{"id":875,"date":"2019-07-12T15:56:18","date_gmt":"2019-07-12T13:56:18","guid":{"rendered":"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/"},"modified":"2021-03-24T18:11:04","modified_gmt":"2021-03-24T17:11:04","slug":"lets-create-a-serverless-notification-system-with-amazon-api-gateway","status":"publish","type":"post","link":"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/","title":{"rendered":"Let\u2019s create a serverless notification system with Amazon API Gateway"},"content":{"rendered":"<p>In recent years, the widespread diffusion of Cloud computing has led to a massive adoption of the &#8220;microservices&#8221; application development paradigm. Refactoring of monolithic applications in microservices allows getting the most out of some intrinsic features of the Cloud itself, including the use of many \u201c<em>managed\u201d<\/em> services, useful for delegating to the Cloud provider the management and reliability of critical tasks which aren\u2019t part of the application <em>core<\/em>.<\/p>\n<p>beSharp is no exception: this refactoring process, in fact, also involved <a href=\"https:\/\/www.noovolari.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Noovolari Smart Backup<\/a> &#8211; our product for the management of Backup and Disaster Recovery of AWS infrastructures.<\/p>\n<p>In this regard, the refactoring of the application\u2019s notifications system, which are shown in the web interface upon the occurrence of specific events (such as the conclusion of a backup job or the opening of a file-level recovery session), is of particular interest.<\/p>\n<p>The old monolithic solution was based on Ruby\/<strong>ActionCable <\/strong>and<strong> Redis <\/strong>and centralized the operations for sending notifications in a single application controller.<\/p>\n<p>By taking advantage of the recent release of the API Websocket for Gateway by AWS, we decided to refactor the notifications\u2019 management engine in a microservice, completely serverless, using SQS to decouple the sending and receiving of messages.<\/p>\n<p>The introduction of Lambda Layers and the possibility of writing Lambda functions in Ruby (the main language with which Noovolari Smart Backup is developed) is also recent; thanks to these two features we were able to re-use most of the original backend code, thus keeping the code clean and easy to integrate in other future applications.<\/p>\n<p>This approach has given us several technical ideas that we decided to share in this article, creating a small tutorial on how to create a fully serverless notifications microservice based on AWS services.<\/p>\n<h2>Technologies used<\/h2>\n<p>To implement this solution we will use the following languages and services:<\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Html and JavaScript (jQuery)<\/span><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">AWS Lambda<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Node.js on AWS Lambda<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Ruby on AWS Lambda<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Amazon API Gateway<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Amazon SQS<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Amazon DynamoDB<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">AWS IAM<\/span><\/li>\n<\/ul>\n<h2>Client-side implementation<\/h2>\n<p>To begin with, let&#8217;s see how to start a WebSocket channel with API Gateway using the URL that will be generated when creating the back-end API.<\/p>\n<p>In the main application template we added the following javascript function:<\/p>\n<pre><span style=\"font-weight: 400;\">&lt;<\/span><span style=\"font-weight: 400;\">script<\/span><span style=\"font-weight: 400;\">&gt;<\/span> <b>$<\/b><span style=\"font-weight: 400;\">(<\/span><b><i>document<\/i><\/b><span style=\"font-weight: 400;\">).<\/span><b>ready<\/b><span style=\"font-weight: 400;\">(<\/span><b>function <\/b><span style=\"font-weight: 400;\">() {<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0<\/span><i><span style=\"font-weight: 400;\">\/\/Setup notification system<\/span><\/i> <i><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0<\/span><\/i><b><i>noovolari<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>smartbackup<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>notifications<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>websocket<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><span style=\"font-weight: 400;\">connect<\/span><span style=\"font-weight: 400;\">(<\/span> <b>'<\/b><b>&lt;%=<\/b> <b><i>Rails<\/i><\/b><b>.<\/b><b>env <\/b><b>%&gt;<\/b><b>'<\/b><span style=\"font-weight: 400;\">,<\/span> <b>'<\/b><b>&lt;%=<\/b> <b><i>Notification<\/i><\/b><b>::<\/b><b><i>NotificationAuthorizer<\/i><\/b><b>.<\/b><b>check_token<\/b><b>(<\/b><b>user_id<\/b><b>: <\/b><b>current_user<\/b><b>.<\/b><b>id<\/b><b>, <\/b><b>company_code<\/b><b>: <\/b><b>current_user<\/b><b>.<\/b><b>companies<\/b><b>.<\/b><b>first<\/b><b>.<\/b><b>code<\/b><b>) <\/b><b>%&gt;<\/b><b>'<\/b> <span style=\"font-weight: 400;\"> \u00a0\u00a0);<\/span> <span style=\"font-weight: 400;\">&lt;\/<\/span><span style=\"font-weight: 400;\">script<\/span><span style=\"font-weight: 400;\">&gt;\r\n<\/span><\/pre>\n<p>This is how the function is implemented in detail:<\/p>\n<pre><b><i>noovolari<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>smartbackup<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>notifications<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>websocket<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><span style=\"font-weight: 400;\">connect <\/span><span style=\"font-weight: 400;\">= <\/span><b>function<\/b><span style=\"font-weight: 400;\">(stage, token) {<\/span> \r\n<span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><b>var <\/b><span style=\"font-weight: 400;\">socketUrl <\/span><span style=\"font-weight: 400;\">= <\/span><b>'wss:\/\/<\/b><b>&lt;WEBSOCKET_URL&gt;<\/b><b>\/'<\/b><span