Securely Hosting a Lambda Application With a Microservice Architecture and MongoDB Atlas
BS
AS
Babu Srinivasan, Igor Alekseev, Ashwin S.4 min read • Published Sep 19, 2024 • Updated Sep 19, 2024
Rate this tutorial
In this tutorial, you'll discover how to securely host a Lambda application designed with a microservice architecture, utilizing AWS Lambda, Amazon API Gateway, and MongoDB Atlas. AWS Lambda is pivotal for enterprises, offering standardized serverless deployment, enhanced security, and streamlined management, which collectively lead to consistent performance and simplified operations.
This guide not only details the process of setting up and deploying a MongoDB Atlas-based application with a microservice and API pattern but also provides a robust framework applicable to any such deployment. By leveraging AWS CDK for automated deployment, you ensure a scalable, efficient, and secure solution that meets enterprise needs and accelerates your deployment process across various environments.
To follow along with this tutorial, you should have intermediate proficiency with AWS and MongoDB services.
The architecture described here includes the following components:
- AWS Serverless Application Repository: Public Repository for AWS Lambda application
- AWS Lambda: Hosts the microservices logic
- Amazon API Gateway: Exposes the Lambda functions as RESTful APIs
- MongoDB Atlas: Stores the application data securely
This tutorial assumes
us-east-1 as the default region. Please update the scripts to your specific region. if required.Before proceeding, ensure you have the following prerequisites installed:
- AWS account with IAM creation role
- AWS CLI: Install AWS CLI
- IAM user for AWS CLI with access keys and secret keys
- SAM CLI: Install SAM CLI
- Docker: Install Docker
- Python 3.10: Install Python 3.10
Clone the application repository.
1 git clone https://github.com/mongodb-partners/Microservice-api-lambda-MongoDBAtlas 2 cd Microservice-api-lambda-MongoDBAtlas
Configure AWS CLI.
1 aws configure
Enter your AWS Access Key ID, Secret Access Key, and preferred region.
Set up the Python virtual environment.
1 python3 -m venv .venv 2 source .venv/bin/activate 3 pip3 install -r lambda/python-crud-lambda/requirements.txt
To build the project locally, execute the following command:
1 sam build
This command will locally build the project, and output files will be saved in the .aws-sam folder.
Use an existing connection string: Ensure you have the complete MongoDB SRV connection string with your username and password included. Ensure that Lambda can access your cluster. For testing purposes, you can use
0.0.0.0/0 in your network IP access list. In production, consider setting up a VPC peering connection between your AWS VPC and the Atlas VPC. This will restrict public access and only accept connections from your VPC. Learn more about VPC peering in the MongoDB Atlas documentation.Execute the following command to deploy the application:
bash
1 sam deploy --guided
Follow the guided deploy instructions:
- Stack Name: Enter a name for your stack.
- AWS Region: Enter your preferred region.
- Parameter ConnectionString: Enter your MongoDB connection string.
- Parameter DBName: Enter the name of your MongoDB database.
- Parameter CollectionName: Enter the name of your MongoDB collection.
Sample values for deployment
1 Setting default arguments for 'sam deploy' 2 ========================================= 3 Stack Name [sam-app]: sam-app-api-mdb 4 AWS Region [us-east-1]: 5 Parameter ConnectionString []: mongodb+srv://test1:test1@demo.mongodb.net/?retryWrites=true&w=majority 6 Parameter DBName [test]: sam-app-api-mdb 7 Parameter CollectionName [test]: microservice-lambda-app 8 #Shows you resources changes to be deployed and require a 'Y' to initiate deploy 9 Confirm changes before deploy [y/N]: y 10 #SAM needs permission to be able to create roles to connect to the resources in your template 11 Allow SAM CLI IAM role creation [Y/n]: y 12 #Preserves the state of previously provisioned resources when an operation fails 13 Disable rollback [y/N]: y 14 CRUDLambda has no authentication. Is this okay? [y/N]: y 15 Save arguments to configuration file [Y/n]: y 16 SAM configuration file [samconfig.toml]: 17 SAM configuration environment [default]:
Wait for the CloudFormation stack to finish creating the stack. After deployment, you will receive the API Gateway link in the outputs.
Create an S3 public bucket to store the Lambda code and restrict the access through bucket policy.
1 aws s3api create-bucket --bucket aws-sam-cli-mongodb-app1 --region us-east-1 2 3 aws s3api put-bucket-policy --bucket my-unique-bucket-name --policy '{ 4 "Version": "2012-10-17", 5 "Statement": [ 6 { 7 "Effect": "Allow", 8 "Principal": { 9 "Service": "serverlessrepo.amazonaws.com" 10 }, 11 "Action": "s3:GetObject", 12 "Resource": "arn:aws:s3:::aws-sam-cli-mongodb-app1/*", 13 "Condition" : { 14 "StringEquals": { 15 "aws:SourceAccount": "<aws account id >" 16 } 17 }
Package the serverless application model (SAM) deployed application to the S3 bucket created in the previous steps of SAM build.
1 sam package --template-file template.yaml --output-template-file packaged.yaml --s3-bucket aws-sam-cli-mongodb-app1
To publish your application as a serverless application model package, execute the following command:
bash
1 sam publish --template packaged.yml --region us-east-1
Follow the instructions to publish your application. By default, your application will be published as a private app. After publication, you can convert it to a public app if needed. For detailed guidance, refer to the SAM documentation on publishing an application.
Use the API Gateway link received in the deployment outputs to test the APIs. You can use Postman or any other request-making tool.
- Postman collection: Import the Postman collection
postman/Python-Microservice.postman_collection.jsoninto Postman to test the API.
Use the following command to clean up all the AWS resources created during deployment:
1 sam delete
Refer to the GitHub repository to resolve common issues encountered when using AWS SAM with MongoDB Atlas.
sam build: Builds the project locallysam deploy --guided: Deploys the application with guided promptssam publish --template packaged.yaml: Publishes the application as a SAM packagesam delete: Deletes the deployed application
By following these steps, you can set up a private hosting environment for your microservices-based Lambda application using AWS services and MongoDB Atlas. This setup ensures a secure, scalable, and cost-effective solution for hosting serverless microservices applications.
Top Comments in Forums
There are no comments on this article yet.