DEV Community: Wilson K. KOMLAN

Create a Fast Node.js Serverless Backend Using AWS Lambda and DynamoDB

Wilson K. KOMLAN — Sat, 15 Jun 2024 04:22:07 +0000

Build a fast Node.js serverless backend with AWS Lambda and DynamoDB. Learn to set up, secure, and perform CRUD operations efficiently

Spring Boot CRUD API, Amazon RDS for MySQL, AWS Secrets Manager - example

Wilson K. KOMLAN — Sat, 11 Jun 2022 12:04:23 +0000

There are many articles on how to build a real world Spring Boot CRUD REST API or Application with MySQL as Relational Database. In this post, we are not only going to show how to create a Spring Boot CRUD operations API, but we will also dive deeper into using a remote MySQL DB provided by Amazon RDS. To top it off, we'll see how to securely manage database credentials through AWS Secrets Manager.

Prerequisites

1. Have an AWS account

2. Know how to configure AWS credentials on the local machine

3. Be familiar with Spring Boot project

Create MySQL DB instance using Amazon RDS

In this section, you will step-by-step create a MySQL DB instance using the AWS Management Console. At the end of this section you will have an online database ready to use 💪.

1. Go to AWS Management Console and sign in.

2. Choose the AWS Region you want and type RDS in the Search for services ... search bar and select it.

3. RDS console will open. In the navigation pane, choose Databases then Create database on the top-right of the Databases table to open the below page :

4. Choose a database creation method : Standard create

5. Engine options : MySQL

6. Templates : Free tier

7. DB instance identifier : mydemodb

8. Master username : admin

9. Master password & Confirm password : adminadmin

10. DB instance class : db.t2.micro

11. Public access : Yes

12. Click Additional configuration -> Initial database name : demodb

Step 12 will make RDS create a database named demodb

13. Leave all other options as is and then click Create database

Once the database is created, click on mydemodb in the Databases list to view its summary. We can use it at this point with basic information such as: endpoint, port, principal user name, principal password and database.

Create AWS Secrets to protect DB credentials

We have created the MySQL database, now, to avoid hard coding its credentials in our Spring Boot project, we'll use AWS proven service that helps easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle : AWS Secrets Manager.

1. Once more, sign in to the AWS Management Console and open the Amazon Secrets Manager console here then make sure you choose the same AWS Region as that of the MySQL database

2. In the navigation pane, choose Secrets then Store a new secret on the top-right of the Secrets table to open the below page:

3. Secret type : Credentials for Amazon RDS database

4. User name : admin

5. Password : adminadmin

For steps 4 and 5, use the same username and password as the database.

6. Database : choose mydemodb DB instance and click Next

7. Secret name : demodb/dev, leave default options and click Next

8. Leave all the default options again and click Next to go to the Review page.

9. Click Store

10. Once the Secret is created, click on it to preview its details.

Create a programmatic IAM user

Note: If you have already configured AWS credentials on your machine locally, please skip this entire section and go to Create Spring Boot.

In order to user AWS Secrets we've created, we need an AWS IAM user with AdministratorAccess policy. Please follow these steps to create an Admin IAM User and configure your local machine.

Create a Spring Boot Project

For this lab, clone the project here and open it in your IDE, then follow the explanations.

1. Let's explore some core dependencies necessary for the project in the pom.xml file :

<!-- Spring Boot JPA dependency -->
<dependency>         
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<!-- MySQL dependency -->
<dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
    <scope>runtime</scope>
</dependency>
<!-- AWS Secrets Manager dependency -->
<dependency>
    <groupId>com.amazonaws</groupId>
    <artifactId>aws-java-sdk-secretsmanager</artifactId>
    <version>1.11.355 </version>
</dependency>

2. The SecretValue Java class in utils package
SecretValue.java class aims to map the Secret value key/value data (DB credentials) retrieved from AWS Secrets Manager into a java object for use in the data source.

public class SecretValue {
    private String username;
    private String password;
    private String engine;
    private String host;
    private String port;
    private String dbname;
    private String dbInstanceIdentifier;

    // Add Getters & Setters
}

3. The JavaConfig.java class
In this class, the retrieval of the secret value we created in AWS Secrets Manager is implemented.

