Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Improve Your AWS Lambda Development With Sigma

DZone's Guide to

Improve Your AWS Lambda Development With Sigma

In this article, we cover how the Sigma IDE can be used alongside your Lambda development environment to implement an authentication service.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

A few weeks back, I wrote an article about implementing a Simple Authentication Service with AWS Lambda. Implementing that service was not that straightforward. If you are doing that on your own, then you need to go through several docs on API Gateway, RDS, and Lambda. Believe me, that is not an easy thing to do.

With Sigma, you only need an AWS account, GitHub account, and a web browser. Yes, you are right, you don’t have to refer the AWS docs. All the hard work, including deployment, is handled by Sigma. You don’t even have to log in to your AWS console. 

Sigma itself is a native Serverless system. It's not an existing cloud IDE re-branded as a Serverless application development environment. Hence, it does not require a server/VM or an EC2 instance as a backend. It’s a customized editor only for the development and deployment of Serverless applications, and hence lightweight and fast, and it operates completely within your browser. ( https://www.slappforge.com/)

Let’s try to implement the same authentication service with Sigma IDE.

Create an account on Sigma and provide your AWS Credentials (you can refer the article “Serverless: Getting started with SLAppForge Sigma” to get a clear idea of setting up the IDE including the getting AWS credentials).

If you don't feel like reading, just select this sample from Sigma IDE and deploy it on AWS. :p

First, you need to set API Gateway as the trigger for this lambda. At the moment, no trigger has been set for this lambda function. The red icon notifies us of that. To do set a trigger, drag and drop an API Gateway resource on to the function. Fill up the fields with the relevant information.

Image title

After setting up the trigger, you can see that the red icon turns to green. This means that the trigger has been configured properly.

Then drag and drop an RDS resource from the left panel and fill up the fields.

rds-setup-sigma

Use the following query as the initial query.

CREATE TABLE users (        
  UserId int NOT NULL AUTO_INCREMENT,    
  Email varchar(255) NOT NULL UNIQUE,    
  Password varchar(255) NOT NULL,    
  LastName varchar(255),    
  FirstName varchar(255),    
  Address varchar(255),    
  PRIMARY KEY (UserId)
);

Select Query as the preferred operation and put the following SQL query and the inserts for the values.

Query : INSERT INTO users (Email, Password, LastName, FirstName, Address) VALUES (?, ?, ?, ?, ?)

Inserts : event.email, event.password, event.lastName, event.firstName, event.address

You can customize the generated lambda as you wish and the final lambda should look like this:

let AWS = require('aws-sdk');
let connectionManager = require('./ConnectionManager');
let SL = require('@slappforge/slappforge-sdk');
const rds = new SL.AWS.RDS(connectionManager);
exports.handler = function (event, context, callback) {

  let response;
	// Replace the query with the actual query
	// You can pass the existing connection to this function.
	// A new connection will be created if it's not present as the third param 
	// You must always end the DB connection after it's used
	rds.query({
		instanceIdentifier: 'authDatabase',
		query: 'INSERT INTO users (Email, Password, LastName, FirstName, Address) VALUES (?, ?, ?, ?, ?);',
		inserts: [event.email, event.password, event.lastName, event.firstName, event.address]
	}, function (error, results, connection) {
		if (error) {
			response = error;
			throw error;
		} else {
			response = "Successfully added a new user with email";
			console.log(results);
		}
		connection.end();
		callback(null, response);
	});
}

Now the signup API is done. Note that we haven’t configured the sign in API. Similarly, you can configure that by adding a new lambda to your project. Everything is the same as the above except that the same database should be used for this lambda as well. So, instead of creating a new RDS instance, select the previously created instance from the existing tab.

Image title

Query : SELECT * FROM users WHERE Email = ? AND Password = ?

Inserts: event.email, event.password

Return true or false accordingly after checking the user. The complete lambda should look as follows:

let AWS = require('aws-sdk');
let connectionManager = require('./ConnectionManager');
let SL = require('@slappforge/slappforge-sdk');
const rds = new SL.AWS.RDS(connectionManager);
exports.handler = function (event, context, callback) {

  let successfullyLoggedIn = false;
	// Replace the query with the actual query
	// You can pass the existing connection to this function.
	// A new connection will be created if it's not present as the third param 
	// You must always end the DB connection after it's used
	rds.query({
		instanceIdentifier: 'authDatabase',
		query: 'SELECT * FROM users WHERE Email = ? AND Password = ?',
		inserts: [event.email, event.password]
	}, function (error, results, connection) {
		if (error) {
			throw error;
		} else {
			successfullyLoggedIn = results.length > 0;
		}

		connection.end();
		callback(null, successfullyLoggedIn);
	});
}

Now all the work is done. Just click on the deploy button to build and deploy the project on AWS. After successfully deploying, the project IDE will notify you. Now the testing part comes in.

Testing

  • Now, first to signup, send an HTTP POST request to the signup endpoint which you can find from the API Gateway console, with a sample JSON payload as follows.
{  
  "email": "randika@adroitlogic.com",  
 "password": "12345678",  
 "lastName": "Navagamuwa",  
 "firstName": "Randika",  
 "address": "12 A /5, Pirivena Rd, Mount Lavinia"
}
  • In the signup call, an entry will be added to the user's table. If you were successful, you’ll get a 200 OK response with the response message, Successfully added a new user with email.
  • Then, to check the sign in, send an HTTP POST request to the sign in endpoint (https://{api-id}.execute-api.{region}.amazonaws.com/prod/signin) you found in the earlier steps with a sample JSON payload as follows. Note that the values should match the values used in signup request.
{  
  "email": "randika@adroitlogic.com",  
 "password": "12345678"
}
  • If the sign in is successful, you’ll get a 200 OK response with the response message true.

Please note that this is a simple service, which is deployed just to demonstrate the usages of some AWS Services.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
serverless development ,authentication ,security ,aws security ,cloud security

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}