AWS CDK: Amazon API Gateway integration for SQS

December 7th, 2020 327 Words

Most people know Amazon API Gateway from using it to build HTTP interfaces for AWS Lambda functions. But, in general, you can use API Gateway to call a variety AWS APIs using HTTPS. This post shows how to create an HTTPS interface for Amazon SQS using the AWS Cloud Development Kit.

When building serverless application, you are used to decouple components. Most approaches for loosely coupled services use API Gateway to trigger an AWS Lambda function and the AWS SDK to send a message to SQS. But, you can integrate SQS directly in Amazon API Gateway!

SQS and IAM

To get started, create an SQS queue with the AWS Cloud Development Kit and construct an IAM Role that can be assumed by the apigateway.amazonaws.com principle and grants access to use the sqs:SendMessage action for the created queue.

const messageQueue = new sqs.Queue(this, "Queue");

const credentialsRole = new iam.Role(this, "Role", {
  assumedBy: new iam.ServicePrincipal("apigateway.amazonaws.com"),
});

credentialsRole.attachInlinePolicy(
  new iam.Policy(this, "SendMessagePolicy", {
    statements: [
      new iam.PolicyStatement({
        actions: ["sqs:SendMessage"],
        effect: iam.Effect.ALLOW,
        resources: [messageQueue.queueArn],
      }),
    ],
  })
);

Amazon API Gateway

Using the AWS Integration in Amazon API Gateway, you can call AWS APIs whenever a matching HTTP request is handled by Amazon API Gateway. Create a new Rest API and configure an HTTP method and resource:

const api = new apigateway.RestApi(this, "Endpoint", {
  deployOptions: {
    stageName: "run",
    tracingEnabled: true,
  },
});

const queue = api.root.addResource("queue");
queue.addMethod(
  "GET",
  new apigateway.AwsIntegration({
    service: "sqs",
    path: `${cdk.Aws.ACCOUNT_ID}/${messageQueue.queueName}`,
    integrationHttpMethod: "POST",
    options: {
      credentialsRole,
      passthroughBehavior: apigateway.PassthroughBehavior.NEVER,
      requestParameters: {
        "integration.request.header.Content-Type": `'application/x-www-form-urlencoded'`,
      },
      requestTemplates: {
        "application/json": `Action=SendMessage&MessageBody=$util.urlEncode("$method.request.querystring.message")`,
      },
      integrationResponses: [
        {
          statusCode: "200",
          responseTemplates: {
            "application/json": `{"done": true}`,
          },
        },
      ],
    },
  }),
  { methodResponses: [{ statusCode: "200" }] }
);

After deploying this CloudFormation stack, you have an Amazon API Gateway for sending messages to SQS. Just use curl to send a simple GET request to the created endpoint.

$ > curl https://a4c1sff3v.execute-api.eu-central-1.amazonaws.com/run/queue\?message\=example

{"done": true}

Now, have a look at your SQS queue. There is a new message!

AWS: Encrypted SQS with SNS Subscription using KMS

December 17th, 2020 486 Words

To decouple services on AWS, it’s a common pattern to use Amazon SQS and Amazon SNS. With AWS Key Management Service, you can encrypt the messages stored in the SNS topic and SQS queue. For the AWS Cloud Development Kit using TypeScript, you can easily create an architecture for secure message processing.
AWS: CloudFormation StackSet IAM Roles

December 11th, 2020 270 Words

With AWS CloudFormation StackSets you can deploy a CloudFormation template to multiple AWS Accounts or AWS Regions. You can use the AWS Management Console, the AWS CLI, or CloudFormation to use StackSets. Before using StackSets, you need to configure specific IAM roles to be used with CloudFormation StackSets.
AWS CDK: API Gateway Service Integration for Step Functions

December 7th, 2020 380 Words

Most people only use Amazon API Gateway as an HTTP interface to invoke AWS Lambda functions. But, the service has way more to offer. For example, you can easily create an HTTP interface for nearly any AWS Service; not only AWS Lambda. Based on the previous post, on how to create a State Machine with AWS Step Functions and AWS Cloud Development Kit, this post describes how to create an HTTP interface to start an execution of a State Machine using the AWS CDK.
AWS CDK: State Machine with Step Functions

December 6th, 2020 435 Words

With AWS Step Functions, you can easily orchestrate serverless functions and sequence them with other AWS services to a bundle application. You can create AWS Step Functions with CloudFormation, the AWS Cloud Development Kit, or - of course - using the visual interface available in the AWS Management Console. This post shows how to orchestrate AWS Lambda functions to a simple State Machine using AWS Step Functions.
AWS CDK Construct: Lambda Fleet for Dockerfile

December 6th, 2020 463 Words

Using the AWS Cloud Development Kit, deploying a AWS Lambda function using Docker container images is pure gold. The installation of dependencies for Lambda functions always stressed me out. Regardless of using Node.js or Python, managing dependencies for AWS Lambda was never fun.
AWS CDK: Deploy Lambda with Docker

December 5th, 2020 195 Words

The AWS Cloud Development Kit supports building docker images for AWS Lambda. With the most recent version, the CDK builds your docker images if needed and can push the image directly to AWS Elastic Container Registry. Personally, I think this is a great feature. With supporting docker images, AWS Lambda has immutable deployment artifacts!
Event-Driven Continuous Integration & Delivery

December 2nd, 2020 717 Words

The more complex your application and architecture becomes, the more complex your deployment process usually gets. Most people and engineering teams only think about pipelines as a fix path of actions, that need to happen in a specific order. That’s true, no questions about that. But your process for Continuous Integration and Continuous Delivery does not need to be a monolith!