swift-server/swift-openapi-lambda
1
0
Fork 0
mirror of https://github.com/swift-server/swift-openapi-lambda.git synced 2026-05-03 07:22:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
swift-openapi-lambda/Examples/quoteapi-apigtw/template.yml
T
Sébastien Stormacq 97b2e6d017 Add support for Lambda functions exposed behind an Application Load Balancer (ALB) (#29) 
This PR adds support for exposing Swift OpenAPI Lambda functions behind
an Application Load Balancer (ALB), providing an alternative to API
Gateway for HTTP routing to Lambda functions.

## Changes

### New ALB Support
- **OpenAPILambdaALB Protocol**: New protocol for ALB integration
alongside existing API Gateway support
- **ALB Event Handling**: Added `ALBTargetGroupRequest` and
`ALBTargetGroupResponse` support
- **HTTP Request Conversion**: Extension methods to convert ALB events
to/from HTTP requests/responses

### Core Library Updates
- **ALB-related source files**: New `/Sources/ALB/` directory with
ALB-specific implementations
- **Event Type Support**: Support for `ALBTargetGroupRequest` events
from Elastic Load Balancing
- **Response Mapping**: Proper mapping from OpenAPI responses to ALB
target group responses

### Complete ALB Example
- **QuoteAPI ALB Example**: Full working example in
`Examples/quoteapi-alb/`
- **Infrastructure as Code**: Complete SAM template with VPC, subnets,
security groups, and ALB
- **Build System**: Makefile and Docker build support for ALB deployment
- **Documentation**: Comprehensive README with ALB-specific deployment
instructions

### Key Files Added
```
Sources/ALB/
├── OpenAPILambdaALB.swift
└── ALBTargetGroup+HTTPRequest.swift

Examples/quoteapi-alb/
├── Package.swift
├── template.yaml
├── Makefile
├── README.md
├── Sources/QuoteAPI/QuoteService.swift
├── Sources/QuoteAPI/openapi.yaml
├── Sources/QuoteAPI/openapi-generator-config.yaml
└── events/GetQuote.json
```

## Usage

### Simple ALB Integration
```swift
@main
struct QuoteServiceALBImpl: APIProtocol, OpenAPILambdaALB {
    func register(transport: OpenAPILambdaTransport) throws {
        try self.registerHandlers(on: transport)
    }
    
    static func main() async throws {
        let service = QuoteServiceALBImpl()
        try await service.run()
    }
    
    // Your OpenAPI implementation...
}
```

### Key Differences from API Gateway
- Uses `OpenAPILambdaALB` instead of `OpenAPILambdaHttpApi`
- Handles `ALBTargetGroupRequest` events instead of
`APIGatewayV2Request`
- Returns `ALBTargetGroupResponse` instead of `APIGatewayV2Response`
- Requires VPC infrastructure (included in SAM template)
- No built-in authorization (implement via custom middleware if needed)

## Benefits

- **Cost Optimization**: ALB can be more cost-effective for high-traffic
applications
- **VPC Integration**: Native VPC support for private network access
- **Load Balancing**: Advanced load balancing features and health checks
- **WebSocket Support**: Future WebSocket support through ALB
- **Flexibility**: Choice between API Gateway and ALB based on use case

## Testing

-  ALB example builds successfully with `sam build`
-  Local testing with `sam local invoke`
-  Complete infrastructure deployment via SAM
-  HTTP requests properly routed through ALB to Lambda
-  OpenAPI specification compatibility maintained

## Deployment

Deploy the ALB example:
```bash
cd Examples/quoteapi-alb
sam build && sam deploy --guided
```

Test the deployed endpoint:
```bash
curl http://[alb-dns-name]/stocks/AAPL
```

## Backward Compatibility

This is a purely additive change:
- Existing API Gateway implementations continue to work unchanged
- No breaking changes to existing APIs
- New ALB support is opt-in via protocol conformance
2025-10-26 09:10:09 +01:00

98 lines
3.6 KiB
YAML
Raw Permalink Blame History

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: SAM Template for QuoteService
# This is an example SAM template for the purpose of this project.
# When deploying such infrastructure in production environment,
# we strongly encourage you to follow these best practices for improved security and resiliency
# - Enable access loggin on API Gateway
# See: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html)
# - Ensure that AWS Lambda function is configured for function-level concurrent execution limit
# See: https://docs.aws.amazon.com/lambda/latest/dg/lambda-concurrency.html
# https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html
# - Check encryption settings for Lambda environment variable
# See: https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars-encryption.html
# - Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)
# See: https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-dlq
# - Ensure that AWS Lambda function is configured inside a VPC when it needs to access private resources
# See: https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html
# Code Example: https://github.com/awslabs/swift-aws-lambda-runtime/tree/main/Examples/ServiceLifecycle%2BPostgres
Globals:
Function:
Timeout: 60
CodeUri: .
Handler: swift.bootstrap
Runtime: provided.al2
MemorySize: 128
Architectures:
- arm64
Resources:
# QuoteService Lambda function
QuoteService:
Type: AWS::Serverless::Function
Properties:
Environment:
Variables:
# by default, AWS Lambda runtime produces no log
# use `LOG_LEVEL: debug` for for lifecycle and event handling information
# use `LOG_LEVEL: trace` for detailed input event information
LOG_LEVEL: trace
Events:
# pass through all HTTP verbs and paths
Api:
Type: HttpApi
Properties:
ApiId: !Ref MyProtectedApi
Path: /{proxy+}
Method: ANY
Metadata:
BuildMethod: makefile
# Lambda authorizer function
LambdaAuthorizer:
Type: AWS::Serverless::Function
Properties:
Timeout: 29 # max 29 seconds for Lambda authorizers
Environment:
Variables:
# by default, AWS Lambda runtime produces no log
# use `LOG_LEVEL: debug` for for lifecycle and event handling information
# use `LOG_LEVEL: trace` for detailed input event information
LOG_LEVEL: trace
Metadata:
BuildMethod: makefile
# The API Gateway
MyProtectedApi:
Type: AWS::Serverless::HttpApi
Properties:
Auth:
DefaultAuthorizer: MyLambdaAuthorizer
Authorizers:
MyLambdaAuthorizer:
FunctionArn: !GetAtt LambdaAuthorizer.Arn
Identity:
Headers:
- Authorization
AuthorizerPayloadFormatVersion: "2.0"
EnableSimpleResponses: true
# Give the API Gateway permissions to invoke the Lambda authorizer
AuthorizerPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref LambdaAuthorizer
Principal: apigateway.amazonaws.com
SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${MyProtectedApi}/*
# print API endpoint
Outputs:
SwiftAPIEndpoint:
Description: "API Gateway endpoint URL for your application"
Value: !Sub "https://${MyProtectedApi}.execute-api.${AWS::Region}.amazonaws.com"
Reference in New Issue View Git Blame Copy Permalink