AWS Blueprint of a platform API using Twirp and SAM
MIT License
aws-blueprint example for a Twirp based API using AWS Serverless Application Module (SAM).
Features:
application/protobuf
binary supportsam local start-api
. Talks to DynamoDB local via docker-compose.sam local
).test--api.exaple.com
. HTTPS support via ACM. admin:repo_hook, repo
cp dotenv.example .env
.env::GOOGLE_APPLICATION_CREDENTIALS_JSON
. On macOS: cat firebase-adminsdk.json | jq -c . | pbcopy
. .env
is only used when starting the server directly (not inside sam local
). Feat req to address this.make setup/local
will install go tooling and load local DynamoDB with sample data (dropping table if exists).make run/local-dev-api
will go run
server locally.curl -H 'Content-Type:application/json' -d '{"firebaseToken":"invalid"}' http:/localhost:8080/com.abpsamtwirp.platform.AuthSvc/Token
You should get an Invalid FBase token
error. To get a valid FBase token, implement one of the SDKs into your app.
This repo utlizes sam local start-api
cli to simulate APIG->Lambda->Twirp.
Enviornment variables are pulled from sam-template.yml::Environment.Variables
(not .env
). To simulate how these will be set in cloudformation, the --parameter-overrides
sam
option is used. See run/sam-local-api
in Makefile for an example.
cp aws/sam-local/api-env.json aws/sam-local/sample-api-env.json
GOOGLE_APPLICATION_CREDENTIALS_JSON
attribute as one line (cat firebase-adminsdk.json | jq -c '. | tojson' | pbcopy
on macOS). This file is used to set env when running sam local
.make run/sam-start-api
Startup is slow right? This simulates Lambda cold starts. See here.
Running make api-clients
will generate clients for golang (rpc-clients/go), Typescript using Protobuf (rpc-clients/ts-protobuf), Typescript using JSON (rpc-clients/ts-json)
An example using Typescript clients can be seen at build-ts-clients/ts-test/main.ts.
An example using golang client can be seen at internal/authserver/server_test.go.
The CloudFormation parameters SSMFirebaseAdminSdkCreds
and SSMJwtSecret
in sam-template.yml dictates where in SSM to pull a value, which is then set as an env var in the lambda. In CodePipeline you set these parameter value on a stage-by-stage basis via aws/cloudformation/parameters. If you update the value in SSM, just execute a stack update to get the new env var into lambda.
SSM*
parameter defined in aws/cloudformation/parameters/*.json
. For the SSM Param name
use the VALUE of the SSM*
attribute.abp-sam-twirp--master--api--cicd
(naming convention is [gitrepo]--[branch]--[eyecatcher]--cicd
)git push
and watch the pipeline. Will need to approve to promote to next stage. URL to your API is in the outputs
of the ExecuteChangeSet
CloudFormation.aws dynamodb scan --table-name local-SingleTable --endpoint-url http://localhost:8000