Simple authentication service with AWS Lambda

When it comes to APIs, AWS comes to our mind instantly. We all have been using AWS EC2 for our back ends. With the new Serverless Computing concept, AWS has introduced their own serverless platform which is called AWS Lambda. AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume — there is no charge when your code is not running.

I’ve developed a simple application which demonstrates some of the AWS services (RDS, API Gateway and Lambda).

Overview

In this application we have two rest endpoints.

1. Sign up
   This endpoint is responsible of handling the signup operations. We can send a post request to this endpoint and it will create a new user in the database.
2. Sign in
   This endpoint is responsible of handling the sign in operations. We can check whether the particular user is registered on our database by sending his credentials. This will return true or false.

AWS services that I’m going to use

1. AWS RDS (https://aws.amazon.com/rds/)
   Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. Amazon RDS is available on several database instance types — optimized for memory, performance or I/O — and provides you with six familiar database engines to choose from, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server. In this example we are going to use MySQL.
2. AWS Api Gateway (https://aws.amazon.com/api-gateway/)
   Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale
3. AWS Lambda (https://aws.amazon.com/lambda/)
   With Lambda, you can run code for virtually any type of application or backend service — all with zero administration.

Step 1(Creating the RDS instance)

• Log into amazon console and browse to RDS. Refer this for more info.
• Create a MySQL instance and create the the users table by executing the following SQl statement.

CREATE TABLE users ( 
 UserId int NOT NULL AUTO_INCREMENT,
 Email varchar(255) NOT NULL UNIQUE,
 Password varchar(255) NOT NULL,
 LastName varchar(255),
 FirstName varchar(255),
 Address varchar(255),
 PRIMARY KEY (UserId)
);

Step 2 (Creating the Lambda function and API endpoints)

• Now you have to create an API gateway triggered lambda function by following this https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-lambda-non-proxy-integration.html
• In this use case there should be two APIs (Sign up and Sign in)

Step 3 (Content of the lambda functions)

• Since this will have additional libraries, you will need to create this project locally and upload the whole project to AWS. Refer this to get a clear idea on making a nodejs deployment package.
• For the sign up lambda function copy the following

• For the sign in lambda function copy the following

• Create a file as ConnectionManager.js and put the following content there

module.exports=function(){
this.dbConnections = [];
this.dbConnections[“authDatabase”] = {
     host: <Host of the RDS>,
     port: 3306,
     user: <Master username of the RDS instance>,
     password: <Master password of the RDS instance>,
     database: <Database name>,
    };
 };

• package.json file should contain the following

Step 3(Configure API Gateways)

• Configure the two api gateways to have the required service paths. This can be done on AWS API Gateway console. (https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-deploy-api.html)
• After configuring the APIs, deploy them

Step 4 (Testing)

• Now, first to signup, send an HTTP POST request to the signup endpoint which you can find from the API Gateway console,t with a sample JSON payload as follows.

{
  "email": "randika@adroitlogic.com",
  "password": "12345678",
  "lastName": "Navagamuwa",
  "firstName": "Randika",
  "address": "12 A /5, Pirivena Rd, Mount Lavinia"
}

• In the signup call an entry will be added to the users table. If you were successful you’ll get a 200 OK response with the response message Successfully added a new user with email.
• Then, to check the signin, send an HTTP POST request to the signin endpoint (https://{api-id}.execute-api.{region}.amazonaws.com/prod/signin) you found in the earlier steps with a sample JSON payload as follows. Note that the values should match the values used in signup request.

{
  "email": "randika@adroitlogic.com",
  "password": "12345678"
}

• If the signin is successful you’ll get a 200 OK response with the response message true.

Please note that this is a simple service, which is deployed just to demonstrate the usages of some AWS Services.