This is the IaC implementation of the AWS project by Adrian Cantrill that involves implementing a simple serverless application using S3, API Gateway, Lambda, Step Functions, SNS, and SES. The application loads from an S3 bucket, communicates with lambda and step functions, and enables the configuration of reminders for pet cuddles to be sent via email.
There are six basic stages involved:
Configure Simple Email Service (SES)
Add an email lambda function to use SES to send emails for the serverless application
Implement and configure the state machine, the core of the application
Implement the API Gateway, API, and supporting lambda function
Implement the static frontend application and test its functionality
Stage 1: Simple Email Service (SES)
The first step of the project was setting up two verified identities on SES. I created these with my email addresses and verified both.
resource "aws_ses_email_identity" "sender" {
email = "morolaanney@gmail.com"
}
resource "aws_ses_email_identity" "receiver" {
email = "rolakeanney@outlook.com"
}
Stage 2: Email Reminder Lambda Function
An IAM role and lambda function were created in this stage.
resource "aws_iam_role" "lambda_role" {
name = "lambda_role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
"Statement" : [
{
"Effect" : "Allow",
"Principal" : {
"Service" : "lambda.amazonaws.com"
},
"Action" : "sts:AssumeRole"
}
]
})
}
resource "aws_iam_role_policy" "lambda_policy" {
name = "lambda_policy"
role = aws_iam_role.lambda_role.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
Resource = "arn:aws:logs:*:*:*"
Effect = "Allow"
},
{
Action = [
"ses:*",
"sns:*",
"states:*"
]
Resource = "*"
Effect = "Allow"
}
]
})
}
data "archive_file" "api_lambda" {
type = "zip"
source_file = "lambda-python-code/api_lambda.py"
output_path = "api_lambda.zip"
}
resource "aws_lambda_function" "api_lambda" {
function_name = "api_lambda"
role = aws_iam_role.lambda_role.arn
filename = "api_lambda.zip"
runtime = "python3.9"
handler = "api_lambda.lambda_handler"
depends_on = [
aws_iam_role.lambda_role
]
}
Python code for the Email Reminder Lambda function
import boto3, os, json
FROM_EMAIL_ADDRESS = 'morolaanney@gmail.com'
ses = boto3.client('ses')
def lambda_handler(event, context):
# Print event data to logs ..
print("Received event: " + json.dumps(event))
# Publish message directly to email, provided by EmailOnly or EmailPar TASK
ses.send_email( Source=FROM_EMAIL_ADDRESS,
Destination={ 'ToAddresses': [ event['Input']['email'] ] },
Message={ 'Subject': {'Data': 'Whiskers Commands You to attend!'},
'Body': {'Text': {'Data': event['Input']['message']}}
}
)
return 'Success!'
Stage 3: State Machine
Another IAM role was created for the state machine to enable interaction with other AWS services. Following that was the creation of the state machine, which was configured using the email_reminder_lambda_arn and the previously created IAM role.