style=\"font-weight: 400;\">+stage+<\/span><b>'?token='<\/b><span style=\"font-weight: 400;\">+token;\r\n\r\n <\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><i><span style=\"font-weight: 400;\">\/\/ connecting to the websocket url and retrieve function for connect and disconnect\r\n<\/span><\/i> <i><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/i><b><i>noovolari<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>smartbackup<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>notifications<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b>websocket <\/b><span style=\"font-weight: 400;\">=\u00a0 <\/span><b>new <\/b><b><i>WebSocket<\/i><\/b><span style=\"font-weight: 400;\">(<\/span><span style=\"font-weight: 400;\">socketUrl<\/span><span style=\"font-weight: 400;\">);\r\n\r\n <\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><b><i>noovolari<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>smartbackup<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>notifications<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>websocket<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><span style=\"font-weight: 400;\">onopen <\/span><span style=\"font-weight: 400;\">= <\/span><b>function <\/b><span style=\"font-weight: 400;\">() {\r\n<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><b><i>console<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><span style=\"font-weight: 400;\">info<\/span><span style=\"font-weight: 400;\">(<\/span><b>'socket connection opened properly with...'<\/b><span style=\"font-weight: 400;\">);\r\n<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0};\r\n\r\n<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><b><i>noovolari<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>smartbackup<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>notifications<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>websocket<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><span style=\"font-weight: 400;\">onclose <\/span><span style=\"font-weight: 400;\">= <\/span><b>function <\/b><span style=\"font-weight: 400;\">() {\r\n<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><i><span style=\"font-weight: 400;\">\/\/ websocket is closed.\r\n<\/span><\/i> <i><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/i><b><i>console<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><span style=\"font-weight: 400;\">info<\/span><span style=\"font-weight: 400;\">(<\/span><b>\"Connection closed...\"<\/b><span style=\"font-weight: 400;\">);\r\n\r\n<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0};\r\n\r\n<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><b><i>noovolari<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>smartbackup<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>notifications<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b><i>websocket<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><span style=\"font-weight: 400;\">onmessage <\/span><span style=\"font-weight: 400;\">= <\/span><b>function <\/b><span style=\"font-weight: 400;\">(evt) {\r\n<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><b>var <\/b><span style=\"font-weight: 400;\">notification <\/span><span style=\"font-weight: 400;\">= <\/span><b><i>JSON<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><span style=\"font-weight: 400;\">parse<\/span><span style=\"font-weight: 400;\">(evt.<\/span><b>data<\/b><span style=\"font-weight: 400;\">);\r\n<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><b>var <\/b><span style=\"font-weight: 400;\">message <\/span><span style=\"font-weight: 400;\">= <\/span><span style=\"font-weight: 400;\">notification<\/span><span style=\"font-weight: 400;\">.<\/span><b>data<\/b><span style=\"font-weight: 400;\">;\r\n<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><b>noovolariUiToolkit<\/b><span style=\"font-weight: 400;\">.<\/span><b><i>notifications<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><b>subscribers<\/b><span style=\"font-weight: 400;\">.<\/span><span style=\"font-weight: 400;\">forEach<\/span><span style=\"font-weight: 400;\">(<\/span><b>function<\/b><span style=\"font-weight: 400;\">(subscriber) {\r\n<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><b>if<\/b><span style=\"font-weight: 400;\">(subscriber.<\/span><b>type <\/b><span style=\"font-weight: 400;\">=== <\/span><span style=\"font-weight: 400;\">message<\/span><span style=\"font-weight: 400;\">.<\/span><b>type<\/b><span style=\"font-weight: 400;\">) {\r\n<\/span> <span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0subscriber.<\/span><span style=\"font-weight: 400;\">callback<\/span><span style=\"font-weight: 400;\">(<\/span><span style=\"font-weight: 400;\">message<\/span><span style=\"font-weight: 400;\">.<\/span><b>data<\/b><span style=\"font-weight: 400;\">);\r\n<\/span> <span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<\/span> <span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0});\r\n<\/span> <span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0\u00a0\u00a0};\r\n<\/span> <span style=\"font-weight: 400;\">};<\/span><\/pre>\n<p>Let&#8217;s analyse the code step by step.<\/p>\n<p>With this function we define three methods needed for implementing the Javascript WebSocket object interface; is worth noting that as parameters, we pass both the &#8220;stage&#8221; variable, that identifies the working environment in which we want to open the communication channel, whether it is <strong>development <\/strong>or <strong>production<\/strong>, and the token variable which, for security, is generated by Ruby so the possibility to have the function inspected is negated (the browser inspectors can always show the Javascript code instead, this way, the token is already generated by the back-end).<\/p>\n<p>The opening and closing callbacks of the WebSocket connection are managed directly by AWS; we&#8217;ll see later how this is accomplished.