aws lambda를 한번 써보기로 했다.
함수는 로그인 요청시 토큰발급, 갱신, 로그아웃 3가지로
sam cli로 적용하기로 했다.
먼저 aws cli받고 sam이 파이썬 기반이라니 파이썬도 받고 sam cli받고
sam --version
SAM CLI, version 1.142.1
잘나오고
sam init
AWS Quick Start Templates
1 - Hello World Example
Use the most popular runtime and package type? (python3.13 and zip) : n
Which runtime would you like to use
11 - nodejs22.x
What package type would you like to use?
1 - Zip
Select your starter template
1 - Hello World Example
Would you like to enable X-Ray tracing on the function(s) in your application? [y/N]: n
Would you like to enable monitoring using CloudWatch Application Insights?
For more info, please view https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch-application-insights.html [y/N]: n
Would you like to set Structured Logging in JSON format on your Lambda functions? [y/N]:n
Project name [sam-app]:
sam 기본 탬플릿으로 만들고 node기반 로그관련은 연습이니 전부 비활성
aws configure 로 계정 정보 입력하고
yaml
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
board-auth
Sample SAM Template for board-auth
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Api:
Cors:
AllowMethods: "'POST, GET'"
AllowHeaders: "'*'"
AllowOrigin: "'*'"
EndpointConfiguration:
Type: REGIONAL
GatewayResponses:
DEFAULT_4XX:
ResponseParameters:
Headers:
Access-Control-Allow-Origin: "'*'"
DEFAULT_5XX:
ResponseParameters:
Headers:
Access-Control-Allow-Origin: "'*'"
Function:
Timeout: 3
Runtime: nodejs22.x
MemorySize: 2048
Resources:
LoginFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: auth/
Handler: app.login
Events:
Login:
Type: Api
Properties:
Path: /login
Method: post
Outputs:
# ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
# Find out more about other implicit resources you can reference within SAM
# https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
LoginApi:
Description: "API Gateway endpoint URL for Prod stage for Hello World function"
Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/lohin/"
HelloWorldFunction:
Description: "Hello World Lambda Function ARN"
Value: !GetAtt HelloWorldFunction.Arn
HelloWorldFunctionIamRole:
Description: "Implicit IAM Role created for Hello World function"
Value: !GetAtt HelloWorldFunctionRole.Arn
version = 0.1
[dev]
[dev.deploy]
[dev.deploy.parameters]
stack_name = "Auth-Dev"
s3_bucket = ""
s3_prefix = "Auth-Dev"
region = "ap-northeast-2"
capabilities = "CAPABILITY_IAM"
profile = "board"tomi
const createResponse = (resultCode, body = {}) => {
return {
statusCode: resultCode,
headers: {
"Access-Control-Allow-Origin": "*"
},
body: JSON.stringify(body)
}
}
// 이 부분을 수정해야 합니다.
export const login = async (event) => {
const body = JSON.parse(event.body)
const username = body.username;
const password = body.password;
return createResponse(200, "test");
}app.js
테스트니까 깡통으로 하고
npm run build-dev && sam deploy -t dev.yaml --config-env dev실행
Error: The config profile (board) could not be found
aws configure를 잘못했나보다
aws configure --profile board 로 구체적으로 설정하고
다시 deploy
Error: Failed to create/update the stack: Auth-Dev, An error occurred (AccessDenied) when calling the DescribeStacks operation: User: arn:aws:iam::943625119294:user/board is not authorized to perform: cloudformation:DescribeStacks on resource: arn:aws:cloudformation:ap-northeast-2:943625119294:stack/Auth-Dev/* because no identity-based policy allows the cloudformation:DescribeStacks action
iam에 cloudformation:DescribeStacks 권한 추가하란다
다시
Error: Failed to create changeset for the stack: Auth-Dev, An error occurred (ValidationError) when calling the CreateChangeSet operation: Stack:arn:aws:cloudformation:ap-northeast-2:943625119294:stack/Auth-Dev/53ff76f0-7777-11f0-a1e6-061a844ef4c5 is in ROLLBACK_FAILED state and can not be updated.
롤백이 안되니 기존에 시도하던걸 지우고 하라는거같다.
aws cloudformation delete-stack --stack-name Auth-Dev
지우고 다시
Failed to create changeset for the stack: Auth-Dev, An error occurred (ValidationError) when calling the CreateChangeSet operation: Stack:arn:aws:cloudformation:ap-northeast-2:943625119294:stack/Auth-Dev/53ff76f0-7777-11f0-a1e6-061a844ef4c5 is in DELETE_FAILED state and can not be updated.
지우는게 실패했나보다 그냥 s3꺼 다 지우고 CloudFormation에서 스택도 지우고 다시
위에꺼 반복되서 CloudFormation에서 이벤트 보기 친절하게 예상 근본 원인이 있더라
IAM CreateRole 권한이 없다니 권한주고 지우고 다시시도
Successfully created/updated stack - Auth-Dev in ap-northeast-2
apiGateway, lambda등 권한 추가 많이하고 드디어 람다생성됬다..
응답으로 온 url로 호출하니
성공
내용물은 내일해야지;;