Line 41: the secret name created in AWS Secrets Manager
Line 42: the AWS Region where the secret is created_

Test the REST API

Our REST API is ready, in this section, we'll test it with Postman.

1. Build the project

In the root of the project, run the following command line:
mvn clean package
If everything is configured correctly, the result should look like this:

2. Run the project
Please run the API and make the following API call:

Open Postman
Make a POST request : localhost:8080/api/team/2022

Make a GET request : localhost:8080/api/team/2022

Congratulations 👏👏🎉! You are almost at the end of the project.

Bonus : Deploy the CRUD REST API on AWS Fargate

As in production we need to deploy our REST API, I suggest you try creating a docker container for the API, pushing it to the Docker hub and deploying it to Amazon ECS using AWS Fargate deployment option. Please follow these simple steps outlined in this article..

Note: To allow ECS Task to access the AWS Secrets Manager service, make sure you have AmazonECSTaskExecutionRolePolicy and SecretsManagerReadWrite as Permissions policies for the Task role.

Cleanups

After testing the REST API locally and remotely, sign in to the AWS Management Console and perform cleanups:

Delete the IAM user we created in IAM console if needed
Delete the Secret in AWS Secrets Manager console
Delete MySQL database in RDS console.

In this post, we showed how to create a Spring Boot CRUD REST API and how to manage Spring Boot MySQL connection. We also saw how to use AWS Secrets Manager in Spring Boot to protect database credentials in your REST API code. Your suggestions are welcome. Thanks for reading 🙏!

How to Easily Deploy a Spring Boot Application on AWS Fargate

Wilson K. KOMLAN — Sat, 04 Jun 2022 02:39:27 +0000

Before entering the AWS Cloud world, as a Java developer, it was often difficult for me to get Java-based applications online for my clients 😄.
Fortunately, I found out later that AWS provides many proven, fully managed services for deploying Java-based applications such as EC2, Elastic Beanstalk, Amazon ECS etc.

In this post, we will show how to quickly deploy a Spring Boot Application on Amazon ECS with AWS Fargate deployment option. AWS Fargate is a Serverless compute engine that can be used to launch and run containers without having to provision or manage EC2 instances.

In next lines, we will :

See how to create a Spring Boot REST API Docker image
Go through how to push a containerized API on docker repository and deploy this containerized API on AWS
Create an ECS Cluster
Create a Fargate compatible Task Definition
Run the configured Task to make the application available online

Prerequisites

Have a Docker repository account
Install Docker Desktop on your local machine
Have an AWS account

Create a Spring Boot REST API

Through this section, instead of creating a Spring Boot Web application, we will create a Spring Boot Rest API for simplicity 😄. Notice that the deployment process is the same even for Spring Boot Web App and Spring Boot REST API.
For demonstration purposes, you can clone the Git hub repository here and open it in your favorite IDE 😎.

Create a Docker container image for the Spring Boot Application

1. Create a Docker file

In the project root, create a docker file named : Dockerfile (with no file extension). Paste the below content:

FROM openjdk:11
COPY ./target/docker-demo-0.0.1-SNAPSHOT.jar docker-demo- 
0.0.1-SNAPSHOT.jar
CMD ["java","-jar","docker-demo-0.0.1-SNAPSHOT.jar"]
EXPOSE 8080

Line 1 : Instruction to build docker image from openjdk:11 image
Line 2 : Instruction to copy the jar file into the docker container file system while building
Line 3 : is a java command to launch the jar file while executing the container
Line 4 : informs Docker that the container listens on 8080 port at runtime.

2. Build the Docker image

Open the terminal and execute the following docker command in the project root:

docker image build -t docker-demo .