<\/p>\n<p>Upon the receiving of a message we cycle on the number of &#8220;subscribers&#8221;, registered before the opening of the channel, to represent the message using a callback depending on the same type of the message itself (for example an information message, an alert message, a danger message, etc.)<\/p>\n<p>The <strong>token <\/strong>is a JWT Token encrypted with SHA512; the shared secret is managed by an environment variable in both our application and AWS.<\/p>\n<p>Let&#8217;s see how the token is built (the reference language is Ruby):<\/p>\n<pre>def self.generate_token(user_id:, company_code:)\r\ntoken = compose_token(user_id: user_id, company_code: company_code)\r\npayload = { user_id: user_id, room_id:company_code, token:token,exp: Time.now.to_i + EXPIRATION_TIME_IN_SECONDS }\r\nJWT.encode payload, Configuration.load_secrets['bernie']['notification_key'], 'HS512'\r\nEnd\r\n\r\ndef self.compose_token(user_id:, company_code:)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0dynamo = get_dynamo_client()\r\n\u00a0\u00a0\u00a0\u00a0\u00a0token = \"#{user_id}#{Configuration.load_secrets['bernie']['notification_passcode']}#{company_code}\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0token = Digest::SHA256.hexdigest(token)\r\n\r\ndynamo.put_item({\r\n\u00a0\u00a0table_name: Configuration.load_secrets['bernie']['notification_table'],\r\n\u00a0\u00a0item: {\r\n\u00a0\u00a0\u00a0\u00a0'user_id' =&gt; user_id.to_s,\r\n\u00a0\u00a0\u00a0\u00a0'room_id' =&gt; company_code,\r\n\u00a0\u00a0\u00a0\u00a0'token' =&gt; BCrypt::Password.create(token)\r\n\u00a0}\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0})\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0return token\r\nend<\/pre>\n<p>The &#8220;generate_token&#8221; function not only creates our token through the JWT library but also saves the encrypted token with the shared secret on DynamoDB; this allows us to have two security levels: the first given by JWT that encrypts with SHA512; the second given by us with BCrypt.<\/p>\n<p>AWS side implementation<\/p>\n<p><strong>\u00a0<\/strong><strong>API GATEWAY<\/strong><\/p>\n<p><strong>\u00a0<\/strong>Let\u2019s access our AWS account and look for the<strong> API Gateway <\/strong>service. We open the service page and create a new API.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-792 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-5.png\" alt=\"\" width=\"781\" height=\"474\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-5.png 781w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-5-400x243.png 400w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-5-768x466.png 768w\" sizes=\"(max-width: 781px) 100vw, 781px\" \/><\/p>\n<p>We set the parameters as follows:<\/p>\n<ul>\n<li><strong>WebSocket: <\/strong>it is used to pass from the creation of a standard API Http to a <strong>WebSocket<\/strong> one.<\/li>\n<li><strong>API name: <\/strong>we can use whatever name we like, just remember to note it; we will need it.<\/li>\n<li><strong>$request.body.action: <\/strong>refers to the name of the JSON key that will contain the action to call to send a message on the WebSocket channel<strong>. <\/strong>\u00a0For example &#8220;action&#8221;:&#8221;sendMessage&#8221; will use <strong>action <\/strong>as the specified parameter and will invoke the &#8220;sendMessage&#8221; lambda for message handling.<\/li>\n<\/ul>\n<p>As soon as the API is created, under the &#8220;Routes&#8221; heading we will find $connect, $disconnect and $default; the first two are very important routes because they are used for the connection and disconnection phases of the WebSocket channel both on the AWS side (with lambda functions) and the client side (as we saw in the previous scripts).<\/p>\n<p>Click on <strong>$connect <\/strong>and set the parameters as in the image below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-794 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-6.png\" alt=\"\" width=\"1002\" height=\"387\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-6.png 1002w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-6-400x154.png 400w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-6-768x297.png 768w\" sizes=\"(max-width: 1002px) 100vw, 1002px\" \/><\/p>\n<p>We want to link the <strong>$connect <\/strong>phase with an appropriate lambda function, so we check it under &#8220;Integration type&#8221;; we also check &#8220;Lambda Proxy Integration&#8221; because we want our<strong> context <\/strong>variable to contain the complete list of properties of the API Gateway call.<\/p>\n<p>The Region must be set according to your needs, in our case <strong>eu-west-1<\/strong>; &#8220;lambda function&#8221; represents the name of the lambda to be called which we can load from the drop-down menu. For this, we use the default value and press save.<\/p>\n<p>We do the same for <strong>$disconnect<\/strong> and<strong> sendMessage<\/strong>, pointing to the respective Lambda functions.<\/p>\n<p>If you have completed these steps correctly you will find yourself in the following situation:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-796 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-7.png\" alt=\"\" width=\"654\" height=\"402\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-7.png 654w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-7-400x246.png 400w\" sizes=\"(max-width: 654px) 100vw, 654px\" \/><\/p>\n<p>Now we have four routes configured with the corresponding Lambdas; we have to create IAM roles to let them communicate with the necessary services. In addition to this, we also create DynamoDB tables.<\/p>\n<p><strong>IAM<\/strong><\/p>\n<p>First of all we create four IAM roles:<strong> OnConnectFunctionRole<\/strong>,<strong> OnDisconnectFunctionRole<\/strong>,<strong> SendMessageFunctionRole.