Monthly Archives: December 2016

AWS Serverless Computing Example: Wild Rydes Part Deux

WildRydes Admin Interface

In my last blog post, I mentioned how I was working my way through @jpignata‘s excellent tutorial on GitHub on how to work with AWS Lambda Services, API Gateway, etc.  I work through the tutorial when I have a few minutes to spare and am finding it quite enjoyable.  AWS Lambda Services and the API Gateway are pretty fun and interesting to work with.

In Lab 3 of the tutorial we create an Admin Interface to allow authenticated users the ability to view the email addresses that have been added to the DynamoDB database.  Admin Users are authenticated by the Admin Interface against a Cognito User Pool.  This lab was pretty straight-forward as I did not fat-finger as any mistakes this time.  However, I did take note of the following:

API Gateway URL Notes:

  • Make sure to ‘Deploy API’ after you make changes to your API Gateway.  Many times I thought my configuration updates simply weren’t correct, when in fact I had simply forgotten to deploy the updates to ‘prod’.
  • Simply adding ‘Authorizers’ on your API Gateway is not sufficient for protecting the URL endpoint.  You have to also add the Authorizer to the Method Request ‘Authorization’ of the URL endpoint.  I found that my API endpoints were not protected until I remembered to do this step:

Lambda CI/CD Pipelines

As I am slowly working up to doing something more substantial with Lambda Services, I am curious how one might integrate Lambda Serverless Code into a CI/CD Pipeline.  It seems you can use Gulp/Grunt with the gulp-awslambda plugin (https://www.npmjs.com/package/gulp-awslambda) to accomplish this.  I need to to try this out.

My Admin screen is available on CloudFront, but you can’t log in.

My API Gateway Endpoint is publicly available as well, but it should be protected against unauthenticated users: https://wlqmlbphqc.execute-api.us-east-1.amazonaws.com/prod/emails

What a great tutorial!!  One more Lab to finish and I’ll hopefully be off building something real…

Some Randomness : ‘The Black Bear’

My girlfriend and I have been watching ‘Black Mirror’ on Netflix occasionally.  Last night, we watched the ‘White Bear’ episode, which freaked me out, as most episodes do.  But, it also made me think of one of my favorite Bagpipe Tunes, ‘The Black Bear’.  Hear some renditions to make your cubicle-bound blood start pumping:

Paaaaaaaassssssss. In. Revieeeeeeeeeewwwwwwwwwwwwwwwwww!!!!!

AWS Serveless Computing Example: Wild Rydes Part I

I’ve been working through a tutorial I started in a session I took at AWS re:Invent 2016.  I did not finish the tutorial in class so I started working on it again after getting home from the conference.  The tutorial is on GitHub if you care to follow along.

Admittedly, I’m not the sharpest knife in the drawer(but I am made of the hardest, most persistent steel…they call me, ‘Blue Steel’ – said in my best Ben Stiller voice).  It took me a while to figure out why I could not get the AWS Javascript SDK to allow unauthorized users, vis-a-vis AWS Cognito, to access my DynamoDB Email Table.  Here are some errors and things I learned troubleshooting this:

The latest Firefox browser seems to give better clues about why things are not working in the Developer Console than Google Chrome.  Using Google Chrome, I kept seeing an error like, “Missing Credentials In Config”, and was really confused what exactly that meant.  I was following the tutorial exactly, as far as I could tell, so I could not discern whether this error was from a code change I made or an AWS configuration problem?  Then I looked at my website in Firefox, using the Firefox Developer Console, and could see a little bit better what was going on.

Here’s my main error as seen in the Google Chrome Developer Console:

And here’s the same error as reported by Firefox Developer Console:

Ahh!  So a ‘ResourceNotFoundException’ is being thrown.  Now I could see that my Javascript code probably wasn’t the problem and that my Cognito/IAM Role Configuration might be the culprit.

After further investigation..a day (or so) later…I discovered a simple typo in my DynamoDB Table Name:

The table name should have been ‘Wildrydes_Emails’.  Seriously?!?!  Yes, I’m an idiot (but one made of ‘Blue Steel’…).  Once that was corrected, I was finally able to get my unauthenticated Cognito Role to access my DynamoDB Table.

There is still work to be done in this tutorial, and I’ll blog about any issues I overcome as I encounter them.  My work is being hosted in my AWS account on Cloudfront, so feel free to check it out and submit your email to my DynamoDB database.  Let’s get this startup rolling!

http://d39nkefhhvszkn.cloudfront.net/

'Out of the Box' Rubik

Infrastructure As Code

I recently read this article and listened to the 2015 AWS re:Invent session on the same.  This discussion really resonated with me.  I’m excited to try to automate everything, including infrastructure deployments, in my future development projects.  I like the idea of using automated testing frameworks, such as serverspec, for testing infrastructure deployments.