You should have a result like this:

3. Test the docker image locally

Open the terminal and execute the following command:

docker container run --name dockerDemoApp -p 8080:8080 -d 
docker-demo

Go to Docker Desktop, you should see this:

You can then paste this link http://localhost:8080/api/ in the browser to get the following result :

4. Push Docker image into Docker hub repository

In order to push the Docker local image into Docker hub repository, you just need to execute the following command line:

docker push xxx/docker-demo-app:latest

Make sure to replace xxx by your user name.

Deploy the Spring Boot REST API on AWS Fargate

In this section, we will work step by step to finally get the REST API online.

1. Create Amazon ECS Cluster

Click on Create Cluster

Step 1: On Select cluster template step, select Networking only option and click on Next Step
Step 2: Provide the Cluster name : Demo-cluster, check Create VPC option, leave all other default options and click on Create.

Click on View Cluster, the Demo-cluster details should look like this:

2. Create a Task Definition

On the left side, click Task Definitions and Create new Task Definition to access the Create new Task Definition page.

a. Step 1: Select launch type compatibility

Select FARGATE then click on Next Step

b. Step 2: Configure task and container definitions

Type the Task definition name : docker-demo-task
Leave Task role as is (an IAM role for ECS Task definition will be created on your behalf )
Select Linux as Operating system family
Task execution role, leave Create new role option
Task memory (GB) : 1GB
Task CPU (vCPU) : 0.5vCPU
Click on Add Container, and the information below:

-- Container name : dockerDemoApp

-- Image : xxx/docker-demo-app:latest, the Docker hub image repository (xxx : your Docker hub user name)

-- Memory Limits (MiB) : Soft limit : 128

-- Port mappings : 80 -> tcp and 8080 -> tcp

-- Click on Add to navigate back to Create new Task Definition page

Leave all other options and click on Create
Click on View task definition to see the created task definition details.

3. Run the Task Definition

In this last section, we are going to run our Docker container image.

Step 1

In the Task Definition: docker-demo-task:1 page, click on Actions then Run Task, the Run Task page will open.

Step 2

Launch type : FARGATE
Operating system family : Linux
Task Definition : Familly -> docker-demo-task / Revision -> 1
Platform version : LATEST
Cluster : Demo-cluster
Number of tasks : 1
Cluster VPC : select your VPC
Subnets : Choose un subnet
Security groups : click on Edit to modify the default security group as follow :

-- Assigned security groups : Create new security group

-- Security group name : docker-demo-sg

-- Inbound rules for security group : Choose All Traffic Type and Anywhere Source

-- Click on Save, you will be redirected to the Run Task page.

Auto-assign public IP : ENABLED
Leave all other default options and click on Run Task.

Access Spring Boot REST API via public address

Now that the deployed API's container is running, let's try to access it through a public IP address.

Step 1: Task details

In the Demo-cluster details page, go to Tasks tab.
In the listed tasks, click on the Task whose Task definition column is docker-demo-task:1, the Task details page should open.

Step 2: Task public IP address

In the Task details page, copy the Public IP address
Open a browser or Postman, paste the IP address, append the port and /api/ to see the magic happen 👍 🚀 !

4. Clean up

In the Task details page, click on Stop
In Demo-cluster page, click on Delete Cluster then follow the instructions to delete the Cluster

In Summary

Through this post, we saw how to easily and quickly deploy a Spring Boot Application on AWS using AWS Fargate by creating a Spring Boot REST API Docker container image, pushing it on the Docker hub repository, creating and configuring Amazon ECS Cluster and Task definition witch helped us to deploy and run our REST API container image on AWS Cloud.
Thanks for the reading.

How to secure Spring boot REST API endpoints with Amazon Cognito

Wilson K. KOMLAN — Thu, 02 Jun 2022 12:03:48 +0000

Hello! For Java backend developers, with Spring security there are many ways to secure Spring boot Rest APIs.

Usually, implementing Spring boot bearer token functionality for Rest API requires many lines of code, hours, and the need for user management. However, using Spring boot AWS authentication thanks to Amazon Cognito, things become very simple and very very fast. We no longer need to manage users, Amazon Cognito user pool takes care of that. Cognito also allows us to share users between many Rest APIs and front-ends (web, mobile).

