Presentation by Matt Barlow Someone just gave you an idea for a new microservice. How quickly can you build it? Using Swagger, API Gateway, and Lambda, we'll go from idea to HTTP response with just a few edits. We'll look at how Swagger can auto generate our API Gateway service, docs, client libraries, monitors, and tests, saving us a ton of work. We'll make code changes, version them in Lambda, and evaluate them with curl or Postman in seconds.

1. Building Microservices with
API Gateway and Lambda
@mattjbarlow
github.com/mattjbarlow
DevOps Days Austin 2016
Revenge of the Devs

2. What we will talk about
Swagger
API Gateway
Lambda
DynamoDB

3. What we will talk about
Swagger
API Gateway
Lambda
DynamoDB
API Spec File
Proxy / Router / URL
Backend Code
Data

4. With Swagger you can auto-generate...
Documentation Monitoring Tests
Integration Tests
Client Libraries

5. We Never Edit API Gateway Directly
We Edit Swagger
which is imported into...
API Gateway Monitoring Docs Tests

6. Example Microservice
Teammates want the ability to run a Lambda Function exactly one time in the
future.

7. Solution
At Job Microservice
A microservice that mimics the Unix at command for Lambda.

8. The At Command
First appears in 1979 as part of Unix Version 7.

9. Design

10. API Methods
Path Operation OperationID Description
/atq GET list_jobs List all jobs
/atq POST create_job Create an at job
/atq/{id} GET describe_job Describe an at job
/atq/{id} DELETE delete_job Delete an at job
A method is a combination of a resource path and an operation.

11. Objects
Name Type Format Required?
jobid string uuid yes
lambdaArn string arn no
time string dateTime no
atJob
The object will define the response that our API returns.

12. Code
OperationID Pseudocode
list_jobs DynamoDB BatchGetItem
describe_job DynamoDB Query on jobid
create_job Create CloudWatch Event and PutItem into
DynamoDB.
delete_job Delete CloudWatch Event and DeleteItem
out of DynamoDB.
These Operation IDs are defined in Swagger and passed through to Lambda code as
part of the event object.

13. Initialize Directory

14. git clone git@github.com:mattjbarlow/microservice-template.git
File Description
service/service.py * Python module that will run in Lambda.
circle.yml Circle CI instructions.
deploy.yml Ansible playbook for provisioning microservice.
destroy.yml Ansible playbook for deleting microservice.
swagger.yml * Spec file that describes your API.
template.json AWS resources required by the microservice.
version.yml Ansible playbook that versions your Lambda code.
* The bulk of your edits will be in these two files.

15. Update Swagger Paths

16. Remember these?
Path Operation OperationID Description
/atq GET list_jobs List all jobs
/atq POST create_job Create an at job
/atq/{id} GET describe_job Describe an at job
/atq/{id} DELETE delete_job Delete an at job

17. We Insert Them Directly Into Swagger
RESOURCE PATH
HTTP OPERATION
Object Definition

18. Then we define our objects

19. Deploy

20. ansible-playbook -e “prefix=devopsdays” deploy.yml

21. Ansible Deployment Playbook
1. Zips up Python module and uploads it to S3
2. Creates the API Gateway
3. Provisions AWS resources
a. Lambda
b. DynamoDB
c. IAM Roles and Policies
d. Lambda Permission
4. Adds mapping templates to API Gateway

22. Import Swagger Into Postman

23. Open Postman

24. Click Import

25. Select Swagger File

26. Start Sending Requests

27. Tail Lambda Logs

28. Logging in Lambda
API Gateway turned our HTTP request data into an Event Object. To start
with, we log the entire Event Object.

29. pip install awslogs
awslogs allows us to mimic tail -f behavior on our Lambda function’s Log Group.

30. Event Object Close-Up

31. Post Body
Headers
Path Params
Query Params

32. API Gateway Variables
Helpful for filtering logs.

33. Tracing Our Request

34. GET Request Lifecycle
Method Response
Integration Response
Lambda
Method Request
Integration Request
Client
Cloudwatch Logs

35. HTTP GET Request Is Sent
GET /dev/v1/atq HTTP/1.1
Host: cg4e6xg82i.execute-api.us-east-1.amazonaws.com
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36
Postman-Token: 265fcfe1-e196-0114-89bf-442a34c0180d
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

36. Mapped To Event Object

37. Event Object Received by Lambda

38. Logged to CloudWatch

39. Editing Code

40. Dev Workflow
Edit Eval
Push
Request
Parse

41. create_job function

42. Push Code To Lambda

43. ansible-playbook -e “prefix=dod” version.yml

44. Test create_job
Important!

45. create_job response

46. Persisted in DynamoDB

47. POST Request Lifecycle
Method Response
Integration Response
Lambda
Method Request
Integration Request
Client
Cloudwatch Logs
EventsDynamo

48. Removing Lambda

49. GET Request With Lambda
Step What Happens
Send GET request API Gateway Receives HTTP Request Data from client.
Transform API Gateway Transforms Request Data into Event Object
Proxy API Gateway POSTs Event Object to Lambda
Read Lambda Reads data from DynamoDB
Return API Gateway Receives return values from Lambda
Transform API Gateway Transforms backend data into HTTP Response
Respond API Gateway Responds back to the client.

50. GET Request without Lambda
Step What Happens
Send GET request API Gateway Receives HTTP Request Data from client.
Transform API Gateway Transforms Request Data into Event Object
Proxy API Gateway POSTs DynamoDB Query to Dynamo
Read Lambda Reads data from DynamoDB
Return API Gateway Receives return values from Dynamo
Transform API Gateway Transforms backend data into HTTP Response
Respond API Gateway Responds back to the client.

51. Mapping GET Request To DynamoDB

52. Mapping DynamoDB Response to Client Response

53. Automating Tests

54. CI Workflow
CI
Step 1 Deploy Microservice
Step 2 Validate API Calls
Step 3 Destroy Microservice
git push POST: /project/:tree/:branch

55. Validating API Calls With Flex
schema = load('swagger.awsexport.json')
validate_api_call(schema, raw_request=r.request, raw_response=r)
1. Receives Swagger spec file which is our source of truth.
2. Makes an HTTP Request to the API Gateway URL.
3. Ensures the response matches what we said it would in Swagger.
Loads Swagger spec into memory

56. Auth
It has been 1 days since we talked about auth.

57. Built In Auth Options
GET /dev/v1/atq HTTP/1.1
Host: cg4e6xg82i.execute-api.us-east-1.amazonaws.com
Connection: keep-alive
x-api-key: bkayZOMvuy8aZOhIgxq94K9Oe7Y70Hw55
Option 2: Signature Version 4 signing with IAM
(Powerful, but requires client having AWS API Key)
Option 1: API Keys managed by API Gateway API
(Not really useful for user auth in public APIs)

58. Custom Authorizers
Receive Token from Identity
Send Token to /auth endpoint Pass Through
Responds With JWT
Make request with JWT Custom Authorizer Intercept
Caches temporary policy
Allows Request
Generates JWT
Validates JWT
Returns temporary IAM policy
Client Library API Gateway Lambda$:
Validates Identity Token

59. Links
https://github.com/mattjbarlow/microservice-template
https://github.com/mattjbarlow/at
http://editor.swagger.io/#/
http://flex-swagger.readthedocs.io/en/latest/