<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-798 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-8.png\" alt=\"\" width=\"1002\" height=\"87\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-8.png 1002w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-8-400x35.png 400w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-8-768x67.png 768w\" sizes=\"(max-width: 1002px) 100vw, 1002px\" \/><\/p>\n<p>Let&#8217;s give them the name we prefer; to use the OnConnect function we need a<strong>\u00a0 &#8220;LambdaBasicExecutionRole&#8221;<\/strong>; and a<strong> &#8220;custom policy&#8221; <\/strong>with this json:<\/p>\n<pre>{\r\n\"Statement\": [\r\n     {\r\n         \"Action\": [\r\n             \"dynamodb:GetItem\",\r\n             \"dynamodb:DeleteItem\",\r\n             \"dynamodb:PutItem\",\r\n             \"dynamodb:Scan\",\r\n             \"dynamodb:Query\",\r\n             \"dynamodb:UpdateItem\",\r\n             \"dynamodb:BatchWriteItem\",\r\n             \"dynamodb:BatchGetItem\",\r\n             \"dynamodb:DescribeTable\"\r\n         ],\r\n         \"Resource\": [\r\n                \"arn:aws:dynamodb:eu-west-1:&lt;ACCOUNT_ID&gt;:table\/hermesConnections\",\r\n                \"arn:aws:dynamodb:eu-west-1:&lt;ACCOUNT_ID&gt;:table\/hermesConnections\/index\/*\"\r\n         ],\r\n         \"Effect\": \"Allow\"\r\n     }\r\n]\r\n}<\/pre>\n<p>Remember to change <strong>&lt;ACCOUNT_ID&gt;<\/strong> with our account id and take note that \u201c<strong>hermesConnections<\/strong>\u201d represents our dynamodb table.<\/p>\n<p>For<strong> &#8220;OnDisconnect&#8221;:<\/strong><\/p>\n<pre>{\r\n\"Statement\": [\r\n     {\r\n         \"Action\": [\r\n             \"dynamodb:GetItem\",\r\n             \"dynamodb:DeleteItem\",\r\n             \"dynamodb:PutItem\",\r\n             \"dynamodb:Scan\",\r\n             \"dynamodb:Query\",\r\n             \"dynamodb:UpdateItem\",\r\n             \"dynamodb:BatchWriteItem\",\r\n             \"dynamodb:BatchGetItem\",\r\n             \"dynamodb:DescribeTable\"\r\n         ],\r\n         \"Resource\": [\r\n                \"arn:aws:dynamodb:eu-west-1:&lt;ACCOUNT_ID&gt;:table\/hermesConnections\",\r\n             \"arn:aws:dynamodb:eu-west-1:&lt;ACCOUNT_ID&gt;:table\/hermesConnections\/index\/*\"\r\n         ],\r\n         \"Effect\": \"Allow\"\r\n     }\r\n]\r\n}<\/pre>\n<p>For &#8220;SendMessage&#8221; we still use a &#8220;LambdaBasicExecutionRole&#8221;, AWSLambdaSQSQueueExecutionRole and three custom policies:<\/p>\n<pre>{\r\n\"Statement\": [\r\n     {\r\n         \"Action\": [\r\n             \"dynamodb:GetItem\",\r\n             \"dynamodb:DeleteItem\",\r\n             \"dynamodb:PutItem\",\r\n             \"dynamodb:Scan\",\r\n             \"dynamodb:Query\",\r\n             \"dynamodb:UpdateItem\",\r\n             \"dynamodb:BatchWriteItem\",\r\n             \"dynamodb:BatchGetItem\",\r\n             \"dynamodb:DescribeTable\"\r\n         ],\r\n         \"Resource\": [\r\n             \"arn:aws:dynamodb:eu-west-1:&lt;ACCOUNT_ID&gt;:table\/hermesConnections\",\r\n             \"arn:aws:dynamodb:eu-west-1:&lt;ACCOUNT_ID&gt;:table\/hermesConnections\/index\/*\"\r\n         ],\r\n         \"Effect\": \"Allow\"\r\n     }\r\n]\r\n}<\/pre>\n<p>This one:<\/p>\n<pre>{\r\n\"Statement\": [\r\n     {\r\n         \"Action\": [\r\n                \"sqs:ChangeMessageVisibility\",\r\n                \"sqs:ChangeMessageVisibilityBatch\",\r\n                \"sqs:DeleteMessage\",\r\n                \"sqs:DeleteMessageBatch\",\r\n                \"sqs:GetQueueAttributes\",\r\n                \"sqs:ReceiveMessage\"\r\n         ],\r\n         \"Resource\": \"arn:aws:sqs:eu-west-1::hermes-messageQueue\",\r\n         \"Effect\": \"Allow\"\r\n     }\r\n]\r\n}<\/pre>\n<p>And finally:<\/p>\n<pre>{\r\n\"Statement\": [\r\n     {\r\n         \"Action\": [\r\n                \"execute-api:ManageConnections\"\r\n         ],\r\n         \"Resource\": [\r\n                \"arn:aws:execute-api:eu-west-1::\/*\"\r\n         ],\r\n         \"Effect\": \"Allow\"\r\n     }\r\n]\r\n}<\/pre>\n<p>The variable can be retrieved from the API Gateway dashboard inspecting the top left corner:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-800 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-9.png\" alt=\"\" width=\"441\" height=\"131\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-9.png 441w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Picture1-9-400x119.png 400w\" sizes=\"(max-width: 441px) 100vw, 441px\" \/><\/p>\n<p>Now we can create the DynamoDB table to save the connectionIDs provided to us by API Gateway during the <strong>$connect <\/strong>phase. This parameter is very important because it identifies the user who opened the connection. We will then see how to authenticate the request to open the connection, but also how to filter the messages on a per ROOM basis.<\/p>\n<p><strong>DYNAMODB<\/strong><\/p>\n<p>Let&#8217;s connect to the DynamoDB service and click on &#8220;create table&#8221;; we&#8217;ll find ourselves in the following situation:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-802 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/unnamed-2.png\" alt=\"\" width=\"385\" height=\"512\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/unnamed-2.png 385w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/unnamed-2-226x300.png 226w\" sizes=\"(max-width: 385px) 100vw, 385px\" \/><\/p>\n<p>We set the same name as we set in the IAM role previously, in this case, &#8220;hermesConnections&#8221;; as <strong>partition key, <\/strong>we set<strong> connection_id<\/strong> of type <strong>string<\/strong>; leave the rest of the table settings with the default<strong>\u00a0<\/strong>values.<\/p>\n<p>The table will be created in a few seconds; as users connect to API Gateway, the function associated with $connect will create tuples in this table.<\/p>\n<p>Now let&#8217;s define our lambda functions starting from the routes previously created on API Gateway.<\/p>\n<h1>Lambda for $connect and authorizer<\/h1>\n<p>Let&#8217;s go to the Lambda function management page and create a new function.