In this module you'll use API Gateway to expose the Lambda function you built in the previous module as a RESTful API. This API will be accessible on the public Internet. It will be secured using the Amazon Cognito user pool you created in the previous module. Using this configuration you will then turn your statically hosted website into a dynamic web application by adding client-side JavaScript that makes AJAX calls to the exposed APIs.
The diagram above shows how the API Gateway component you will build in this module integrates with the existing components you built previously. The grayed out items are pieces you have already implemented in previous steps.
The static website you deployed in the first module already has a page configured to interact with the API you'll build in this module. The page at /ride.html has a simple map-based interface for requesting a unicorn ride. After authenticating using the /signin.html page, your users will be able to select their pickup location by clicking a point on the map and then requesting a ride by choosing the "Request Unicorn" button in the upper right corner.
This module will focus on the steps required to build the cloud components of the API, but if you're interested in how the browser code works that calls this API, you can inspect the ride.js file of the website. In this case the application uses jQuery's ajax() method to make the remote request.
Each of the following sections provide an implementation overview and detailed, step-by-step instructions. The overview should provide enough context for you to complete the implementation if you're already familiar with the AWS Management Console or you want to explore the services yourself without following a walkthrough.
If you're using the latest version of the Chrome, Firefox, or Safari web browsers the step-by-step instructions won't be visible until you expand the section.
Use the Amazon API Gateway console to create a new API.
Step-by-step instructions (expand for details)
Amazon API Gateway can use the JWT tokens returned by Cognito User Pools to authenticate API calls. In this step you'll configure an authorizer for your API to use the user pool you created in module 2.
In the Amazon API Gateway console, create a new Cognito user pool authorizer for your API. Configure it with the details of the user pool that you created in the previous module. You can test the configuration in the console by copying and pasting the auth token presented to you after you log in via the /signin.html page of your current website.
Step-by-step instructions (expand for details)
-
Under your newly created API, choose Authorizers.
-
Chose Create New Authorizer.
-
Enter
WildRydes
for the Authorizer name. -
Select Cognito for the type.
-
In the Region drop-down under Cognito User Pool, select the Region where you created your Cognito user pool in module 2.
-
Enter
WildRydes
(or the name you gave your user pool) in the Cognito User Pool input. -
Enter
Authorization
for the Token Source. -
Choose Create.
-
Open a new browser tab and visit
/ride.html
under your website's domain. -
If you are redirected to the sign-in page, sign in with the user you created in the last module. You will be redirected back to
/ride.html
. -
Copy the auth token from the notification on the
/ride.html
, -
Go back to previous tab where you have just finished creating the Authorizer
-
Click "Test", paste it into the Authorization Token field in the popup dialog.
-
Click Test button and verify that you see the claims for your user displayed.
Create a new resource called /ride within your API. Then create a POST method for that resource and configure it to use a Lambda proxy integration backed by the RequestUnicorn function you created in the first step of this module.
Step-by-step instructions (expand for details)
-
In the left nav, click on Resources under your WildRydes API.
-
From the Actions dropdown select Create Resource.
-
Enter
ride
as the Resource Name. -
Ensure the Resource Path is set to
ride
. -
Click Create Resource.
-
With the newly created
/ride
resource selected, from the Action dropdown select Create Method. -
Select
POST
from the new dropdown that appears, then click the checkmark. -
Select Lambda Function for the integration type.
-
Check the box for Use Lambda Proxy integration.
-
Select the Region you are using for Lambda Region.
-
Enter the name of the function you created in the previous module,
RequestUnicorn
, for Lambda Function. -
Choose Save. Please note, if you get an error that you function does not exist, check that the region you selected matches the one you used in the previous module.
-
When prompted to give Amazon API Gateway permission to invoke your function, choose OK.
-
Choose on the Method Request card.
-
Choose the pencil icon next to Authorization.
-
Select the WildRydes Cognito user pool authorizer from the drop-down list, and click the checkmark icon.
