Part 2, Serverless
Lambda functions with API Gateway.
This is in continuation of the series AWS cognito with python, The end-goal will be to provide temporary credentials to authorised users to save their encrypted data on Amazon s3 (one of the key requirement for Datapod users) . Here we will understand how to link your lambda functions with AWS API gateway.
Apart from the cognito setup, we need to create some other lambda functions like Signup, Login, Confirm-signup as discussed in the previous post. We also need to create a lambda function for testing purposes. Here is the sample code, you can implement your own lambda function. Lets name this lambda function as Test.
import jsondef lambda_handler(event, context):
# TODO implement
return {
'error': False,
"success": True,
"message": "Call is successful"
}
Now go to your API gateway console, and lets start creating new resources and the methods associated with them.
Once created, you can create different api hierarchical endpoints under different resources. Lets create a resource user and different endpoints under this resource.
Every resource can have child resource and its own HTTP methods like PUT, GET, DELETE, POST etc. We will now create a post method under this /user/signup , which users will access with args to signup on our platform.
Every method will need to be associated with an lambda function, We will link this post method to the signup lambda function that we have created in the previous post.
After creation of this post method and linking it with your existing lambda function, you need to create some additional API encpoints to make user onboarding complete.
After signup, user need to confirm their signup on cognito as discussed in the previous post. On successful signup, users will receive a verification code on their emails, which must be provided to complete their registration. Please follow the steps to create a new api endpoint /user/confirm-sign-up , where users will post their verification code.
Now, we need to attach a lambda function (confirm_sign_up) to a POST method created under this resource confirm-sign-up.
Hit Create Resource to create this resource. Please follow these steps to create two more endpoints login and test under the same resource user *(You can create other resources also).
The final list of the resources on your API gateway, must have all the four endpoints and should appear like this.
Before you access these API endpoints,they should be deployed. Please navigate to your stages tab on right hand side and create a new stage.
Now navigate to your resources tab again and deploy all your API endpoints to beta deployment. click on root endpoints, i.e / . then on Actions> Deploy API.
After deployment, you will be redirected to the Stages tab , where all your deployment stages are listed. Click on the specific endpoints to see the DNS of your API endpoints.
Now, you can access your endpoints. Lets access our /user/test API endpoint from ipython.
For your post API’s, you can pass the necessary arguments like would do in any other ordinary HTTP post request. Lets test out signup API endpoint.
As you can see, you are receiving this error from signup lambda function because cognito doesn't allow weak passwords for signup. Changing our password into a strong one will result in a successful user signup.
If you want to see who else have signup for your application, Please go to your Cognito dashboard and click on Users and Groups tab.
Now that our user on boarding is complete, We will see how we can protect our private API endpoints with API Gateway Authorizers and cognito in the next post.
My Eth Address: 0x01445B7d9D63381D0e7A6d8556F62A24197BeA1F
My Bitcoin Address: bc1qhdzydl7kwjk8reznvj3yd6s0cg7e7r2sasgfxc