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-804 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-12.44.59-1024x101.png\" alt=\"\" width=\"1024\" height=\"101\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-12.44.59-1024x101.png 1024w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-12.44.59-400x39.png 400w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-12.44.59-768x75.png 768w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-12.44.59.png 1140w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p>We give the name we used <strong>when we created the $connect route<\/strong>, then we set the other values as shown below:<\/p>\n<pre>app.js\r\n\r\nvar AWS = require(\"aws-sdk\");\r\nAWS.config.update({ region: process.env.AWS_REGION });\r\nvar DDB = new AWS.DynamoDB({ apiVersion: \"2012-10-08\" });\r\nexports.handler = function (event, context, callback) {\r\n  \/\/ based on query string parameter on the connection websocket add the connection in the dynamo table with the selected room_id and user_id\r\n  console.log(event.requestContext.stage);\r\n  let table = event.requestContext.table_name;\r\n  var putParams = {\r\n    TableName: process.env[table],\r\n    Item: {\r\n      room_id: {S: event.requestContext.authorizer.room_id},\r\n      connection_id: { S: event.requestContext.connectionId },\r\n      user_id: {S: event.requestContext.authorizer.user_id}\r\n    }\r\n  };\r\nDDB.putItem(putParams, function (err) {\r\n    callback(null, {\r\n      statusCode: err ? 500 : 200,\r\n      body: err ? \"Failed to connect: \" + JSON.stringify(err) : \"Connected.\"\r\n    });\r\n  });\r\n};\r\n<\/pre>\n<pre>package.json\r\n\r\n{\r\n  \"name\": \"onConnect\",\r\n  \"version\": \"1.0.0\",\r\n  \"description\": \"OnConnect function for WebSockets on API Gateway\",\r\n  \"main\": \"src\/app.js\",\r\n  \"author\": \"SAM CLI\",\r\n  \"license\": \"MIT\",\r\n  \"dependencies\": {\r\n    \"aws-sdk\": \"^2.434.0\"\r\n  } \r\n}<\/pre>\n<p>Under environment variables we insert the name of the connection table:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-808 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-16.54.41.png\" alt=\"\" width=\"937\" height=\"187\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-16.54.41.png 937w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-16.54.41-400x80.png 400w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-16.54.41-768x153.png 768w\" sizes=\"(max-width: 937px) 100vw, 937px\" \/><\/p>\n<p>We also add the Authorizer Lambda:<\/p>\n<pre>index.js\r\n\r\nexports.handler = async (event) =&gt; {\r\n    try {\r\n        console.log(event.requestContext.stage);\r\n        \/\/ Query string parameters you can use to validate the connection\r\n        \/\/ We verify the json Web Token\r\n        let jwt = require('jsonwebtoken');\r\n        let secret_environment = 'JWT_SECRET';\r\n        let table_environment = 'TABLE_NAME';\r\n        let decoded = jwt.verify(event.queryStringParameters.token, process.env[secret_environment]);\r\n        let userId = decoded.user_id;\r\n        let roomId = decoded.room_id;\r\n        let token  = decoded.token;\r\n        \/\/ The principal id  can be anything, in this case we used \r\n        let principalId = userId;\r\n        const AWS = require('aws-sdk');\r\n        const ddb = new AWS.DynamoDB({ apiVersion: '2012-08-10' });\r\nlet db_token, db_user_id, db_room_id, db_expire_date;\r\n        let params = {\r\n            TableName: process.env[table_environment],\r\n            Key: { \r\n                user_id: { S: userId.toString() },\r\n                room_id: { S: roomId.toString() } \r\n            }\r\n        };\r\n        await ddb.getItem(params, function(err, data) {\r\n        if (err) { \r\n        \/* an error occurred *\/ \r\n        console.log(err, err.stack);\r\n        } else { \r\n            \/\/ successful response\r\n            db_user_id = data.Item.user_id.S;\r\n            db_room_id = data.Item.room_id.S;\r\n            db_token = data.Item.token.S;\r\n        }\r\n        }).promise();\r\nlet bcrypt = require(\"bcryptjs\");\r\n        let compare_hash = bcrypt.compareSync(token, db_token);\r\n        let compare_user_and_room = db_room_id.toString() === roomId.toString() &amp;&amp; db_user_id.toString() === userId.toString();\r\n        let effect = (compare_hash &amp;&amp; compare_user_and_room) ? 'Allow' : 'Deny'; \/\/ Set 'Allow' or 'Deny' to decide if one can connect or not\r\n        console.log(effect);\r\n        return generatePolicy(principalId, effect, event.methodArn, userId, roomId);\r\n    } catch(e) {\r\n     console.log(e.stack);\r\n     return null;\r\n    }\r\n};\r\nlet generatePolicy = function(principalId, effect, resource, user_id, room_id) {\r\n   \/\/ Required output:\r\n   var authResponse = {};\r\n    authResponse.principalId = principalId;\r\n   if (effect &amp;&amp; resource) {\r\n       var policyDocument = {};\r\n        policyDocument.Version = '2012-10-17'; \/\/ default version\r\n       policyDocument.Statement = [];\r\n       var statementOne = {};\r\n       statementOne.Action = 'execute-api:Invoke'; \/\/ default action\r\n       statementOne.Effect = effect;\r\n       statementOne.Resource = resource;\r\n       policyDocument.Statement[0] = statementOne;\r\n       authResponse.policyDocument = policyDocument;\r\n    }\r\n   \/\/ Optional output with custom properties of the String, Number or Boolean type.