DEV Community: Ak

Unveiling the Mystery: Decoding the Dilemma of Lambda Deployment in Private Subnets

Ak — Wed, 01 May 2024 08:12:38 +0000

This article originally published here. In this demonstration, we see why we are getting a timeout error when deploying a lambda functions to a public subnet.

I will deploy a VPC with an Internet gateway to demonstrate this error I am not going to deploy any resources in a private subnet, so for the moment I will not create a NAT gateway. After deploying, my VPC belongs as below.

I will deploy a sample Lambda function with role created by default in the vpc-1 in public subnet and I added necessary lambda layers.

Below is the code:

import requests

def lambda_handler(event, context):
    url = 'https://swapi.dev/api/people/4/'
    response = requests.get(url)

    if response.status_code == 200:
        return response.json()
    else:
        return {
            'statusCode': response.status_code,
            'body': 'Failed to fetch data from SWAPI'
        }

General configuration

VPC configuration:
Although, the public subnet has a route (0.0.0.0/0)towards internet gateway, the function test will fall into task timed out because the Lambda function itself does not have a publicly accessible IP address.

Test python function

Now I will deploy my function to a private subnet with NAT gateway in the public subnet. In the route table of the private subnet, I will add a route to 0.0.0.0/0 towards my NAT gateway. I will do a test again.

Private subnet route table

Test python after private subnet
This is the best practice for a Lambda function to access the resources through internet. In the next article, we will see how to access AWS services (s3,RDS, DynamoDB)from private subnet without NAT.

Securing AWS Infrastructure: How to Safely Connect Lambda Functions to RDS Databases via Secrets Manager

Ak — Wed, 01 May 2024 08:12:38 +0000

Here are the 2 prerequisites to test the solution of integrating Lambda with RDS via Secrets Manager on AWS

AWS Account: You need to have an AWS account to access AWS services. If you don’t have one, you can sign up for an AWS account at aws.amazon.com.
Budget Alarms: Set up budget alarms in AWS Budgets to monitor your AWS spending. This helps you avoid unexpected charges while testing the solution.

You need to create a VPC with private subnets so that we can run our RDS instance in private subnet

Before creating RDS, I will create my DB subnet groups so that when I launch my RDS instance I can select DB subnet group

I am going to launch an RDS MySQL instance within Free tier
Db instance class : db.t2.micro
Db subnet group : : secret-manager-subnet
I will deploy my RDS instance to VPC and RDS db subnet group created in the above steps
I will select passwords to be managed in secrets manager

I will create Lambda function and in our VPC and private subnets. I will leave Role creation by default.
Then I will add all necessary permissions to the role — RDS,EC2(createnetworkinterface), secrets manager

We need pyMySQL modules, so the easiest way is to add an AWS layer's to python function. I will add AWSSDKPandas-Python312
The role added to the lambda function should have permissions to read secret manager, so modify the policy to give read permissions to secret manager
I will use the following python code to test the connection using secret manager. In the general configuration, I will add timeout to 1 min 3sec

import pymysql
import json
import boto3

def lambda_handler(event, context):
    # Initialize the Secrets Manager client
    client = boto3.client('secretsmanager')

    # Retrieve the secret value
    secret_name = “<SECRET MANAGER NAME>”
    response = client.get_secret_value(SecretId=secret_name)
    secret = json.loads(response['SecretString'])

    # Extract database credentials
    db_username = secret['username']
    db_password = secret['password']
    db_host = “RDS ENDPOINT“

    # Establish a connection to the database
    try:
        conn = pymysql.connect(host=db_host, user=db_username, password=db_password, connect_timeout=5)
        print("Successfully connected to the database")

        # Perform operations here if needed
        # For example:
        # with conn.cursor() as cursor:
        #     cursor.execute("SELECT * FROM your_table;")
        #     result = cursor.fetchall()
        #     print(result)

    except Exception as e:
        print("Database connection error:", e)

    finally:
        # Close the database connection
        if conn:
            conn.close()

    return {
        'statusCode': 200,
        'body': json.dumps('Database connection successful!')
    }

I will configure a custom test event

If you have any concerns/doubts/help follow me regarding this post, you can DM on LinkedIn, and also I invite you to my discord server and stay updated on cloud and DevOps.

What is a MVC pattern?

Ak — Tue, 11 Sep 2018 16:19:46 +0000

MVC - Model view controller

Model view controller(mvc) is the design pattern nowadays used in the production.
Model - It contains the code to manage the databases. For example you can see sql requests like INSERT INTO tasks(id,title,description,creation_date,edition_date)
values('55','"$_POST['title']"','"$_POST['task']"','"$_POST['date']"','"$_POST['edit_date']"')").
View - From the name itself it implies that it is the view part normally contains HTML codes. Sometimes it has PHP variables and conditions. For example if we want to display a post of a user.

Controller - Controller has all the decision making codes or else logical parts goes here. It is the intermediate between model and view. For instance : If an user requests for an page the controller invokes the method from the model and gives back it to the view.

For beginners I have created a directory structure of mvc which you can either git clone or download the zip file and you can extract into the directory where you are going to create your mvc application

To clone the structure use the git command :

git clone https://github.com/ASHOK6266/myOwnStructure_mvc.git

I have also added database file to the structure which is a Singleton pattern

Once you clone the structure you will see the database file in Models/Application/db.php
Database connection is the Singleton pattern which restricts the class instantiation again and again.
Moreover the singleton pattern makes your application faster.
Don't forget to add your dbname,username,password in the db.php file

STEP 0:
I created database named myOwnStructure_mvc and todolist table with id,title and description.
STEP 1:
Models/Application/App.php
I created class Tasks and method get_task();
The method get_task() will retrieve all the posts from the database.
STEP 2:
Controllers/Application/AppController.php
I created class AppController and method show_tasks ;
The method show_tasks will invoke the model (i.e method get_task) from the Models/Application/App.php

Don't forget to include model file here include('../../Models/Application/App.php');
STEP 3:
Views/Application/App.php
I just called the controller methods here i.e show tasks.
Normally no logic and security should be in views.
I have also commented inside each file . You can learn from it. I have just given basic documentation. You can start building the application todolist.
If you wish to build application other than todo list. You can just replace the codes.

ADDITIONAL INFORMATION

Yes!!!!! We are done with the basics but there are lot to learn.
The Index file in the project is the entry point of the application. To make it as entry point you have configure your server.
.htaccess is the configuration file for web server running on web applications.

keyword definitions of oops(php)

Ak — Wed, 05 Sep 2018 22:33:07 +0000

Class - A class is a user defined data type which has methods and properties.
Object - A object is a instance of a class, Once we define a class we can make many objects or instances.
Methods - A function inside a class is called as methods
Properties - A variable inside a class is called as properties or also called as member variables.
Inheritance - The process of inheriting properties and methods from a base class or parent class is called Inheritance. The class that has inherited all the methods and properties is called as child class or derived class.
Constructor - Special type of function which is automatically called whenever object is formed.

Destructor - Special type of function which is automatically called whenever object is formed. The constructor and destructor are also called as magic methods.
Private - A private member can be used only inside a class in which it has been declared. Private members cannot be used inside the inherited classes.
Protected - Protected members can be used inside the same class and class that inherits the parent class.
Constant - The constants are immutable , once it is declared it cannot be changed. It is declared using a keyword const.
Abstract classes - These classes cannot be instantiated instead it can be inherited.
$this - To access a property inside a class $this keyword is used.
Static - Static methods and properties can be accessed without instantiating a class
:: - It is scope resolution operator used to access the static , constant and overridden properties and methods of a class