we have a serverless static web application with with reCaptcha protection for web forms and notifications for owners or admins.
References:
- AWS Documentations