\r\n   authResponse.context = {\r\n       room_id: room_id,\r\n       user_id: user_id\r\n    }; \r\n   return authResponse;\r\n}<\/pre>\n<pre>package.json\r\n\r\n{\r\n  \"name\": \"authorizer\",\r\n  \"version\": \"1.0.0\",\r\n  \"description\": \"Authorizer function for WebSockets on API Gateway\",\r\n  \"main\": \"index.js\",\r\n  \"author\": \"beSharp\",\r\n  \"license\": \"MIT\",\r\n  \"dependencies\": {\r\n    \"bcryptjs\": \"^2.4.3\",\r\n    \"jsonwebtoken\": \"^8.5.1\"\r\n  }\r\n}<\/pre>\n<p>And the relative environment variables:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-810 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/unnamed-3.png\" alt=\"\" width=\"512\" height=\"125\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/unnamed-3.png 512w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/unnamed-3-400x98.png 400w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/p>\n<p>The authorization Lambda accesses the JWT Token sent through API Gateway, decodes it, obtains the token encrypted with BCrypt by the client application that opened the connection, then compares it with the encrypted one saved on DynamoDB; if they coincide, the authorizer grants permission to open the connection by creating an <strong>ad hoc IAM authorization policy<\/strong>.<\/p>\n<p>We return to the API Gateway screen and click on <strong>$connect<\/strong>, so we can edit the <strong>authorizer<\/strong> field, adding the lambda we have just created.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-812 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-18.39.54.png\" alt=\"\" width=\"709\" height=\"303\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-18.39.54.png 709w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-18.39.54-400x171.png 400w\" sizes=\"(max-width: 709px) 100vw, 709px\" \/><\/p>\n<p>Where \u201c<strong>websocketAuth<\/strong>\u201d is the name we gave to the authorisation Lambda.<\/p>\n<p>Now we need to add the <strong>$disconnect<\/strong> and <strong>sendMessage<\/strong> lambdas; so let&#8217;s proceed to add them starting with $disconnect which is very simple:<\/p>\n<pre>app.js\r\n\r\nvar AWS = require(\"aws-sdk\");\r\nAWS.config.update({ region: process.env.AWS_REGION });\r\nvar DDB = new AWS.DynamoDB({ apiVersion: \"2012-10-08\" }); \r\nexports.handler = function (event, context, callback) {\r\n  console.log(event.requestContext.stage);\r\n  let table_environment = 'TABLE_NAME_' + event.requestContext.stage.toUpperCase();\r\n  var deleteParams = {\r\n    TableName: process.env[table_environment],\r\n    Key: {\r\n      connection_id: { S: event.requestContext.connectionId }\r\n    }\r\n  };\r\nDDB.deleteItem(deleteParams, function (err) {\r\n    callback(null, {\r\n      statusCode: err ? 500 : 200,\r\n      body: err ? \"Failed to disconnect: \" + JSON.stringify(err) : \" Disconnected.\"\r\n    });\r\n  });\r\n};<\/pre>\n<p>In practice, whenever API Gateway has to disconnect a user from the channel, it invokes the function associated with the $disconnect lambda which, in return, deletes the line corresponding to the specified connection_id from the DynamoDB connection table.<\/p>\n<p>We can now move on to the send message part, creating the sendMessage lambda:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-814 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-18.58.55-1024x371.png\" alt=\"\" width=\"1024\" height=\"371\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-18.58.55-1024x371.png 1024w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-18.58.55-400x145.png 400w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-18.58.55-768x278.png 768w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-18-at-18.58.55.png 1261w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p>First of all in this function we need to add SQS as a trigger because it will be called not only by API Gateway but also by SQS. We add this trigger as shown below.<\/p>\n<p>Then we can see the function code:<\/p>\n<pre>index.js\r\n\r\nconst AWS = require('aws-sdk');\r\nrequire('.\/patch.js');\r\nconst ddb = new AWS.DynamoDB.DocumentClient({ apiVersion: '2012-08-10' });\r\nconst dynamodb = new AWS.DynamoDB({apiVersion: '2011-12-05'});\r\nconst { ENDPOINT } = process.env;\r\nexports.handler = async (event, context,callback) =&gt; {\r\n  let environment =undefined;\r\n  let table = process.env.TABLE_NAME;\r\nlet user_id= undefined;\r\n  let room_id = undefined;\r\n  let postData = undefined;\r\n  let messageBody = {};\r\n \/\/ if there are records we re in the sqs trigger put the event from the message of the SQS message received.\r\n  if (event.Records != undefined) {\r\n    let body = JSON.parse(event.Records[0].body);\r\n    user_id = body.user_id;\r\n    room_id = body.room_id;\r\n    messageBody = {user_id: user_id };\r\n    postData = body.data;    \r\n  } else {\r\n    postData = JSON.parse(event.body).data;\r\n    const  connection_sender =  event.requestContext.connectionId;\r\n    \/\/ get sender info on dynamo db table of connections\r\n let params = {\r\n      Key: {  HashKeyElement:  { S: connection_sender } }, \r\n      TableName:  table\r\n    };\r\n    let sender_item = undefined;\r\n \/\/get the row of dynamo referred to the connection_id sender.\r\n    await dynamodb.getItem(params, function(err, data) {\r\n      if (err) console.log(err, err.stack); \/\/ an error occurred\r\n      else    { \r\n        sender_item = data;  \r\n        user_id = sender_item.Item.user_id.S;\r\n        room_id = sender_item.Item.room_id.S;\r\n        \/\/ adding in the messageBody the user_id of the sender\r\n        messageBody = {user_id: user_id };\r\n        }  \/\/ successful response\r\n    }).promise();\r\n  }\r\n\/\/retrieve all connection for the selected room_id.\r\n  let connectionData;\r\n  try {\r\n    let scanParam = { TableName: table, ProjectionExpression: 'connection_id, user_id',\r\n       FilterExpression: '#roomId = :roomId',\r\n      ExpressionAttributeNames: {\r\n          '#roomId': 'room_id',\r\n      },\r\n      ExpressionAttributeValues: {\r\n          ':roomId': room_id,\r\n      }\r\n    };\r\n    connectionData = await ddb.scan(scanParam).promise();\r\n  } catch (e) {\r\n    return { statusCode: 500, body: e.stack };\r\n  }\r\n let url = (ENDPOINT === \"\") ? event.requestContext.domainName + '\/' + \r\n event.requestContext.stage : ENDPOINT + \"\/\"+ environment.toLowerCase();\r\nconsole.log(url);\r\nconst apigwManagementApi = new AWS.ApiGatewayManagementApi({\r\n    apiVersion: '2018-11-29',\r\n    endpoint: url\r\n  });\r\n \/\/ for each connection send a message through apigwManagementApi \r\n  const postCalls = connectionData.Items.map(async ({ connection_id }) =&gt; {\r\n try {\r\n      messageBody.data = postData;\r\n      await apigwManagementApi.postToConnection({ ConnectionId: connection_id, Data: JSON.stringify(messageBody)}).promise();\r\n      console.log(\"posted\");\r\n    } catch (e) {\r\n      console.error(e);\r\n      \/\/if the connection in a stale status, the connection will be closed, and the connection_id will be removed from the dynamoDB table\r\n      if (e.statusCode === 410) {\r\n        console.log(`Found stale connection, deleting ${connection_id}`);\r\n        var deleteParams = {\r\n            TableName: table,\r\n            Key: {\r\n              connection_id: { S: connection_id }\r\n          }\r\n        };\r\n        await ddb.deleteItem(deleteParams, function (err) {\r\n          callback(null, {\r\n            statusCode: err ? 500 : 200,\r\n            body: err ? \"Failed to disconnect: \" + JSON.stringify(err) : \" Disconnected.\"\r\n        }).promise();\r\n  });\r\n      } else {\r\n         return { statusCode: 500, body: e.stack };\r\n      }\r\n    }\r\n  });\r\ntry {\r\n    await Promise.all(postCalls);\r\n  } catch (e) {\r\n    return { statusCode: 500, body: e.stack };\r\n  }\r\neturn { statusCode: 200, body: 'Data sent.' };\r\n};<\/pre>\n<p>Now let&#8217;s add the environment variables:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-816 aligncenter\" src=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-19-at-08.48.05.png\" alt=\"\" width=\"939\" height=\"184\" srcset=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-19-at-08.48.05.png 939w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-19-at-08.48.05-400x78.png 400w, https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/Screenshot-2019-06-19-at-08.48.05-768x150.png 768w\" sizes=\"(max-width: 939px) 100vw, 939px\" \/><\/p>\n<p>In this Lambda function, the code is able to distinguish the calls coming from SQS by those from API Gateway; based on this information, the body of the message and information about the user are reconstructed. Using the <strong>room_id<\/strong> we obtain the <strong>user_id<\/strong> and <strong>connection_id<\/strong> from the DynamoDB connection table. Then we proceed to send the message to all the users found this way.<\/p>\n<p>If there is a connection problem with a user, the Lambda will delete the relevant line from the connection table.<\/p>\n<p>Once all these functions have been added, we verify that the names used to describe them are consistent with those indicated in <strong>$connect<\/strong>, <strong>$disconnect <\/strong>and <strong>sendMessage <\/strong>respectively. Once done, the architecture of our notification system is completed and we can test it directly by entering a message following this example:<\/p>\n<pre>sqs = Aws::SQS::Client.new(region: region)\r\npayload = JSON.generate(user_id: user_id, room_id: room_id, data: message)\r\nparams = {\r\n message_body: payload,\r\n queue_url: config.queue_url\r\n}\r\nsqs.send_message(params)<\/pre>\n<p>Referring to the Client instead, the following will be a good example:<\/p>\n<pre>function sendMessage(){ ws.send(JSON.stringify( {\u201caction\u201d: \u201csendMessage\u201d, \u201cdata\u201d : \u201cmessage\u201d } ); }<\/pre>\n<p>This concludes our tutorial on how to develop a notification system\u2019s microservice based on AWS services, complete with authentication via API Gateway, DynamoDB, SQS, and Lambda.<\/p>\n<p>One of the most interesting aspects of the solution is certainly its compactness &#8211; all the logic is implemented in just four rather simple Lambda functions &#8211; while maintaining a certain versatility.<\/p>\n<p>In the event that you want to manage the infrastructure lifecycle according to the Infrastructure-as-Code paradigm, for example through a SAM template, a viable expedient could be the creation of a Route53 ALIAS record to decouple the URL called by the client from that of API Gateway which, being generated programmatically, changes with each deployment.<\/p>\n<p>Want to learn more about this solution and how beSharp can help you develop Serverless and Cloud-native applications on AWS? <a href=\"https:\/\/www.besharp.it\/en\/contact-us\/\" target=\"_blank\" rel=\"noopener noreferrer\">Contact us!<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In recent years, the widespread diffusion of Cloud computing has led to a massive adoption of the &#8220;microservices&#8221; application development [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":788,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[478],"tags":[256,264,268],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.9.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Let\u2019s create a serverless notification system with Amazon API Gateway - Proud2beCloud Blog<\/title>\n<meta name=\"description\" content=\"How to develop a serverless notification system with authentication via Amazon API Gateway, DynamoDB, SQS, and Lambda.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"serverless notification system with Amazon API Gateway\" \/>\n<meta property=\"og:description\" content=\"How to develop a serverless notification system with authentication via Amazon API Gateway, DynamoDB, SQS, and Lambda.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/\" \/>\n<meta property=\"og:site_name\" content=\"Proud2beCloud Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-12T13:56:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-24T17:11:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/lambda-03.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1667\" \/>\n\t<meta property=\"og:image:height\" content=\"1250\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Alessandro Gaggia\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"serverless notification system with Amazon API Gateway\" \/>\n<meta name=\"twitter:description\" content=\"How to develop a serverless notification system with authentication via Amazon API Gateway, DynamoDB, SQS, and Lambda.