resource "aws_iam_role" "state_machine_role" {
name = "state_machine_role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
"Statement" : [
{
"Effect" : "Allow",
"Principal" : {
"Service" : "states.amazonaws.com"
},
"Action" : "sts:AssumeRole"
}
]
})
}
resource "aws_iam_role_policy" "invoke_lambda_and_send_SNS" {
name = "invoke_lambda_and_send_SNS"
role = aws_iam_role.state_machine_role.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
"Action" : [
"lambda:InvokeFunction",
"sns:*"
],
"Resource" : "*",
"Effect" : "Allow"
}
]
})
}
resource "aws_iam_role_policy" "cloudwatch" {
name = "cloudwatch"
role = aws_iam_role.state_machine_role.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
"Action" : [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogDelivery",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:DeleteLogDelivery",
"logs:ListLogDeliveries",
"logs:PutResourcePolicy",
"logs:DescribeResourcePolicies",
"logs:DescribeLogGroups"
],
"Resource" : "*",
"Effect" : "Allow"
}
]
})
}
resource "aws_sfn_state_machine" "sfn_state_machine" {
name = "PetCuddleOTron"
role_arn = aws_iam_role.state_machine_role.arn
definition = <<EOF
{
"Comment": "Pet Cuddle-o-Tron - using Lambda for email.",
"StartAt": "Timer",
"States": {
"Timer": {
"Type": "Wait",
"SecondsPath": "$.waitSeconds",
"Next": "Email"
},
"Email": {
"Type" : "Task",
"Resource": "arn:aws:states:::lambda:invoke",
"Parameters": {
"FunctionName": "${aws_lambda_function.email_reminder.arn}",
"Payload": {
"Input.$": "$"
}
},
"Next": "NextState"
},
"NextState": {
"Type": "Pass",
"End": true
}
}
}
EOF
}
Stage 4: API Gateway and Supporting Lambda Function
data "archive_file" "api_lambda" {
type = "zip"
source_file = "lambda-python-code/api_lambda.py"
output_path = "api_lambda.zip"
}
resource "aws_lambda_function" "api_lambda" {
function_name = "api_lambda"
role = aws_iam_role.lambda_role.arn
filename = "api_lambda.zip"
runtime = "python3.9"
handler = "api_lambda.lambda_handler"
depends_on = [
aws_iam_role.lambda_role
]
}
resource "aws_api_gateway_rest_api" "petcuddleotron" {
name = "petcuddleotron"
endpoint_configuration {
types = ["REGIONAL"]
}
}
resource "aws_api_gateway_deployment" "petcuddleotron" {
rest_api_id = aws_api_gateway_rest_api.petcuddleotron.id
# triggers = {
# redeployment = sha1(jsonencode(aws_api_gateway_rest_api.petcuddleotron.body))
# }
lifecycle {
create_before_destroy = true
}
}
resource "aws_api_gateway_stage" "prod" {
deployment_id = aws_api_gateway_deployment.petcuddleotron.id
rest_api_id = aws_api_gateway_rest_api.petcuddleotron.id
stage_name = "prod"
}
resource "aws_api_gateway_resource" "petcuddleotron" {
rest_api_id = aws_api_gateway_rest_api.petcuddleotron.id
parent_id = aws_api_gateway_rest_api.petcuddleotron.root_resource_id
path_part = "petcuddleotron"
}
resource "aws_api_gateway_method" "petcuddleotron_method" {
rest_api_id = aws_api_gateway_rest_api.petcuddleotron.id
resource_id = aws_api_gateway_resource.petcuddleotron.id
http_method = "POST"
authorization = "NONE"
}
resource "aws_api_gateway_method_response" "method_response" {
rest_api_id = aws_api_gateway_rest_api.petcuddleotron.id
resource_id = aws_api_gateway_resource.petcuddleotron.id
http_method = aws_api_gateway_method.petcuddleotron_method.http_method
status_code = "200"
response_parameters = {
"method.response.header.Access-Control-Allow-Headers" = true
"method.response.header.Access-Control-Allow-Methods" = true
"method.response.header.Access-Control-Allow-Origin" = true
}
}
resource "aws_api_gateway_integration" "integration" {
rest_api_id = aws_api_gateway_rest_api.petcuddleotron.id
resource_id = aws_api_gateway_resource.petcuddleotron.id
http_method = aws_api_gateway_method.petcuddleotron_method.http_method
integration_http_method = "POST"
type = "AWS_PROXY"
uri = aws_lambda_function.api_lambda.invoke_arn
}
resource "aws_api_gateway_integration_response" "integration_response" {
rest_api_id = aws_api_gateway_rest_api.petcuddleotron.id
resource_id = aws_api_gateway_resource.petcuddleotron.id
http_method = aws_api_gateway_method.petcuddleotron_method.http_method
status_code = "200"
response_parameters = {
"method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
"method.response.header.Access-Control-Allow-Methods" = "'POST'"
"method.response.header.Access-Control-Allow-Origin" = "'*'"
