I just went through a really fun tutorial creating an app on AWS that allows a user to log-in and request to be picked up by a Unicorn. The best part about the tutorial is that it introduces you to so many parts of AWS including:
- Hosting a static HTML/JS/CSS Site on S3 - but also how to make it publicly accessible on a URL.
- Using Amazon Cognito User Pools to handle registration, login, and general authorization.
- AWS Lambda which showed how to take a NodeJS Script and run it as a Lambda. This acted as the back-end for requesting a Unicorn
- Amazon DynamoDB, which is where the rides were stored by the Lambda
- Amazon API Gateway for exposing that Lambda function to the front-end.
- IAM Roles for giving my Lambda access to write to the correct database.
When you go through the tutorial it all seems so strait-forward and simple but I know I would have really stumbled through it had I been trying to do it all from scratch.
I have an existing app that I need to get deployed so I'm going to take what I've learned and attempt to apply that. I had already implemented a basic authentication but I may try and swap it out with Amazon's Cognito user pool. We shall see.
If you're interested in trying out the tutorial for yourself, you can check it out here: https://aws.amazon.com/getting-started/projects/build-serverless-web-app-lambda-apigateway-s3-dynamodb-cognito/
I was left with a few questions after completing the tutorial:
- How does someone keep all of the parts of a single project grouped? What happens when it's time to shut down a project? How do you remember which DynamoDB Tables went to what? Which IAM roles were for this project? Which API Gateways? I feel like if I were juggling multiple projects at once that were entirely unrelated, I'd have a hard time keeping things organized and tracked.
- This tutorial had it setup that the authentication to the user pool was in front of the Lambda function, but what if that function had a few different methods, and I wanted some of those endpoints to be protected but others not. I assume the auth can happen inside of your NodeJS code, but I'm not quite sure how yet.