Prepared exclusively for Sandi Frank Prepared exclusively for Sandi Frank Early Praise for Serverless Single Page Apps The software industry is the ultimate meritocracy—millions of developers individ- ually deciding which technologies and trends lead to better, more testable code; simpler solutions; more reliable outcomes; and less burdensome maintenance. Ben is one of the visionaries who has looked forward, seen the future in the form of serverless designs, and then come back to teach the rest of us how to build the next generation of applications. Like having a software coach by your side, his book makes serverless design patterns easy to understand and leads you naturally into following best practices for deploying and testing. ➤ Tim Wagner @timallenwagner Serverless Single Page Apps is a comprehensive, approachable guide for developers of all backgrounds. Whether or not you use AWS, you will find the lessons on ev- erything from security and identity to data access indispensable. ➤ Will Gaul Ben walks through just the right mix of JavaScript to build client-side logic, Cognito for authentication and authorization, and Lambda for more sensitive features that can’t be trusted to browsers. JavaScript developers will find new ways to do typically server-side functions and will finish the book with a working serverless app that costs next to nothing to run. ➤ Ryan Scott Brown Author at serverlesscode.com and Serverless Framework contributor Prepared exclusively for Sandi Frank Your dream app will no longer be on the application server, inside of a big com- puter stored in your company’s closet. It is on the cloud—secure, and managed by a fleet of services with excellent uptime. Let this book start your new develop- ment journey. ➤ Daniel Hinojosa Author of Testing in Scala This book is a great introduction to the bleeding-edge concept of building a serverless web application. It will take you from having zero knowledge to deploying serverless applications. ➤ Jake McCrary Lead software developer, Outpace Systems I read a lot of technical books. This one is the best I’ve read this year, and one of the best of all time. Ben Rady has an authorial voice that is both relaxed and as- suring. I never get the sense that he’s bragging about his knowledge or needlessly padding his material. He switches fluently between “here’s what we’re doing” and “here’s why we’re doing it” without relying too heavily on one approach over the other. His opinions and his technical choices are well founded and sound. Read this book. ➤ David Rupp RuppWorks LLC Prepared exclusively for Sandi Frank Serverless Single Page Apps Fast, Scalable, and Available Ben Rady The Pragmatic Bookshelf Raleigh, North Carolina Prepared exclusively for Sandi Frank Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and The Pragmatic Programmers, LLC was aware of a trademark claim, the designations have been printed in initial capital letters or in all capitals. The Pragmatic Starter Kit, The Pragmatic Programmer, Pragmatic Programming, Pragmatic Bookshelf, PragProg and the linking g device are trade- marks of The Pragmatic Programmers, LLC. Every precaution was taken in the preparation of this book. However, the publisher assumes no responsibility for errors or omissions, or for damages that may result from the use of information (including program listings) contained herein. Our Pragmatic books, screencasts, and audio books can help you and your team create better software and have more fun. Visit us at https://pragprog.com. The team that produced this book includes: Jacquelyn Carter (editor) Potomac Indexing, LLC (index) Nicole Abramowitz, Liz Welch (copyedit) Gilson Graphics (layout) Janet Furlow (producer) For sales, volume licensing, and support, please contact [email protected]. For international rights, please contact [email protected]. Copyright © 2016 The Pragmatic Programmers, LLC. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior consent of the publisher. Printed in the United States of America. ISBN-13: 978-1-68050-149-0 Encoded using the finest acid-free high-entropy binary digits. Book version: P1.0—June 2016 Prepared exclusively for Sandi Frank To my wife Jenny, who gives me strength; My daughter Katherine, for her kindness; And my son Will, who’ll save the world Prepared exclusively for Sandi Frank Prepared exclusively for Sandi Frank Contents Acknowledgments . . . . . . . . . . . ix Introduction . . . . . . . . . . . . . xi 1. Starting Simple . . . . . . . . . . . . 1 Serverless Web Applications 2 Using Your Workspace 8 Deploying to Amazon S3 14 First Deployment 20 2. Routing Views with Hash Events . . . . . . . . 21 Designing a Testable Router 22 The Router Function 27 Adding Routes 31 Adding View Parameters 33 Loading the Application 37 Deploy Again 42 3. Essentials of Single Page Apps . . . . . . . . 45 Creating a View 45 Defining the Data Model 49 Handling User Input 55 Creating an Application Shell 62 Using Custom Events 66 Deploy Again 69 4. Identity as a Service with Amazon Cognito . . . . . 71 Connecting to External Identity Providers 72 Creating an Identity Pool 76 Fetching a Google Identity 80 Requesting AWS Credentials 82 Prepared exclusively for Sandi Frank Contents • viii Creating a Profile View 88 Deploy Again 90 5. Storing Data in DynamoDB . . . . . . . . . 93 Working with DynamoDB 93 Creating a Table 98 Authorizing DynamoDB Access 103 Saving Documents 104 Fetching Documents 108 Data Access and Validation 109 Deploy Again 112 6. Building (Micro)Services with Lambda . . . . . . 113 Understanding Amazon Lambda 114 Deploy First 118 Writing Lambda Functions 125 Invoking Lambda Functions 131 Using the Amazon API Gateway 132 Deploy Again 134 7. Serverless Security . . . . . . . . . . . 137 Securing Your AWS Account 137 Query Injection Attacks 140 Cross-Site Scripting Attacks 141 Cross-Site Request Forgery 144 Wire Attacks and Transport Layer Security 146 Denial-of-Service Attacks 149 Deploy Again 151 8. Scaling Up . . . . . . . . . . . . . 153 Monitor Web Services 153 Analyze S3 Web Traffic 157 Optimize for Growth 165 Costs of the Cloud 169 Deploy Again (and Again, and Again...) 174 A1. Installing Node.js . . . . . . . . . . . 177 A2. Assigning a Domain Name . . . . . . . . . 179 Bibliography . . . . . . . . . . . . 181 Index . . . . . . . . . . . . . . 183 Prepared exclusively for Sandi Frank
Description: