/app-edis

This repository servers as a home to a collection of serverless microservices hosted on AWS. The workloads follow a common pattern using modern, secure best practices.

Primary LanguageHCL

Enterprise Data & Integration Services Web Services

CI

The project contains the following modules:

  • aws-cf-scripts - Set of cloud formation configuration templates to deploy and configure AWS resources
  • install-scripts - Set of shell scripts to deploy and configure AWS resources with Cloud Formation stacks
  • load-nedorg-data - nodejs application to load DynamoDB database with sample data from csv file
  • lambda-auth - nodejs based Lambda authorizer function to authenticate and authorize the client that invokes API endpoints
  • lambda-userapi - lightweight (lambda-api framework) nodejs based Lambda function to execute REST API endpoints
  • client-ang-nedorgs - Angular application to deploy to EC2 Apache Web Server and to test Web Service

Prerequisites

To build, debug, run, and deploy projects you need to install the following:

The AWS credentials can be installed by using aws cli command (access ID and Key values are fake):

aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: json

See https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html for further configuration details. For example, you can specified a profile name if you have credentials for multiple AWS accounts.

NOTE

Keep in mind that all shell scripts are for macOS and Linux OS. The alternative batch files can be created for Windows

Step By Step instructions to configure, build, and deploy the service in NCI CBIIT AWS instance

  1. Build lambda-auth Lambda function
cd lambda-auth
npm run zip
cp lambda-auth.zip ../lambda-zip/.
cd ..
  1. Build lambda-userapi Lambda function
cd lambda-userapi
npm run zip
cp lambda-userapi.zip ../lambda-zip/.
cd ..
  1. Build lambda-eracommons Lambda function
cd lambda-eracommons
#create oracledb layer distribution
npm install
npm run layer

#create lambda zip distribution
npm run zip
cp lambda-eracommons.zip ../lambda-zip/.
cd ..
  1. For Cloud Team - Create S3 bucket for CloudFormation templates if it does not exist
aws s3api create-bucket --profile <profile> --bucket "<S3 Bucket Name>" --region us-east-1
# or without profile
aws s3api create-bucket --bucket "<S3 Bucket Name>" --region us-east-1
  1. Create DynamoDB table to store user information
cd install-scripts
./exec-aws-no-profile.sh -a <S3 Bucket Name> -t <tier>
cd ..
  1. Load DynamoDB table with initial data from json file. See the example of the file in docs folder - NIH External Accounts - No Roles - Address.json. The easiest way to create this file is to extract csv file from the database and convert it to json using online converter.
cd install-scripts
./load-data.sh -t <tier> -f <filename> [-p <aws profile>]
cd ..
  1. For Cloud Team - Create roles for lambda-eracommons Lambda function and for API Gateway
cd install-scripts
./create-roles-no-profile.sh -a <S3 Bucket Name> -t <tier>
cd ..
  1. Deploy API gateway and Lambda functions for authorization and user api
cd install-scripts
./sam-deploy-no-profile.sh -a <S3 Bucket Name> -t <tier>
cd ..
  1. Deploy lambda-eracommons Lambda function. First edit the install-scripts/sam-deploy-lambda-eracommons-no-profile.sh file and set the VPC subnet1, subnet2, and security group sgid (lines 23-25) with values from the AWS account
cd install-scripts
./sam-deploy-lambda-eracommons-no-profile.sh -a <S3 Bucket Name> -t <tier>
cd ..
  1. Set the scheduler event to run lambda-eracommons Lambda function once a day to refresh the DynamoDB table from eRA Commons database

eRA Commons resources

Resource Name Old Name
DynamoDB table extusers-<tier> extusers-<tier>
DynamoDB IAM Policy power-user-edis-ddb-extusers-read-<tier> none
DynamoDB IAM Role power-user-edis-api-gateway-extusers-ddb-<tier> none
Lambda IAM Role power-user-edis-lambda-era-commons-api-<tier> lambda-eracommons-<tier>-role
Lambda edis-era-commons-api-<tier> lambda-edis-user-api-<tier>
API Gateway edis-era-commons-<tier> eRA Commons User API
CloudWatch for API Gateway edis-era-commons-apigateway-accesslogs-<tier> business_apps-<tier>-edisapi-accesslogs
Lambda IAM Role power-user-edis-lambda-era-commons-auth-<tier> lambda-eracommons-<tier>-role
Lambda edis-era-commons-auth-<tier> lambda-auth-<tier>
Lambda IAM Role power-user-edis-lambda-era-commons-refresh-<tier> lambda-eracommons-<tier>-role
Lambda edis-era-commons-refresh-<tier> lambda-era-commons-<tier>
CloudWatch Event Rule edis-era-commons-refresh-<tier> era-commons-refresh-<tier>