amazon-archives / realworld-serverless-application Goto Github PK

using cognito hosted web pages would make this a much better demo repository because it would:

1. show how to configure cognito hosted UI through cloudformation (not a given, the documentation is horrible)
2. demonstrate an important AWS capability
3. make the authentication code relevant for people who don't use Vue.js
4. simplify a lot of unnecessary complexity in the front end (web site)
5. possibly even add server-side analytics through cognito triggers, or show how to integrate cognito and pinpoint

Hello,

thanks for this project - super awesome and inspiring! I have a question regarding checking quotas in such an application: How would one go and implement a pre-flight check on exceeded quotas?
Say, I have defined that the maximum number of applications per user is 10. Before creating the application for a user, I need to check if he or she has less than 10 apps already and if no, return an error response.
Should this data be maintained outside of the application or stored somewhere in the DynamoDB table?

USER_PASSWORD_AUTH is set in this project: https://github.com/awslabs/realworld-serverless-application/blob/30a2cf044fb77c2ea0faf69d33a26281e2ab5480/static-website/src/config.js#L12

This shouldn't be used by default as it's used mostly for migrations and SRP should be the default which Amplify uses. I recommend removing this.

Had a CloudFormation stack already deployed and could access the website. Tried to build from the source and deploy it again as:

aws cloudformation deploy --template-file target/sam/app/packaged-template.yaml --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND --stack-name realworld-serverless-app

The stack could not be created and gave the error:

Embedded stack arn:aws:cloudformation:us-east-1:091144949931:stack/realworld2-Backend-1FRU9J92MJ6YQ/3f78b710-ed16-11e9-a33f-1207b4ca758c was not successfully created: The following resource(s) failed to create: [Database].

Tried this a couple of times and got the exact same error.

Deleted the original stack, and then this new stack could be successfully deployed.

Might be related to #42

We should update the DDB table to have DeletionPolicy: Retain. We'd thought of this before launch, but couldn't get to it in time, because it's not quite as trivial as just adding the line to the template. Our integ tests create/teardown a new stack for every integration test run. Adding that DeletionPolicy would mean a DDB table would be left in the account for each integ test run, eventually hitting the table limit. Unfortunately, CFN doesn't support intrinsic functions in DeletionPolicy so we can't make that a prod stage only feature. So the alternative is to update the integ test setup/teardown code to manually delete the DDB table after the stack delete completes.

The ops stack contains API alarms, but does not currently alarm on the DLQ provided by the aws-dynamodb-stream-eventbridge-fanout app. It should include an alarm on the DLQ as an example of best practice alarming for async processing Lambda functions.

Hey there! I noticed some possible problems in some code in this repo. A quick summary of a few of them is below, but let me know if you're interested in seeing a full report or talking about cloud security in general.

severity: serious

filename: ./analytics/sam/cicd/template.yaml

line number(s): [184]

resource(s):

IAM policy should not allow * action

severity: warning

filename: ./analytics/src/test/resources/integ-test-env.template.yaml

line number(s): [19]

resource(s):

S3 Bucket should have access logging configured

severity: warning

filename: ./analytics/src/test/resources/integ-test-env.template.yaml

line number(s): [19]

resource(s):

S3 Bucket should have encryption option set

severity: warning

filename: ./analytics/sam/app/template.yaml

line number(s): [91]

resource(s):

IAM policy should not allow * resource

severity: warning

filename: ./analytics/sam/app/template.yaml

line number(s): [37]

resource(s):

S3 Bucket should have access logging configured

severity: warning

filename: ./analytics/sam/cicd/template.yaml

line number(s): [43, 184]

resource(s):

IAM policy should not allow * resource

severity: warning

filename: ./analytics/sam/cicd/template.yaml

line number(s): [377]

resource(s):

IAM role should not allow * resource on its permissions policy

The SSM parameter names are static. If i try to deploy a new stack with a different name, the new stack fails to create because CFN complains that the parameter names already exist

I am trying to build from source after doing certain changes in the parent sam template. I followed the instructions in the wiki and cloudformation stack failed with the below error

Error Message: "Transform AWS::Include failed with: The location parameter is not a valid S3 uri."
Nested Cloudformation Template giving this error: The template creating the API Gateway and Lambda resources for the backend. This template is the output of "aws cloudformation package" command by the root pom.xml.

Investigation:
After having a quick look, i found that the "aws cloudformation package" did not replace the local path referencing the swagger yaml file which is below
DefinitionBody:
Fn::Transform:
Name: AWS::Include
Parameters:
Location: ../../swagger/api.yaml

Which basically lead to failure.
Workaround: I manually changed the location attribute to reflect the relevant template file in my S3 bucket with s3 uri scheme.

Expectations: it should have replaced it with S3 URL in the first place

Packaging the deployment gives the following warning message:

ubuntu@ip-172-31-47-216:~/realworld-serverless-application$ mvn clean package -DpackageBucket=arun-sam-deployments
[INFO] Scanning for projects...
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for software.amazon.serverless:aws-ssm-caching-client:jar:1.0.0
[WARNING] 'build.plugins.plugin.version' for org.apache.maven.plugins:maven-compiler-plugin is missing. @ line 20, column 21
[WARNING] 'build.plugins.plugin.version' for org.apache.maven.plugins:maven-deploy-plugin is missing. @ line 46, column 21
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for com.amazonaws.serverless:realworld-serverless-application-backend:jar:0.1.5
[WARNING] 'build.plugins.plugin.version' for org.apache.maven.plugins:maven-deploy-plugin is missing. @ line 311, column 15
[WARNING] 
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING] 
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING] 

We should clean this up.

It'd be great to add an example of supporting feature toggles in this example app. Approach:

1. Reuse SSM for feature toggles. Can use dedicated namespace like /applications/apprepo/${Stage}/features/....
2. Should support per-customer feature enable like we do in prod.
3. ApiLambda code can have an if check for some example feature.
4. Add ops tool Lambda function to ops stack for flipping feature toggles to demo our approach to ops tools written as Lambda functions. Function can include logging auditing information.

When adding this, we should also add a wiki page for feature toggles in Patterns and Best Practices.

Currently the backend integ tests are self-contained in that they stand up test stacks, run the integ tests against those stacks and then tear down the test stacks. This captures one type of integ testing we do in SAR, but not the other kind, which is to test against the test environment (beta) stacks deployed by the pipeline. This is causing some confusion so we should also add a pipeline step to run integ tests against the deployed instance of the application after pipeline deployment.

The project is awesome, however, there are no instructions on how to develop/debug locally.
sam start-api does not work with the main template in the backend

mvn clean test fails with JDK 11

[INFO] Changes detected - recompiling the module!
[INFO] Compiling 1 source file to /home/ubuntu/realworld-serverless-application/aws-ssm-caching-client/target/classes
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] aws-ssm-caching-client 1.0.0 ....................... FAILURE [  4.712 s]
[INFO] realworld-serverless-application-backend 0.1.5 ..... SKIPPED
[INFO] realworld-serverless-application 0.1.5 ............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  5.454 s
[INFO] Finished at: 2019-10-11T17:10:00Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project aws-ssm-caching-client: Fatal error compiling: java.lang.ExceptionInInitializerError: com.sun.tools.javac.code.TypeTags -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

Fails while executing cloudformation template for website. possible issue could be line 54 in https://github.com/awslabs/realworld-serverless-application/blob/master/static-website/sam/app/template.yaml. No such directory ERROR