}
}
# OPTIONS HTTP method.
resource "aws_api_gateway_method" "options" {
rest_api_id = aws_api_gateway_rest_api.petcuddleotron.id
resource_id = aws_api_gateway_resource.petcuddleotron.id
http_method = "OPTIONS"
authorization = "NONE"
api_key_required = false
}
# OPTIONS method response.
resource "aws_api_gateway_method_response" "options" {
rest_api_id = aws_api_gateway_rest_api.petcuddleotron.id
resource_id = aws_api_gateway_resource.petcuddleotron.id
http_method = aws_api_gateway_method.options.http_method
status_code = "200"
response_models = {
"application/json" = "Empty"
}
response_parameters = {
"method.response.header.Access-Control-Allow-Headers" = true
"method.response.header.Access-Control-Allow-Methods" = true
"method.response.header.Access-Control-Allow-Origin" = true
}
}
# OPTIONS integration.
resource "aws_api_gateway_integration" "options" {
rest_api_id = aws_api_gateway_rest_api.petcuddleotron.id
resource_id = aws_api_gateway_resource.petcuddleotron.id
http_method = "OPTIONS"
type = "MOCK"
passthrough_behavior = "WHEN_NO_MATCH"
request_templates = {
"application/json" : "{\"statusCode\": 200}"
}
}
# OPTIONS integration response.
resource "aws_api_gateway_integration_response" "options" {
rest_api_id = aws_api_gateway_rest_api.petcuddleotron.id
resource_id = aws_api_gateway_resource.petcuddleotron.id
http_method = aws_api_gateway_integration.options.http_method
status_code = "200"
response_parameters = {
"method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
"method.response.header.Access-Control-Allow-Methods" = "'POST,OPTIONS'"
"method.response.header.Access-Control-Allow-Origin" = "'*'"
}
}
Stage 5: Frontend Application
At this stage of the project, an S3 bucket was created with static website hosting to host the application frontend.
resource "aws_s3_bucket" "pet-cuddle-tron-airat" {
bucket = "pet-cuddle-tron-airat"
}
resource "aws_s3_bucket_public_access_block" "enable_public_access" {
bucket = aws_s3_bucket.pet-cuddle-tron-airat.id
block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}
resource "aws_s3_bucket_policy" "bucket_policy" {
bucket = aws_s3_bucket.pet-cuddle-tron-airat.id
policy = data.aws_iam_policy_document.bucket_policy.json
}
data "aws_iam_policy_document" "bucket_policy" {
statement {
sid = "PublicRead"
effect = "Allow"
principals {
type = "*"
identifiers = ["*"]
}
actions = [
"s3:GetObject",
]
resources = [
"${aws_s3_bucket.pet-cuddle-tron-airat.arn}/*",
]
}
}
resource "aws_s3_bucket_website_configuration" "example" {
bucket = aws_s3_bucket.pet-cuddle-tron-airat.id
index_document {
suffix = "index.html"
}
error_document {
key = "index.html"
}
}
resource "aws_s3_object" "object1" {
bucket = aws_s3_bucket.pet-cuddle-tron-airat.id
key = "index.html"
source = "files/index.html"
content_type = "text/html"
}
resource "aws_s3_object" "object2" {
bucket = aws_s3_bucket.pet-cuddle-tron-airat.id
key = "main.css"
source = "files/main.css"
}
resource "aws_s3_object" "object3" {
bucket = aws_s3_bucket.pet-cuddle-tron-airat.id
key = "serverless.js"
source = "files/serverless.js"
}
resource "aws_s3_object" "object4" {
bucket = aws_s3_bucket.pet-cuddle-tron-airat.id
key = "cat.jpeg"
source = "files/whiskers.png"
}
The final web page is shown below alongside the email: