This project lets you provision a ready-to-use fully serverless real-time chat application using Amazon ApiGateway Websockets. The infrastructure code is using the AWS Cloud Development Kit(AWS CDK) and implemented in both Typescript and NET7. The frontend is written using Angular 15.

⚠️ WARNING ⚠️ The NET7 implementation is still work-in-progress, however it should work as-is and has the same security features implemented as the Typescript version. Below you can find a breakdown of feature implementation state.

The infrastructure backend has been split into two directories (infrastructure-ts, infrastructure-net). These folders contain language-specific implementations for both the AWS CDK code and the lambda handlers. Please read the Readme file in the relevant directory for specific deployment instructions.

• AWS CLI installed and configured with the aws account you want to use.
• AWS CDK installed and configured with the aws account you want to use.
• docker installed and is up and running locally (required for the lambda function builds).
• Angular CLI installed.
• dotnetcore3.1 installed (for the NET7 infrastructure version)

For the sake of this demo, not all security features are enabled to save cost and effort of setting up a working PoC.

Below you can find a list of security recommendations in case you would like to deploy the infrastructure in a production environment:

• Currently all registered users can immediately access the application without second factor authentication or account confirmation. This is not suitable for production use. Please change the Cognito configuration to enable e-mail/sms verification and MFA. In a future release this will be addressed with a feature flag to toggle between different authentication modes.
• The DynamoDB tables have no backups configured by default. Please enable PITR (point-in-time recovery) and table backups. The tables will be removed on cloudformation stack deletion.
• Logging for the APIGateway API/stage and for the Cloudfront distribution are disabled. Please enable these additional logs in production environments for audit and troubleshooting purposes.
• The Cloudfront distribution uses the default cloudfront domain and viewer certificate. The default viewer certificate defaults to the TLSv1 protocol. In order to enforce newer protocols, please use a custom domain with a custom certificate and set the MinimumProtocolVersion to TLSv1.2.

⚠️ WARNING ⚠️ The domain prefix for the Cognito Userpool needs to be globally unique. Before deployment, please make sure to configure your unique domain prefix at the FrontendStack declaration.

For language specific instructions, please check the readme file in the related infrastructure directory.

• Typescript
• NET7

• Change directory to where UI code lives.

    cd UI

• Restore NPM packages for the project

    npm install

• Build the frontend application

    ng build --prod

The chat application's URL will be found at the Frontend stack's output. Open the Cloudfront Distribution's URL in your browser, where you'll be redirected to the Cognito login/singup page.

Run the following command in the relevant infrastructure directory to delete the cloudformation stacks:

    cdk destroy --all

The backend is fully instrumented using AWS Xray and Lambda Powertools for TypeScript (beta).

The backend outputs 3 custom metrics from the websocket API backend:

• New Connections
• Closed Connections
• Messages Delivered

The Observability Stack (TS / NET7) creates a custom Cloudwatch Dashboard where these metrics are visualised.

Requests are automatically traced and instrumented using AWS X-Ray. You can use the ServiceMap to visualise the interactions between the backend components and trace latencies, response codes, etc. between these components.

You can find a more detailed description of what the API handler functions are doing here.

See CONTRIBUTING for more information.

This library is licensed under the MIT-0 License. See the LICENSE file.