Modern web browsers prevent HTTP requests from scripts on pages hosted on one domain to APIs hosted on another domain unless the API provides cross-origin resource sharing (CORS) response headers that explicitly allow them. In the Amazon API Gateway console you can add the necessary configuration to send the appropriate CORS headers under the action menu when you have a resource selected. You should enable CORS for POST and OPTIONS on your /ride resource. For simplicity, you can set the Access-Control-Allow-Origin header value to '*', but in a production application you should always explicitly whitelist authorized domains to mitigate cross-site request forgery (CSRF) attacks.
For more information about CORS configurations in general, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
Step-by-step instructions (expand for details)
-
In the Amazon API Gateway console, in the middle panel, select the
/ride
resource. -
From the Actions drop-down list select Enable CORS.
-
Use the default settings and choose Enable CORS and replace existing CORS headers.
-
Choose Yes, replace existing values.
-
Wait for a checkmark to appear next to all the steps.
From the Amazon API Gateway console, choose Actions, Deploy API. You'll be prompted to create a new stage. You can use prod for the stage name.
Step-by-step instructions (expand for details)
-
In the Actions drop-down list select Deploy API.
-
Select [New Stage] in the Deployment stage drop-down list.
-
Enter
prod
for the Stage Name. -
Choose Deploy.
-
Note the Invoke URL. You will use it in the next section.
Update the /js/config.js file in your website deployment to include the invoke URL of the stage you just created. You should copy the invoke URL directly from the top of the stage editor page on the Amazon API Gateway console and paste it into the _config.api.invokeUrl key of your sites /js/config.js file. Make sure when you update the config file it still contains the updates you made in the previous module for your Cognito user pool.
Step-by-step instructions (expand for details)
If you completed module 2 manually, you can edit the config.js
file you have saved locally. If you used the AWS CloudFormation template, you must first download the config.js
file from your S3 bucket. To do so, visit /js/config.js
under the base URL for your website and choose File, then choose Save Page As from your browser.
-
Open the config.js file in a text editor.
-
Update the invokeUrl setting under the api key in the config.js file. Set the value to the Invoke URL for the deployment stage your created in the previous section.
An example of a complete
config.js
file is included below. Note, the actual values in your file will be different.window._config = { cognito: { userPoolId: 'us-west-2_uXboG5pAb', // e.g. us-east-2_uXboG5pAb userPoolClientId: '25ddkmj4v6hfsfvruhpfi7n4hv', // e.g. 25ddkmj4v6hfsfvruhpfi7n4hv region: 'us-west-2' // e.g. us-east-2 }, api: { invokeUrl: 'https://rc7nyt4tql.execute-api.us-west-2.amazonaws.com/prod' // e.g. https://rc7nyt4tql.execute-api.us-west-2.amazonaws.com/prod, } };
-
Save your changes locally.
-
In the AWS Management Console, choose Services then select S3 under Storage.
-
Choose your website bucket and then browse to the
js
key prefix. -
Choose Upload.
-
Choose Add files, select the local copy of
config.js
and then click Next. -
Choose Next without changing any defaults through the
Set permissions
andSet properties
sections. -
Choose Upload on the
Review
section.
Note: It's possible that you will see a delay between updating the config.js file in your S3 bucket and when the updated content is visible in your browser. You should also ensure that you clear your browser cache before executing the following steps.
-
Visit
/ride.html
under your website domain. -
If you are redirected to the sign in page, sign in with the user you created in the previous module.
-
After the map has loaded, click anywhere on the map to set a pickup location.
-
Choose Request Unicorn. You should see a notification in the right sidebar that a unicorn is on its way and then see a unicorn icon fly to your pickup location.
Congratulations, you have completed the Wild Rydes Web Application Workshop! Check out our other workshops covering additional serverless use cases.
See this workshop's cleanup guide for instructions on how to delete the resources you've created.