aws-cdk VS middy

environment: Specifies the environment variable that will be available to our Lambda function. In this case I wrote an environment for RDS Database. Anyway, later I will write about AWS CDK using Python for creating database clusters, etc.

Today, I will show you how to build Amazon Location Service, which allows you to build location-based applications within your AWS environment using AWS Cloud Development Kit (AWS CDK) and AWS CloudFormation. I will also show examples of the recently popular CDK Migrate and AWS CloudFormation IaC generator.

AWS Cloud Development Kit (CDK): is an open-source software development framework to define your cloud application resources using familiar programming languages.

I am not one to build programming languages on a whim. In fact, I've spent the last five years building the AWS CDK, which is a multi-language library that addresses some of the challenges I am talking about by allowing developers to define cloud infrastructure using their favorite programming language.

I recently started exploring SST as an alternative to my favorite full-stack set consisting of Projen, AWS CDK, and React. I have been thoroughly impressed with the experience so far. In this article, I will demonstrate how to create a Next.js App Router S3 Picture Uploader using SST.

AWS CDK

For KMS 🔑, Each key is ~$1/mo, and with CDK, keys are generated on a massive scale, if not centralized.

Here is a github repository containing the code and instructions on how to automate this whole setup using AWS CDK.

Now that you have a working smart contract event listener, we'll deploy the resources to AWS using AWS CDK, which is an Infrastructure as Code (IaC) tool. AWS CDK allows you to configure, deploy, and manage AWS cloud resources using popular programming languages such as TypeScript.

✨ Synthesis time: 14.44s CdkScheduledReportingStack: start: Building f3a91fb0ff1605e49b4b00aa223098d7a9a5307e98027f77aecc36bc05a4c3e7:current_account-current_region CdkScheduledReportingStack: success: Built f3a91fb0ff1605e49b4b00aa223098d7a9a5307e98027f77aecc36bc05a4c3e7:current_account-current_region CdkScheduledReportingStack: start: Publishing f3a91fb0ff1605e49b4b00aa223098d7a9a5307e98027f77aecc36bc05a4c3e7:current_account-current_region CdkScheduledReportingStack: start: Building 517f907ce2318aa1a929b43bc1a0247ed509c92576c23a0a8aadfe1677f2ebd7:current_account-current_region CdkScheduledReportingStack: success: Built 517f907ce2318aa1a929b43bc1a0247ed509c92576c23a0a8aadfe1677f2ebd7:current_account-current_region CdkScheduledReportingStack: start: Publishing 517f907ce2318aa1a929b43bc1a0247ed509c92576c23a0a8aadfe1677f2ebd7:current_account-current_region CdkScheduledReportingStack: success: Published 517f907ce2318aa1a929b43bc1a0247ed509c92576c23a0a8aadfe1677f2ebd7:current_account-current_region CdkScheduledReportingStack: success: Published f3a91fb0ff1605e49b4b00aa223098d7a9a5307e98027f77aecc36bc05a4c3e7:current_account-current_region This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening). Please confirm you intend to make the following modifications: IAM Statement Changes ┌───┬────────────────────────────────────────┬────────┬───────────────────────┬────────────────────────────────────────┬───────────────────────────────────────────────┐ │ │ Resource │ Effect │ Action │ Principal │ Condition │ ├───┼────────────────────────────────────────┼────────┼───────────────────────┼────────────────────────────────────────┼───────────────────────────────────────────────┤ │ + │ ${SalesReportFunction.Arn} │ Allow │ lambda:InvokeFunction │ Service:events.amazonaws.com │ "ArnLike": { │ │ │ │ │ │ │ "AWS:SourceArn": "${Rule.Arn}" │ │ │ │ │ │ │ } │ ├───┼────────────────────────────────────────┼────────┼───────────────────────┼────────────────────────────────────────┼───────────────────────────────────────────────┤ │ + │ ${SalesReportFunction/ServiceRole.Arn} │ Allow │ sts:AssumeRole │ Service:lambda.amazonaws.com │ │ ├───┼────────────────────────────────────────┼────────┼───────────────────────┼────────────────────────────────────────┼───────────────────────────────────────────────┤ │ + │ ${SalesReportTopic} │ Allow │ sns:Publish │ AWS:${SalesReportFunction/ServiceRole} │ │ └───┴────────────────────────────────────────┴────────┴───────────────────────┴────────────────────────────────────────┴───────────────────────────────────────────────┘ IAM Policy Changes ┌───┬────────────────────────────────────┬────────────────────────────────────────────────────────────────────────────────┐ │ │ Resource │ Managed Policy ARN │ ├───┼────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────┤ │ + │ ${SalesReportFunction/ServiceRole} │ arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole │ └───┴────────────────────────────────────┴────────────────────────────────────────────────────────────────────────────────┘ (NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299) Do you wish to deploy these changes (y/n)?

In many cases, you will have to write the same authorization code in multiple functions. For example, you might want to check that the user is in the requested organization. You can share this code in a middleware. If you are using AWS Lambda, you can rely on middy.

Adding the is-test flag to our object metadata gave us our way of passing some kind of test context into our workload. The next step was to make the Lambda Function capable of discovering the context and then using that to control how it behaves under test. For this we used Middy.

I also decided to use the middy library to add CORS management to our lambda function. This will allow us to call our lambda function from our frontend, without having to worry about CORS.

Is there any equivalent to Node based https://middy.js.org/ for Golang?

And if your requirements were to change at a later date, it’s straightforward to swap out SSM Parameter Store with Secrets Manager there and then. Especially if you’re accessing the relevant service through a middleware layer such as Middy for javascript Lambda functions.

This function uses the Middy middleware engine to handle unhandled errors and add CORS headers in the response.

I mean I'm literally building an AWS lambda function that outputs HTML when it's called via API Gateway. So someone hits https://mydomain.com/mycoolpage, then the MyCoolPage AWS Lambda function is executed and outputs whatever.

If you're interested, I use https://middy.js.org/ as a middleware engine for my AWS lambda functions which I find helpful.

I use the open sourced serverless framework for doing deploys https://www.serverless.com/

middy for lambda-side middleware

That is it from the CDK side. Now let us create the handler and retrieve that secret. I like to use middy which describes itself as "stylish Node.js middleware engine for AWS Lambda". It offers some helpful middlewares like ssm which will help us retrieve and cache values from SSM Parameter Store. (Middy provides various other official middlewares including one for Secrets Manager.) I prefer a middleware for this because it keeps the code for retrieving the secret out of your handler which should deal with actual business logic.