Create Amazon Cognito User Pool

Sign in into Amazon console, and then search for : Cognito.
Click on Create User Pool.
In the Configure sign-in experience step, check User name, Email and Allow users to sign in with a preferred user name options then click on Next.
In the Configure security requirements step, leave all the default options except MFA enforcement where you should choose No MFA instead of Require MFA - Recommended, then click on Next.
Step 3 : Configure sign-up experience, leave all default options and click on Next.
Step 4: Configure message delivery, choose Send email with Cognito for Email provider and leave all other default options then click on Next.
Step 5: Integrate your app, provide the User pool name : Demo-user-pool, App client name: Dockerdemo-app, leave other default options and click Next.
Step 6: Review and click on Create User Pool.
In the details page of the created user pool, click on App Integration tab -> Actions -> Create Cognito Domain and provide the domain name then click Create Cognito Domain.
Again, in the App Integration tab, navigate to the App client list section and click on Dockerdemo-app to preview its details.
In the App client details, scroll down to the Pinpoint analytics section and click on Edit, the Edit Hosted UI page will open.
In the Edit Hosted UI page, provide the Allowed callback URLs : https://example.com, check Cognito user pool in the Identity providers section, check all OpenID Connect scopes options then click Save changes.
Back to the App client details, the Pinpoint analytics section should look like the image below:
Make sure to save the Cognito domain from the Domain section, and the Client ID for the created client App from the App client list section.

Create Spring boot Rest API

In this section, we will create a spring boot Rest API. For demonstration purposes, you can clone the Git hub repository here and open it in your favorite IDE.
The idea here is to implement Spring security Rest API authentication with OAuth 2.0 JWT Bearer Tokens.
Instead of implementing the JWT authentication tokens generation mechanism, we will use Amazon Cognito to manage it.

Provide the needed dependencies in the pom.xml file for Spring security OAuth 2.0 support

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

<dependency>             
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-resource- 
server</artifactId>
</dependency>

In the application.yaml file, specify the Authorization Server:

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: https://cognito-idp.[AWS REGION].amazonaws.com/[USER_POOL_ID]

Create a security configuration file.

package com.wilkom.dockerdemo.security;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@EnableWebSecurity // Enable Spring Security’s web 
  security support
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) // To configure method-level security
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

        http.cors().and().csrf().disable()
            .authorizeRequests(expressionInterceptUrlRegistry -> expressionInterceptUrlRegistry
                    .anyRequest().authenticated())
            .oauth2ResourceServer().jwt();
        return http.build();
    }
}

In the configuration class above, we have made each endpoint accessible only by OAuth 2.0 authenticated requests. That's all we have to do in our API Rest backend.

Test the Rest API

We will use Postman to test our Rest API.

1. Signup user into the Amazon Cognito

Open Postman and provide values from Amazon Cognito User provider settings:

2/ Callback URL : https://example.com (make sure to provide the exact callback url you set in the Cognito)
3/ Auth URL : https://xxxxx.auth.us-east-1.amazoncognito.com/login (remember to append /login)
4/ Access Token URL : https://xxxxx.auth.us-east-1.amazoncognito.com/oauth2/token (remember to append /oauth2/token)
5/ Client ID : Dockerdemo-app App Client ID

Then click on Get New Access Token at the bottom, the Sign-in screen will open, click on Sign up link at the bottom the get the signup screen as follow:

Enter user name, valid email and password then click on Sign-up.
The verification code screen should appear, open the valid email box to get the verification code:
If the code verification is successful, a token will be generated, click on Use Token:

2. Make API call

Now, you can run the Spring boot app.
Go to Postman, enter a GET endpoint URL,

localhost:8080/api/

Make sure the token is in use in the Authorization OAuth 2.0 tab and click on Send:

PS : In a real project, the Signup and Sign-in processes will be implemented in the front-end apps, please see this guide to do so.

As you can see, Amazon Cognito is an amazing AWS service that simplifies Spring boot backend Rest API user management.

Thanks for reading.