My three big take-aways from the video:

  1. If it’s not automated, it’s not done.
  2. If it moves, measure it.
  3. if its’ not monitored, it doesn’t exist.

My Path to AWS Certified Solution Architect – Associate

On December 1st, 2016, I took and passed the AWS Certified Solutions Architect – Associate Exam.  I took the exam at the AWS re:Invent Conference in Las Vegas, and by ‘passed’, I mean by the skin of my teeth!  But to me, passing is all that matters and I achieved that objective.  Here are some notes on how I prepared for this certification exam:

  • I tried to use AWS Services as much as possible.  I signed up for a free for one year account and started deploying some small applications I had written to EC2.  Initially, I ran MySQL on one of my EC2 instances, but when I discovered RDS, I learned that RDS is an easier and more cost effective approach to using an RDBMS in the cloud.  Aurora and DynamoDB are some other excellent options for cloud-based databases.
  • I bought the Official Study Guide for this certification and started studying it and working through the exercises in the book about two months prior to my exam.  As I am now done with this book, I am happy to mail it the first request for free as long as you agree to pay for shipping.  I have marked my copy up pretty good, however, and I’ve circled all of the answers to the practice test questions in ink.
  • I paid $20 to take the AWS Practice Exam.  I failed it with a 50% score and almost ended up re-scheduling the real exam.  I decided, however, to double-down on my studying and to stick my original plan.  This is one gamble of mine that actually paid off.
  • I attended the 2016 AWS re:Invent Conference in Las Vegas and participated in the Monday Night Hackathon.  Here I quickly learned how to deploy REST services on AWS Lambda using the API Gateway service.  I also learned a bit more about DynamoDB in the process.  The Hackathon helped to focus my understanding of some services, and the re:Invent Conference helped to broaden my understanding of many others.
  • I took my certification exam on Wednesday Night of the conference at 8pm in the Venetian Hotel.  I thought I would be the only one taking an exam at that time of night, but there were at least 15 other folks in the examination room with me.

Here are some of my associated exam expenses along the way:

  • The Official Study Guide on Amazon.com: $57
  • Scheduling the Certification Exam: $150
  • Practice Exam: $20
  • AWS re:Invent 2016 Conference: $1600
  • Travel and Lodging at Las Vegas (me, girlfriend and kids): $750
  • Estimated Exam Focused Time Investment: 2 months
  • Estimated Total Investment: $2,577

AWS re:Invent Conference

So was my investment in this certification worth it?  One thing I learned at the re:Invent conference in Vegas is that if you want to win big, you have to bet big.  I think this investmAWS Solutions Architect Associate Certification Study Guideent was a pretty big bet as far as certifications and technical focus are concerned.  I don’t think attending the re:Invent conference was necessary in passing the certification exam, however, but I do think it was necessary in trying to accurately gauge the viability of the AWS Cloud Platform in the coming years.  Participating in the Hackathon was a great way to get focused on approaches to deploying solutions to the AWS Cloud in a team environment.  AWS re:InventAttending the AWS re:Invent conference helped me to broaden my perception of the sheer breadth of AWS Cloud offerings, not to mention the insight I received in learning about some of the innovative ways companies are using AWS Cloud now.  I witnessed over 30,000 conference participants, from all over the world, attending sessions from 8am to 8pm non-stop, learning as much as they could about the AWS platform.  I, too, drank the cool-aid and truly believe AWS Cloud is a secure, cost effective, highly elastic, high performance platform for all types of software applications.  And I don’t see any other cloud company as a close competitor to Amazon right now, nor may we ever.  Amazon has built their Cloud Platform from lessons learned being the largest E-Commerce Platform in the world.  I feel like I’ve made a safe bet.

AWS re:Play Party

Financial costs aside, the re:Play Party at the end of the AWS conference was truly amazing!  There were drinks (lots of drinks), t-shirts, amazing, amazing food, retro video games, mechanical bull riding, foosball, etc. etc. Time to re:Play I’m sure there was even more stuff, I just couldn’t take it all in.  Then there was the headline performance by DJ Martin Garrix, which was radical.  I took my girlfriend to the party and we had an amazing time.  It was an amazing week in Las Vegas, which ended with a quick family jaunt to the Grand Canyon, but I’ll save that for another blog post.

Foosball