API-Gateway + Lambda

Description

Amazon API Gateway is an AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale. It creates APIs that access AWS or other web services, as well as data stored in the AWS Cloud.

Lab Schema

Config - Lambda

1.Create Lambda

Using AWS Console, create a new Lambda function. Select ceasar-lambda as name and python3.7 as runtime environment.

2.Copy Lambda code

The following code represents simple Ceasar-Clipher implementation. Function accepts three parameters:

  • source: text to be (en/de)coded
  • shift: how many positions will be shifted to get encrypted code
  • code: switch between encoding (TRUE) and decoding (FALSE)
import json

def build_base(shift):
    base = []
    base_dict = {}
    if shift >10 or shift <-10:
        shift = 3
    for x in range (26):
        base += (chr(x+65))
    for x in range (shift):
        base += (chr(x+65))
    for x in range (26):
        base_dict[base[x]] = base[x+shift]
    base_dict[' '] = ' '
    return  (base_dict)

def code(source,build_base):
    result = ""
    source = source.upper()
    for x in source:
        result += build_base[x]
    return result

def lambda_handler(event, context):

    if event['source'] =='':
        return ('Anything to code, Today ?')

    if event['code'].upper() == "TRUE":
        return (code (event['source'],build_base(int(event['shift']))))
    else:
        return (code (event['source'],build_base((-1)*int(event['shift']))))

3.Deploy  Lambda Code

Copy the code listed above and paste it into lambda code source window. Finish with Deploy button.

Tests - Lambda

4.Test encoding #1

Create a new test event. Use encode as name and code listed below as event document

{
  "source": "VISIT RADKOWSKI PRO for more great stuff",
  "shift": "3",
  "code": "TRUE"
}

5.Test encoding #2

Confirm successful lambda execution. Record lambda output (it should represent encoded string: "VISIT RADKOWSKI PRO for more great stuff"

6.Test decoding #1

Use previously recorded encoded string as an input for decoding event

{
  "source": ""YLVLW UDGNRZVNL SUR IRU PRUH JUHDW VWXII"",
  "shift": "3",
  "code": "FALSE"
}

7.Test decoding #2

Confirm that string has been successfully decoded to the original version.

Config - API Gateway

8.Create REST API

Go to AWS Console -> API Gateway and create a new REST API

9.Configure API parameters

Set following parameters:

  • type: REST
  • API Name: RadLabAPI
  • Endpoint type: Regional

10.Create Resources

Using ACTION button, create two Resources:

  • encode
  • decode

11.Create Methods

For each previously created Resource, create one method: GET

12.Configure integration type

For each previously created method, set Lambda as an integration type. Enter created in step #1 lambda's name.

13.Configure permission

AWS Console automatically grants API GHAteway permission to invoke lambda function.

14.Confirm API configuration

Confirm that both resources and methods have been successfully created.

15.Confirm lambda triggers

Come back to the lambda dashboard, select ceasar-lambda function, and confirm that two triggers (API Gateway type) have been created.

16.Update method requests

For both encode and decode methods, edit method request by setting:

  • API Key Required: TRUE
  • URL Query String Parameters:
    • shift
    • source

17.Prepare mapping template for method encode

Copy following mapping template

{
  "source": "input.params('source')",
  "shift": "input.params('shift')",
  "code": "TRUE",
}

18.Update mapping template for method encode

Update mapping template by:

  • setting Request body passthrough option
  • adding content type as application/json
  • setting template based on code from step #17

19.Prepare mapping template for method decode

Copy following mapping template

{
  "source": "input.params('source')",
  "shift": "input.params('shift')",
  "code": "FALSE",
}

20.Update mapping template for method decode

Update mapping template by:

  • setting Request body passthrough option
  • adding content type as application/json
  • setting template based on code from step #19

Config - API Key

21.Create API Key

Using AWS Console -> API Gateway create a new API Key

22.Enter API Key parameters

Enter:

  • Name: RadLabAPIKey
  • Key creation method: Autogenerate

Config - API Deployment

23.Deploy API

Using API Gateway Console, select Deploy API action

24.Configure deployment stage

Enter Stage parameters

25.Record API URL

Modify/confirm stage settings and record API Invoke URL

26.Create Usage Plan

Using AWS Console->API Gateway, create a new Usage Plan.

27.Associate API/stage

Associate stage created in step #25 with Usage Plan

28.Add API Key

Add API Key created in step #22 to Usage Plan

29.Record API Key

Using AWS Console, record API Key value

Test Area

30.Test case #1

Calling API to encode "RADKOWSKIPRO" without any API Key.

curl \
-X GET "https://lcqg9juw8c.execute-api.us-west-1.amazonaws.com/v1/encode?source=RADKOWSKIPRO"

31.Test case #1 - Result

FORBIDDEN as API Key is missing

32.Test case #2

Calling API to encode "RADKOWSKIPRO" with invalid API Key (the last letter doesn't match).

curl \
-H "X-API-KEY:fDoPEqJETe2IDQ4lMiMyZ1g7mINFhhlU6gJsbcaZ" \
-X GET "https://lcqg9juw8c.execute-api.us-west-1.amazonaws.com/v1/encode?source=RADKOWSKIPRO"

33.Test case #2 - Result

FORBIDDEN as API Key is invalid.

34.Test case #3

Calling API to encode "RADKOWSKIPRO" with a valid API Key.

curl \
-H "X-API-KEY:fDoPEqJETe2IDQ4lMiMyZ1g7mINFhhlU6gJsbcaY" \
-X GET "https://lcqg9juw8c.execute-api.us-west-1.amazonaws.com/v1/encode?source=RADKOWSKIPRO"

35.Test case #3 - Result

SUCCESS as API Key is valid.

Output: UDGNRZVNLSUR

36.Test case #4

Calling API to decode "UDGNRZVNLSUR" with a valid API Key.

curl \
-H "X-API-KEY:fDoPEqJETe2IDQ4lMiMyZ1g7mINFhhlU6gJsbcaY" \
-X GET "https://lcqg9juw8c.execute-api.us-west-1.amazonaws.com/v1/decode?source=UDGNRZVNLSUR"

37.Test case #4 - Result

SUCCESS as API Key is valid.

  • Output: RADKOWSKIPRO

38.Test case #5

Calling API to encode and decode "RADKOWSKIPRO" with a valid API Key and custom shift value.

curl \ 
-H "X-API-KEY:fDoPEqJETe2IDQ4lMiMyZ1g7mINFhhlU6gJsbcaY" \ 
-X GET "https://lcqg9juw8c.execute-api.us-west-1.amazonaws.com/v1/encode?source=RADKOWSKIPRO&shift=6"

curl \
-H "X-API-KEY:fDoPEqJETe2IDQ4lMiMyZ1g7mINFhhlU6gJsbcaY" \
-X GET "https://lcqg9juw8c.execute-api.us-west-1.amazonaws.com/v1/decode?source=UDGNRZVNLSUR&shift=6"

39.Test case #5 - Result

SUCCESS as API Key is valid.

  • Output#1: XGJQUCYQOVXU
  • Output#2: RADKOWSKIPRO