An example project using Zappa, Invoke, and Troposphere
===========
Components in this repo:
- Zappa project that deploys an API Gateway and Lambda for accepting webhook calls and enqueuing on SQS
- S3 event listener
The repo consists of:
- Multibranch declarative pipline Jenkinsfile for CI build
- Invoke library build definitions for deploying CloudFormation templates and Zappa project
- Generator for Zappa execution IAM Policy
- Generator for Zappa config file
- Troposphere code to create AWS Resources not defined in Zappa configuration
- API Gateway Custom Authorizer using Credstash
In this project,
moonunit
is used as the example application and package namercollimore
is used as the example username
Most of the configuration for deploying to AWS is generated from templates to allow multiple developers to deploy to the same AWS account without stepping on each other's resources, so elements are usually suffixed with a unique name, e.g., 'dev-rcollimore'.
Credstash is used for storing the (single) secret token validated by the custom authorizer.
- Python or pyenv 3.6 to bootstrap pipenv
pip3 install pipenv
From within this repo, run:
pipenv install --dev
pipenv run pycodestyle .
pipenv run pytest tests
All of these commands need to be run in the context of pipenv shell
or executed with pipenv run
prefixed.
QUEUE_NAME=Moonunit-InboundResponses-dev-$USER gunicorn moonunit.webhook_handler:app
invoke create --env dev
invoke certify --env dev
invoke update --env dev
Invoke via API Gateway endpoint:
Without a Custom Domain Name configured and with the custom authorizer turned off:
curl -v -X POST 'https://qm8sarlacc.execute-api.us-east-1.amazonaws.com/dev_pvarner/responses?param1=foo' ; echo '\n'
note that the url is of the form https://{host}/{api gateway stage}/{wsgi app resource}
With a Custom Domain Name configured:
curl -v -X POST 'https://webhook.example.org/responses?answer=foo' -H 'Authorization: Bearer 1234' && echo
Creating a new Custom Domain Name:
- API Gateway -> Custom Domain Names -> (Create Custom Domain Name)
- Domain Name: e.g., moonunit-dev-rcollimore.example.org
- Edge Optimized (as the certificate lives in us-east-1, it has to be)
- ACM Certificate: *.example.org, the only one
- Base Path Mappings
- Path: (blank)
- Destination:
- unnamed field: dev
- Save Then wait for ~40 minutes (not joke) -- it takes that long for all the things to propagate.
Create a Route53 A record to your custom domain
- Edit Hosted Zone '.example.org'
- Name: moonunit-dev-rcollimore
- Type: A
- Alias: Yes
- Alias Target: CloudFront host, e.g., dwdl1utqpi3k6.cloudfront.net. from your Custom Domain Name
- Routing Policy: Simple
Debug:
invoke tail --env dev
TODO: Write something about this.