https://docs.aws.amazon.com/ja_jp/lambda/latest/dg/services-apigateway-tutorial.html
https://qiita.com/mksamba/items/448c538236ab2989eba9
https://qiita.com/Ricordanza/items/d68d708e274e28b6bfa2
-- 1. コマンド等のインストール
-- 1.1 aws cli version 2 インストール
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
-- 1.2 jqインストール
sudo yum -y install jq
-- 1.3 クライアントEC2(Amazon Linux2)にPython3.8をインストール
amazon-linux-extras list | grep python
sudo amazon-linux-extras install -y python3.8
python3.8 -V
-- 2. IAMポリシー作成
※xrayへの権限も追加
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1428341300017",
"Action": [
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateItem"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "",
"Resource": "*",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow"
},
{
"Sid": "X",
"Resource": "*",
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords"
],
"Effect": "Allow"
}
]
}
aws iam create-policy \
--policy-name policy01 \
--policy-document file://policy01.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
aws iam create-role \
--role-name role01 \
--assume-role-policy-document file://role01.json
-- 4. ポリシーをロールにアタッチ
aws iam attach-role-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy01 \
--role-name role01
-- 5. Lambda Layer 作成
mkdir python
pip3.8 install requests -t python/
pip3.8 install aws-xray-sdk -t python/
from aws_xray_sdk.core import xray_recorder
from aws_xray_sdk.core import patch_all
patch_all()
aws lambda publish-layer-version \
--layer-name ll01 \
--description ll01 \
--compatible-architectures "x86_64" \
--compatible-runtimes python3.8 \
--zip-file fileb://python.zip
aws lambda list-layers
-- 6. Lambda関数作成
※AWS X-Ray トレースの有効化も実施
vim test.py
from __future__ import print_function
import boto3
import json
import layer
print('Loading function')
def handler(event, context):
'''Provide an event that contains the following keys:
- operation: one of the operations in the operations dict below
- tableName: required for operations that interact with DynamoDB
- payload: a parameter to pass to the operation being performed
'''
#print("Received event: " + json.dumps(event, indent=2))
operation = event['operation']
if 'tableName' in event:
dynamo = boto3.resource('dynamodb').Table(event['tableName'])
operations = {
'create': lambda x: dynamo.put_item(**x),
'read': lambda x: dynamo.get_item(**x),
'update': lambda x: dynamo.update_item(**x),
'delete': lambda x: dynamo.delete_item(**x),
'list': lambda x: dynamo.scan(**x),
'echo': lambda x: x,
'ping': lambda x: 'pong'
}
if operation in operations:
return operations[operation](event.get('payload'))
else:
raise ValueError('Unrecognized operation "{}"'.format(operation))
chmod 755 test.py
zip test.zip test.py
aws lambda create-function \
--function-name func01 \
--zip-file fileb://test.zip \
--handler test.handler \
--runtime python3.8 \
--role arn:aws:iam::999999999999:role/role01 \
--layers arn:aws:lambda:ap-northeast-1:999999999999:layer:ll01:6 \
--tracing-config '{"Mode": "Active"}'
aws lambda list-functions | grep func01
aws lambda get-function --function-name func01
-- 7. 関数をテストする
vim input.txt
{
"operation": "echo",
"payload": {
"somekey1": "somevalue1",
"somekey2": "somevalue2"
}
}
aws lambda invoke \
--function-name func01 \
--payload file://input.txt \
output.txt \
--cli-binary-format raw-in-base64-out
cat output.txt
-- 8. API Gateway を使用して REST API を作成する
-- 8.1 API を作成する
aws apigateway create-rest-api \
--name api01 \
--description "api01" \
--endpoint-configuration '{"types": ["REGIONAL"]}'
aws apigateway get-rest-apis
aws apigateway get-rest-api \
--rest-api-id 1111111111
-- 8.2 API でリソースを作成する
aws apigateway get-resources \
--rest-api-id 1111111111
aws apigateway create-resource \
--rest-api-id 1111111111 \
--parent-id 2222222222 \
--path-part "dynamodbmanager"
-- 8.3 リソースに POST メソッドを作成する
aws apigateway put-method \
--rest-api-id 1111111111 \
--resource-id 333333 \
--http-method POST \
--authorization-type NONE \
--no-api-key-required \
--request-parameters {}
aws apigateway put-integration \
--rest-api-id 1111111111 \
--resource-id 333333 \
--http-method POST \
--type AWS \
--integration-http-method POST \
--content-handling CONVERT_TO_TEXT \
--uri "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:999999999999:function:func01/invocations"
aws apigateway put-integration-response \
--rest-api-id 1111111111 \
--resource-id 333333 \
--http-method POST \
--status-code 200 \
--response-templates '{"application/json": ""}'
aws apigateway put-method-response \
--rest-api-id 1111111111 \
--resource-id 333333 \
--http-method POST \
--status-code 200 \
--response-models '{"application/json": "Empty"}'
aws apigateway get-method \
--rest-api-id 1111111111 \
--resource-id 333333 \
--http-method POST
-- 8.4 API をデプロイする
※AWS X-Ray トレースの有効化も実施
aws apigateway get-deployments \
--rest-api-id 1111111111
aws apigateway get-stages \
--rest-api-id 1111111111
aws apigateway create-deployment \
--rest-api-id 1111111111
aws apigateway create-stage \
--rest-api-id 1111111111 \
--stage-name stage01 \
--deployment-id 444444 \
--tracing-enabled
-- 8.5 Lambda関数に権限を追加する
aws lambda add-permission \
--function-name func01 \
--statement-id apigw \
--action lambda:InvokeFunction \
--principal apigateway.amazonaws.com \
--source-arn arn:aws:execute-api:ap-northeast-1:999999999999:1111111111/*/POST/dynamodbmanager
aws lambda get-policy \
--function-name func01 | jq -r .Policy | jq .