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/lambda-03.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alessandro Gaggia\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/\",\"url\":\"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/\",\"name\":\"Let\u2019s create a serverless notification system with Amazon API Gateway - Proud2beCloud Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.besharp.it\/#website\"},\"datePublished\":\"2019-07-12T13:56:18+00:00\",\"dateModified\":\"2021-03-24T17:11:04+00:00\",\"author\":{\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/f27fc12d10867c6ea6e0158ce4dd8924\"},\"description\":\"How to develop a serverless notification system with authentication via Amazon API Gateway, DynamoDB, SQS, and Lambda.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.besharp.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Let\u2019s create a serverless notification system with Amazon API Gateway\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.besharp.it\/#website\",\"url\":\"https:\/\/blog.besharp.it\/\",\"name\":\"Proud2beCloud Blog\",\"description\":\"il blog di beSharp\",\"alternateName\":\"Proud2beCloud Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.besharp.it\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/f27fc12d10867c6ea6e0158ce4dd8924\",\"name\":\"Alessandro Gaggia\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f58dc28050f26409e22ab60346d06220?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f58dc28050f26409e22ab60346d06220?s=96&d=mm&r=g\",\"caption\":\"Alessandro Gaggia\"},\"description\":\"Head of software development di beSharp, Full-Stack developer, mi occupo di garantire lo stato dell\u2019arte di tutta la nostra codebase. Scrivo codice in quasi ogni linguaggio, ma prediligo Typescript. Respiro Informatica, Game design, Cinema, Fumetti e buona cucina. Disegno per passione!\",\"url\":\"https:\/\/blog.besharp.it\/author\/alessandro-gaggia\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Let\u2019s create a serverless notification system with Amazon API Gateway - Proud2beCloud Blog","description":"How to develop a serverless notification system with authentication via Amazon API Gateway, DynamoDB, SQS, and Lambda.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/","og_locale":"en_US","og_type":"article","og_title":"serverless notification system with Amazon API Gateway","og_description":"How to develop a serverless notification system with authentication via Amazon API Gateway, DynamoDB, SQS, and Lambda.","og_url":"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/","og_site_name":"Proud2beCloud Blog","article_published_time":"2019-07-12T13:56:18+00:00","article_modified_time":"2021-03-24T17:11:04+00:00","og_image":[{"width":1667,"height":1250,"url":"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/lambda-03.png","type":"image\/png"}],"author":"Alessandro Gaggia","twitter_card":"summary_large_image","twitter_title":"serverless notification system with Amazon API Gateway","twitter_description":"How to develop a serverless notification system with authentication via Amazon API Gateway, DynamoDB, SQS, and Lambda.","twitter_image":"https:\/\/blog.besharp.it\/wp-content\/uploads\/2019\/07\/lambda-03.png","twitter_misc":{"Written by":"Alessandro Gaggia","Est. reading time":"16 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/","url":"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/","name":"Let\u2019s create a serverless notification system with Amazon API Gateway - Proud2beCloud Blog","isPartOf":{"@id":"https:\/\/blog.besharp.it\/#website"},"datePublished":"2019-07-12T13:56:18+00:00","dateModified":"2021-03-24T17:11:04+00:00","author":{"@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/f27fc12d10867c6ea6e0158ce4dd8924"},"description":"How to develop a serverless notification system with authentication via Amazon API Gateway, DynamoDB, SQS, and Lambda.","breadcrumb":{"@id":"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.besharp.it\/lets-create-a-serverless-notification-system-with-amazon-api-gateway\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.besharp.it\/"},{"@type":"ListItem","position":2,"name":"Let\u2019s create a serverless notification system with Amazon API Gateway"}]},{"@type":"WebSite","@id":"https:\/\/blog.besharp.it\/#website","url":"https:\/\/blog.besharp.it\/","name":"Proud2beCloud Blog","description":"il blog di beSharp","alternateName":"Proud2beCloud Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.besharp.it\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/f27fc12d10867c6ea6e0158ce4dd8924","name":"Alessandro Gaggia","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f58dc28050f26409e22ab60346d06220?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f58dc28050f26409e22ab60346d06220?s=96&d=mm&r=g","caption":"Alessandro Gaggia"},"description":"Head of software development di beSharp, Full-Stack developer, mi occupo di garantire lo stato dell\u2019arte di tutta la nostra codebase. Scrivo codice in quasi ogni linguaggio, ma prediligo Typescript. Respiro Informatica, Game design, Cinema, Fumetti e buona cucina. Disegno per passione!","url":"https:\/\/blog.besharp.it\/author\/alessandro-gaggia\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts\/875"}],"collection":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/comments?post=875"}],"version-history":[{"count":0,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts\/875\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/media\/788"}],"wp:attachment":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/media?parent=875"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/categories?post=875"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/tags?post=875"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}