mirror of
https://github.com/swift-server/swift-openapi-lambda.git
synced 2026-05-03 07:22:26 +00:00
Sébastien Stormacq
97b2e6d017
This PR adds support for exposing Swift OpenAPI Lambda functions behind
an Application Load Balancer (ALB), providing an alternative to API
Gateway for HTTP routing to Lambda functions.
## Changes
### New ALB Support
- **OpenAPILambdaALB Protocol**: New protocol for ALB integration
alongside existing API Gateway support
- **ALB Event Handling**: Added `ALBTargetGroupRequest` and
`ALBTargetGroupResponse` support
- **HTTP Request Conversion**: Extension methods to convert ALB events
to/from HTTP requests/responses
### Core Library Updates
- **ALB-related source files**: New `/Sources/ALB/` directory with
ALB-specific implementations
- **Event Type Support**: Support for `ALBTargetGroupRequest` events
from Elastic Load Balancing
- **Response Mapping**: Proper mapping from OpenAPI responses to ALB
target group responses
### Complete ALB Example
- **QuoteAPI ALB Example**: Full working example in
`Examples/quoteapi-alb/`
- **Infrastructure as Code**: Complete SAM template with VPC, subnets,
security groups, and ALB
- **Build System**: Makefile and Docker build support for ALB deployment
- **Documentation**: Comprehensive README with ALB-specific deployment
instructions
### Key Files Added
```
Sources/ALB/
├── OpenAPILambdaALB.swift
└── ALBTargetGroup+HTTPRequest.swift
Examples/quoteapi-alb/
├── Package.swift
├── template.yaml
├── Makefile
├── README.md
├── Sources/QuoteAPI/QuoteService.swift
├── Sources/QuoteAPI/openapi.yaml
├── Sources/QuoteAPI/openapi-generator-config.yaml
└── events/GetQuote.json
```
## Usage
### Simple ALB Integration
```swift
@main
struct QuoteServiceALBImpl: APIProtocol, OpenAPILambdaALB {
func register(transport: OpenAPILambdaTransport) throws {
try self.registerHandlers(on: transport)
}
static func main() async throws {
let service = QuoteServiceALBImpl()
try await service.run()
}
// Your OpenAPI implementation...
}
```
### Key Differences from API Gateway
- Uses `OpenAPILambdaALB` instead of `OpenAPILambdaHttpApi`
- Handles `ALBTargetGroupRequest` events instead of
`APIGatewayV2Request`
- Returns `ALBTargetGroupResponse` instead of `APIGatewayV2Response`
- Requires VPC infrastructure (included in SAM template)
- No built-in authorization (implement via custom middleware if needed)
## Benefits
- **Cost Optimization**: ALB can be more cost-effective for high-traffic
applications
- **VPC Integration**: Native VPC support for private network access
- **Load Balancing**: Advanced load balancing features and health checks
- **WebSocket Support**: Future WebSocket support through ALB
- **Flexibility**: Choice between API Gateway and ALB based on use case
## Testing
- ✅ ALB example builds successfully with `sam build`
- ✅ Local testing with `sam local invoke`
- ✅ Complete infrastructure deployment via SAM
- ✅ HTTP requests properly routed through ALB to Lambda
- ✅ OpenAPI specification compatibility maintained
## Deployment
Deploy the ALB example:
```bash
cd Examples/quoteapi-alb
sam build && sam deploy --guided
```
Test the deployed endpoint:
```bash
curl http://[alb-dns-name]/stocks/AAPL
```
## Backward Compatibility
This is a purely additive change:
- Existing API Gateway implementations continue to work unchanged
- No breaking changes to existing APIs
- New ALB support is opt-in via protocol conformance
149 lines
4.4 KiB
YAML
149 lines
4.4 KiB
YAML
# This is an example SAM template for the purpose of this project.
|
|
# When deploying such infrastructure in production environment,
|
|
# we strongly encourage you to follow these best practices for improved security and resiliency
|
|
# - Enable access loggin on API Gateway
|
|
# See: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html)
|
|
# - Ensure that AWS Lambda function is configured for function-level concurrent execution limit
|
|
# See: https://docs.aws.amazon.com/lambda/latest/dg/lambda-concurrency.html
|
|
# https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html
|
|
# - Check encryption settings for Lambda environment variable
|
|
# See: https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars-encryption.html
|
|
# - Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)
|
|
# See: https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-dlq
|
|
# - Ensure that AWS Lambda function is configured inside a VPC when it needs to access private resources
|
|
# See: https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html
|
|
# Code Example: https://github.com/awslabs/swift-aws-lambda-runtime/tree/main/Examples/ServiceLifecycle%2BPostgres
|
|
|
|
AWSTemplateFormatVersion: '2010-09-09'
|
|
Transform: AWS::Serverless-2016-10-31
|
|
Description: QuoteAPI ALB Example
|
|
|
|
Resources:
|
|
QuoteServiceALB:
|
|
Type: AWS::Serverless::Function
|
|
Properties:
|
|
CodeUri: .