-- 9. DynamoDB テーブルの作成
aws dynamodb create-table \
--table-name tab1 \
--attribute-definitions \
AttributeName=col1,AttributeType=S \
--key-schema \
AttributeName=col1,KeyType=HASH \
--billing-mode=PAY_PER_REQUEST
aws dynamodb list-tables
aws dynamodb describe-table --table-name tab1
-- 10. セットアップをテストする
aws apigateway test-invoke-method \
--rest-api-id 1111111111 \
--resource-id 333333 \
--http-method POST \
--path-with-query-string '' \
--body '{
"operation": "create",
"tableName": "tab1",
"payload": {
"Item": {
"col1": "1234ABCD",
"number": 5
}
}
}'
aws dynamodb scan --table-name tab1
aws apigateway test-invoke-method \
--rest-api-id 1111111111 \
--resource-id 333333 \
--http-method POST \
--path-with-query-string '' \
--body '{
"operation": "update",
"tableName": "tab1",
"payload": {
"Key": {
"col1": "1234ABCD"
},
"AttributeUpdates": {
"number": {
"Value": 10
}
}
}
}'
aws dynamodb scan --table-name tab1
-- 11. APIをテストする
curl -v -X POST \
-H 'content-type: application/json' \
-d '{
"operation": "create",
"tableName": "tab1",
"payload": {
"Item": {
"col1": "2222ABCD",
"number": 50
}
}
}' \
https://1111111111.execute-api.ap-northeast-1.amazonaws.com/stage01/dynamodbmanager
aws dynamodb scan --table-name tab1
curl -v -X POST \
-H 'content-type: application/json' \
-d '{
"operation": "update",
"tableName": "tab1",
"payload": {
"Key": {
"col1": "2222ABCD"
},
"AttributeUpdates": {
"number": {
"Value": 100
}
}
}
}' \
https://1111111111.execute-api.ap-northeast-1.amazonaws.com/stage01/dynamodbmanager
aws dynamodb scan --table-name tab1
-- 12. X-Ray 動作確認
EPOCH=$(date +%s)
aws xray get-service-graph \
--start-time $*1 \
--end-time $EPOCH
EPOCH=$(date +%s)
aws xray get-trace-summaries \
--start-time $*2 \
--end-time $EPOCH \
--query 'TraceSummaries[*].Http.HttpURL'
EPOCH=$(date +%s)
TRACEIDS=$(aws xray get-trace-summaries \
--start-time $*3 \
--end-time $EPOCH \
--query 'TraceSummaries[*].Id' --output text)
aws xray batch-get-traces \
--trace-ids $TRACEIDS \
--query 'Traces[*]'
-- 13. クリーンアップ
-- DynamoDB テーブル削除
aws dynamodb list-tables
aws dynamodb delete-table --table-name tab1
-- API削除
aws apigateway get-rest-apis
aws apigateway delete-rest-api \
--rest-api-id 1111111111
-- Lambda関数の削除
aws lambda get-function --function-name func01
aws lambda delete-function --function-name func01
-- Lambda Layerの削除
aws lambda list-layers
aws lambda delete-layer-version \
--layer-name ll01 \
--version-number 6
-- IAMロールの削除
aws iam list-roles | grep role01
aws iam detach-role-policy \
--role-name role01 \
--policy-arn arn:aws:iam::999999999999:policy/policy01
aws iam delete-role --role-name role01
-- IAMポリシーの削除
aws iam list-policies | grep policy01
aws iam delete-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy01