I just went through a really fun tutorial creating an app on AWS that allows a user to log-in and request to be picked up by a Unicorn. The best part about the tutorial is that it introduces you to so many parts of AWS including:

  1. Hosting a static HTML/JS/CSS Site on S3 - but also how to make it publicly accessible on a URL.
  2. Using Amazon Cognito User Pools to handle registration, login, and general authorization.
  3. AWS Lambda which showed how to take a NodeJS Script and run it as a Lambda. This acted as the back-end for requesting a Unicorn
  4. Amazon DynamoDB, which is where the rides were stored by the Lambda
  5. Amazon API Gateway for exposing that Lambda function to the front-end.
  6. IAM Roles for giving my Lambda access to write to the correct database.

When you go through the tutorial it all seems so strait-forward and simple  but I know I would have really stumbled through it had I been trying to do it all from scratch.

I have an existing app that I need to get deployed so I'm going to take what I've learned and attempt to apply that. I had already implemented a basic authentication but I may try and swap it out with Amazon's Cognito user pool. We shall see.

If you're interested in trying out the tutorial for yourself, you can check it out here: https://aws.amazon.com/getting-started/projects/build-serverless-web-app-lambda-apigateway-s3-dynamodb-cognito/

I was left with a few questions after completing the tutorial:

  1. How does someone keep all of the parts of a single project grouped? What happens when it's time to shut down a project? How do you remember which DynamoDB Tables went to what? Which IAM roles were for this project? Which API Gateways? I feel like if I were juggling multiple projects at once that were entirely unrelated, I'd have a hard time keeping things organized and tracked.
  2. This tutorial had it setup that the authentication to the user pool was in front of the Lambda function, but what if that function had a few different methods, and I wanted some of those endpoints to be protected but others not. I assume the auth can happen inside of your NodeJS code, but I'm not quite sure how yet.