|
|
Handler: bootstrap
|
|
Runtime: provided.al2023
|
|
Architectures:
|
|
- arm64
|
|
MemorySize: 128
|
|
Timeout: 30
|
|
Environment:
|
|
Variables:
|
|
LOG_LEVEL: trace
|
|
Metadata:
|
|
BuildMethod: makefile
|
|
|
|
# Lambda permission for ALB
|
|
ALBLambdaInvokePermission:
|
|
Type: AWS::Lambda::Permission
|
|
Properties:
|
|
FunctionName: !GetAtt QuoteServiceALB.Arn
|
|
Action: lambda:InvokeFunction
|
|
Principal: elasticloadbalancing.amazonaws.com
|
|
|
|
# Target Group for Lambda
|
|
ALBTargetGroup:
|
|
Type: AWS::ElasticLoadBalancingV2::TargetGroup
|
|
DependsOn: ALBLambdaInvokePermission
|
|
Properties:
|
|
TargetType: lambda
|
|
Targets:
|
|
- Id: !GetAtt QuoteServiceALB.Arn
|
|
|
|
# Application Load Balancer
|
|
ApplicationLoadBalancer:
|
|
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
|
|
Properties:
|
|
Scheme: internet-facing
|
|
Subnets:
|
|
- !Ref PublicSubnet1
|
|
- !Ref PublicSubnet2
|
|
SecurityGroups:
|
|
- !Ref ALBSecurityGroup
|
|
|
|
# HTTP Listener (HTTPS requires valid domain certificate)
|
|
ALBListener:
|
|
Type: AWS::ElasticLoadBalancingV2::Listener
|
|
Properties:
|
|
LoadBalancerArn: !Ref ApplicationLoadBalancer
|
|
Port: 80
|
|
Protocol: HTTP
|
|
DefaultActions:
|
|
- Type: forward
|
|
TargetGroupArn: !Ref ALBTargetGroup
|
|
|
|
# VPC for ALB
|
|
VPC:
|
|
Type: AWS::EC2::VPC
|
|
Properties:
|
|
CidrBlock: 10.0.0.0/16
|
|
EnableDnsHostnames: true
|
|
EnableDnsSupport: true
|
|
|
|
PublicSubnet1:
|
|
Type: AWS::EC2::Subnet
|
|
Properties:
|
|
VpcId: !Ref VPC
|
|
CidrBlock: 10.0.1.0/24
|
|
AvailabilityZone: !Select [0, !GetAZs '']
|
|
MapPublicIpOnLaunch: true
|
|
|
|
PublicSubnet2:
|
|
Type: AWS::EC2::Subnet
|
|
Properties:
|
|
VpcId: !Ref VPC
|
|
CidrBlock: 10.0.2.0/24
|
|
AvailabilityZone: !Select [1, !GetAZs '']
|
|
MapPublicIpOnLaunch: true
|
|
|
|
InternetGateway:
|
|
Type: AWS::EC2::InternetGateway
|
|
|
|
AttachGateway:
|
|
Type: AWS::EC2::VPCGatewayAttachment
|
|
Properties:
|
|
VpcId: !Ref VPC
|
|
InternetGatewayId: !Ref InternetGateway
|
|
|
|
RouteTable:
|
|
Type: AWS::EC2::RouteTable
|
|
Properties:
|
|
VpcId: !Ref VPC
|
|
|
|
Route:
|
|
Type: AWS::EC2::Route
|
|
DependsOn: AttachGateway
|
|
Properties:
|
|
RouteTableId: !Ref RouteTable
|
|
DestinationCidrBlock: 0.0.0.0/0
|
|
GatewayId: !Ref InternetGateway
|
|
|
|
SubnetRouteTableAssociation1:
|
|
Type: AWS::EC2::SubnetRouteTableAssociation
|
|
Properties:
|
|
SubnetId: !Ref PublicSubnet1
|
|
RouteTableId: !Ref RouteTable
|
|
|
|
SubnetRouteTableAssociation2:
|
|
Type: AWS::EC2::SubnetRouteTableAssociation
|
|
Properties:
|
|
SubnetId: !Ref PublicSubnet2
|
|
RouteTableId: !Ref RouteTable
|
|
|
|
ALBSecurityGroup:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: Security group for ALB
|
|
VpcId: !Ref VPC
|
|
SecurityGroupIngress:
|
|
- IpProtocol: tcp
|
|
FromPort: 80
|
|
ToPort: 80
|
|
CidrIp: 0.0.0.0/0
|
|
|
|
Outputs:
|
|
ALBUrl:
|
|
Description: Application Load Balancer URL
|
|
Value: !Sub "http://${ApplicationLoadBalancer.DNSName}/stocks/AAPL" |