Contents

AWS

Amazon Web Services

Lambda Java samples:

User credentials

Instead of sharing the credentials of the AWS account root user, create individual IAM users, granting each user only the permissions they require.

Follow the best practice of using the root user only to create your first IAM user.

There are two types of credentials:

Root user credentials, allow full access to all resources in the AWS account.
IAM credentials, control access to AWS services and resources for users in your AWS account

Serverless blog web application architecture

https://github.com/aws-samples/lambda-refarch-webapp
https://s3.amazonaws.com/aws-lambda-serverless-web-refarch/RefArch_BlogApp_Serverless.png
- Amazon Route 53 (routes to specific places based on region)
- Amazon CloudFront (deliver static content per region hosted inside S3)
- Amazon Simple Storage Service (S3)
- Amazon Cognito (Authentication and authorization)
- Amazon API Gateway (routes requests to backend logic)
- AWS Lambda (backend business logic)
- AWS DynamoDB (managed DB)
- AWS Identity and Access Management (IAM) - web service to control access to AWS resources

IPv6 info

Lambda authorizer (API gateway)

A lambda authorizer (API gateway) requires a resource based policy statement, with principalId and policy document.

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html

JSON example

   1 {
   2   "principalId": "user|12345",
   3   "policyDocument": {
   4     "Version": "2012-10-17",
   5     "Statement": [
   6       {
   7         "Action": "execute-api:Invoke",
   8         "Effect": "Allow",
   9         "Resource": "arn:aws:execute-api:region:account-id:api-id/stage/METHOD/path"
  10       }
  11     ]
  12   },
  13   "context": {
  14     "stringKey": "value",
  15     "numberKey": 123,
  16     "booleanKey": true
  17   }
  18 }