aws(学习笔记第三十六课) apigw-http-api-lambda-dynamodb
- 使用
api gateway中使用lambda+dynamodb
学习内容:
- 使用
api gateway - 使用
lambda - 使用
dynamodb
1. 整体架构
1.1 代码链接
- 代码链接(apigw-http-api-lambda-dynamodb-python-cdk)
- aws(学习笔记第十四课) 面向NoSQL DB的DynamoDB
可以复习下以前的dynamodb的知识。
1.2 整体架构
API gateway访问lambda函数lambda通过终端节点访问dynamodb
2. 代码解析
2.1 创建vpc
# VPC
vpc = ec2.Vpc(
self,
"Ingress",
cidr="10.1.0.0/16",
subnet_configuration=[
ec2.SubnetConfiguration(
name="Private-Subnet", subnet_type=ec2.SubnetType.PRIVATE_ISOLATED,
cidr_mask=24
)
],
)
这里,只创建private subnet。
2.2 创建vpc的终端节点
通常,private subnet里面的lambda是没有办法访问dynamodb的,如果想访问。有两种方式:
- 一种是通过给
public subnet里面设定NAT gateway。 - 另一种通过
vpc endpoint,即vpc的终端节点。终端节点需要执行面向的service,这里是dynamodb。
# Create VPC endpoint
dynamo_db_endpoint = ec2.GatewayVpcEndpoint(
self,
"DynamoDBVpce",
service=ec2.GatewayVpcEndpointAwsService.DYNAMODB,
vpc=vpc,
)
2.3 对vpc的终端节点设定policy
# This allows to customize the endpoint policy
dynamo_db_endpoint.add_to_policy(
iam.PolicyStatement( # Restrict to listing and describing tables
principals=[iam.AnyPrincipal()],
actions=[ "dynamodb:DescribeStream",
"dynamodb:DescribeTable",
"dynamodb:Get*",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:CreateTable",
"dynamodb:Delete*",
"dynamodb:Update*",
"dynamodb:PutItem"],
resources=["*"],
)
)
这里设定通过该endpoint,任何resource都能够进行dynamodb相关的操作。
2.4 创建dynamodb的``table
# Create DynamoDb Table
demo_table = dynamodb_.Table(
self,
TABLE_NAME,
partition_key=dynamodb_.Attribute(
name="id", type=dynamodb_.AttributeType.STRING
),
)
2.5 创建lambda函数
# Create the Lambda function to receive the request
api_hanlder = lambda_.Function(
self,
"ApiHandler",
function_name="apigw_handler",
runtime=lambda_.Runtime.PYTHON_3_9,
code=lambda_.Code.from_asset("lambda/apigw-handler"),
handler="index.handler",
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
),
memory_size=1024,
timeout=Duration.minutes(5),
)
2.6 lambda函数的代码(/lambda/apigw-handler/)
def handler(event, context):
table = os.environ.get("TABLE_NAME")
logging.info(f"## Loaded table name from environemt variable DDB_TABLE: {table}")
if event["body"]:
item = json.loads(event["body"])
logging.info(f"## Received payload: {item}")
year = str(item["year"])
title = str(item["title"])
id = str(item["id"])
dynamodb_client.put_item(
TableName=table,
Item={"year": {"N": year}, "title": {"S": title}, "id": {"S": id}},
)
message = "Successfully inserted data!"
return {
"statusCode": 200,
"headers": {"Content-Type": "application/json"},
"body": json.dumps({"message": message}),
}
else:
logging.info("## Received request without a payload")
dynamodb_client.put_item(
TableName=table,
Item={
"year": {"N": "2012"},
"title": {"S": "The Amazing Spider-Man 2"},
"id": {"S": str(uuid.uuid4())},
},
)
message = "Successfully inserted data!"
return {
"statusCode": 200,
"headers": {"Content-Type": "application/json"},
"body": json.dumps({"message": message}),
}
2.7 为dynamodb的table设定lambda函数的权限,以及通过env设定表名
# grant permission to lambda to write to demo table
demo_table.grant_write_data(api_hanlder)
api_hanlder.add_environment("TABLE_NAME", demo_table.table_name)
2.8 创建api gateway,并设定handler为lambda函数
# Create API Gateway
apigw_.LambdaRestApi(
self,
"Endpoint",
handler=api_hanlder,
)
3 执行整个架构
3.1 开始部署
cdk --require-approval never deploy
3.2 访问API gateway
