Paul Toffoloni
0777c80172
Add `S3EventNotifier` example ### Motivation: There is currently no example regarding an AWS event triggered lambda, such as a lambda that gets invoked on an S3 object upload. I've had to look for a while to figure out that the `AWSLambdaEvents` exists and that it can be used for that (had to find out via a Java example! 😜) so I think this could be useful and a somewhat common use case ### Modifications: Added an example of a lambda that gets triggered when an object gets uploaded to an S3 bucket. I have not described how to set up the actual S3 event in AWS because I figured if you needed such a lambda you'd know, but I can describe that too in the README if needed --------- Co-authored-by: Sébastien Stormacq <sebastien.stormacq@gmail.com>
5.9 KiB
This directory contains example code for Lambda functions.
Pre-requisites
-
Ensure you have the Swift 6.x toolchain installed. You can install Swift toolchains from Swift.org
-
When developing on macOS, be sure you use macOS 15 (Sequoia) or a more recent macOS version.
-
To build and archive your Lambda functions, you need to install docker.
-
To deploy your Lambda functions and invoke them, you must have an AWS account and install and configure the
awscommand line. -
Some examples are using AWS SAM. Install the SAM CLI before deploying these examples.
-
Some examples are using the AWS CDK. Install the CDK CLI before deploying these examples.
Examples
-
API Gateway: an HTTPS REST API with Amazon API Gateway and a Lambda function as backend (requires AWS SAM).
-
API Gateway with Lambda Authorizer: an HTTPS REST API with Amazon API Gateway protected by a Lambda authorizer (requires AWS SAM).
-
BackgroundTasks: a Lambda function that continues to run background tasks after having sent the response (requires AWS CLI).
-
CDK: a simple example of an AWS Lambda function invoked through an Amazon API Gateway and deployed with the Cloud Development Kit (CDK).
-
HelloJSON: a Lambda function that accepts JSON as an input parameter and responds with a JSON output (requires AWS CLI).
-
HelloWorld: a simple Lambda function (requires AWS CLI).
-
S3EventNotifier: a Lambda function that receives object-upload notifications from an Amazon S3 bucket.
-
S3_AWSSDK: a Lambda function that uses the AWS SDK for Swift to invoke an Amazon S3 API (requires AWS SAM).
-
S3_Soto: a Lambda function that uses Soto to invoke an Amazon S3 API (requires AWS SAM).
-
[Streaming]: create a Lambda function exposed as an URL. The Lambda function streams its response over time. (requires AWS SAM).
-
Testing: a test suite for Lambda functions.
AWS Credentials and Signature
This section is a short tutorial on the AWS Signature protocol and the AWS credentials.
What is AWS SigV4?
AWS SigV4, short for "Signature Version 4," is a protocol AWS uses to authenticate and secure requests. When you, as a developer, send a request to an AWS service, AWS SigV4 makes sure the request is verified and hasn’t been tampered with. This is done through a digital signature, which is created by combining your request details with your secret AWS credentials. This signature tells AWS that the request is genuine and is coming from a user who has the right permissions.
How to Obtain AWS Access Keys and Session Tokens
To start making authenticated requests with AWS SigV4, you’ll need three main pieces of information:
-
Access Key ID: This is a unique identifier for your AWS account, IAM (Identity and Access Management) user, or federated user.
-
Secret Access Key: This is a secret code that only you and AWS know. It works together with your access key ID to sign requests.
-
Session Token (Optional): If you're using temporary security credentials, AWS will also provide a session token. This is usually required if you're using temporary access (e.g., through AWS STS, which provides short-lived, temporary credentials, or for federated users).
To obtain these keys, you need an AWS account:
-
Sign up or Log in to AWS Console: Go to the AWS Management Console, log in, or create an AWS account if you don’t have one.
-
Create IAM User: In the console, go to IAM (Identity and Access Management) and create a new user. Ensure you set permissions that match what the user will need for your application (e.g., permissions to access specific AWS services, such as AWS Lambda).
-
Generate Access Key and Secret Access Key: In the IAM user credentials section, find the option to generate an "Access Key" and "Secret Access Key." Save these securely! You’ll need them to authenticate your requests.
-
(Optional) Generate Temporary Security Credentials: If you’re using temporary credentials (which are more secure for short-term access), use AWS Security Token Service (STS). You can call the
GetSessionTokenorAssumeRoleAPI to generate temporary credentials, including a session token.
With these in hand, you can use AWS SigV4 to securely sign your requests and interact with AWS services from your Swift app.