The project contains the following modules:
- aws-cf-scripts - Set of cloud formation configuration templates to deploy and configure AWS resources
- install-scripts - Set of shell scripts to deploy and configure AWS resources with Cloud Formation stacks
- load-nedorg-data - nodejs application to load DynamoDB database with sample data from csv file
- lambda-auth - nodejs based Lambda authorizer function to authenticate and authorize the client that invokes API endpoints
- lambda-userapi - lightweight (lambda-api framework) nodejs based Lambda function to execute REST API endpoints
- client-ang-nedorgs - Angular application to deploy to EC2 Apache Web Server and to test Web Service
To build, debug, run, and deploy projects you need to install the following:
-
npm - Node JavaScript package manager (https://docs.npmjs.com/cli/v6/configuring-npm/install)
-
aws cli - AWS Command Line Interface (https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
-
sam cli - SAM (Serverless Application Model) Command Line Interface (https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html)
-
AWS Credentials - AWS Access Key and AWS Secret Access Key for previsioned account
OR
-
AWS OIDC Provider - AWS OpenID Connect identity provider
The AWS credentials can be installed by using aws cli command (access ID and Key values are fake):
aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: json
See https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html for further configuration details. For example, you can specified a profile name if you have credentials for multiple AWS accounts.
Keep in mind that all shell scripts are for macOS and Linux OS. The alternative batch files can be created for Windows
- Build lambda-auth Lambda function
cd lambda-auth
npm run zip
cp lambda-auth.zip ../lambda-zip/.
cd ..- Build lambda-userapi Lambda function
cd lambda-userapi
npm run zip
cp lambda-userapi.zip ../lambda-zip/.
cd ..- Build lambda-eracommons Lambda function
cd lambda-eracommons
#create oracledb layer distribution
npm install
npm run layer
#create lambda zip distribution
npm run zip
cp lambda-eracommons.zip ../lambda-zip/.
cd ..- For Cloud Team - Create S3 bucket for CloudFormation templates if it does not exist
aws s3api create-bucket --profile <profile> --bucket "<S3 Bucket Name>" --region us-east-1
# or without profile
aws s3api create-bucket --bucket "<S3 Bucket Name>" --region us-east-1- Create DynamoDB table to store user information
cd install-scripts
./exec-aws-no-profile.sh -a <S3 Bucket Name> -t <tier>
cd ..- Load DynamoDB table with initial data from json file. See the example of the file in docs folder - NIH External Accounts - No Roles - Address.json. The easiest way to create this file is to extract csv file from the database and convert it to json using online converter.
cd install-scripts
./load-data.sh -t <tier> -f <filename> [-p <aws profile>]
cd ..- For Cloud Team - Create roles for lambda-eracommons Lambda function and for API Gateway
cd install-scripts
./create-roles-no-profile.sh -a <S3 Bucket Name> -t <tier>
cd ..- Deploy API gateway and Lambda functions for authorization and user api
cd install-scripts
./sam-deploy-no-profile.sh -a <S3 Bucket Name> -t <tier>
cd ..- Deploy lambda-eracommons Lambda function. First edit the install-scripts/sam-deploy-lambda-eracommons-no-profile.sh file and set the VPC subnet1, subnet2, and security group sgid (lines 23-25) with values from the AWS account
cd install-scripts
./sam-deploy-lambda-eracommons-no-profile.sh -a <S3 Bucket Name> -t <tier>
cd ..- Set the scheduler event to run lambda-eracommons Lambda function once a day to refresh the DynamoDB table from eRA Commons database
| Resource | Name | Old Name |
|---|---|---|
| DynamoDB table | extusers-<tier> | extusers-<tier> |
| DynamoDB IAM Policy | power-user-edis-ddb-extusers-read-<tier> | none |
| DynamoDB IAM Role | power-user-edis-api-gateway-extusers-ddb-<tier> | none |
| Lambda IAM Role | power-user-edis-lambda-era-commons-api-<tier> | lambda-eracommons-<tier>-role |
| Lambda | edis-era-commons-api-<tier> | lambda-edis-user-api-<tier> |
| API Gateway | edis-era-commons-<tier> | eRA Commons User API |
| CloudWatch for API Gateway | edis-era-commons-apigateway-accesslogs-<tier> | business_apps-<tier>-edisapi-accesslogs |
| Lambda IAM Role | power-user-edis-lambda-era-commons-auth-<tier> | lambda-eracommons-<tier>-role |
| Lambda | edis-era-commons-auth-<tier> | lambda-auth-<tier> |
| Lambda IAM Role | power-user-edis-lambda-era-commons-refresh-<tier> | lambda-eracommons-<tier>-role |
| Lambda | edis-era-commons-refresh-<tier> | lambda-era-commons-<tier> |
| CloudWatch Event Rule | edis-era-commons-refresh-<tier> | era-commons-refresh-<tier> |