Serverless Single Page Apps Fast, Scalable, and Available by Ben Rady Version: P1.0 (June 2016) Copyright © 2016 The Pragmatic Programmers, LLC. This book is licensed to the individual who purchased it. We don't copy-protect it because that would limit your ability to use it for your own purposes. Please don't break this trust—you can use this across all of your devices but please do not share this copy with other members of your team, with friends, or via file sharing services. Thanks. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and The Pragmatic Programmers, LLC was aware of a trademark claim, the designations have been printed in initial capital letters or in all capitals. The Pragmatic Starter Kit, The Pragmatic Programmer, Pragmatic Programming, Pragmatic Bookshelf and the linking g device are trademarks of The Pragmatic Programmers, LLC. Every precaution was taken in the preparation of this book. However, the publisher assumes no responsibility for errors or omissions, or for damages that may result from the use of information (including program listings) contained herein. About the Pragmatic Bookshelf The Pragmatic Bookshelf is an agile publishing company. We’re here because we want to improve the lives of developers. We do this by creating timely, practical titles, written by programmers for programmers. Our Pragmatic courses, workshops, and other products can help you and your team create better software and have more fun. For more information, as well as the latest Pragmatic titles, please visit us at http://pragprog.com. Our ebooks do not contain any Digital Restrictions Management, and have always been DRM-free. We pioneered the beta book concept, where you can purchase and read a book while it’s still being written, and provide feedback to the author to help make a better book for everyone. Free resources for all purchasers include source code downloads (if applicable), errata and discussion forums, all available on the book's home page at pragprog.com. We’re here to make your life easier. New Book Announcements Want to keep up on our latest titles and announcements, and occasional special offers? Just create an account on pragprog.com (an email address and a password is all it takes) and select the checkbox to receive newsletters. You can also follow us on twitter as @pragprog. About Ebook Formats If you buy directly from pragprog.com, you get ebooks in all available formats for one price. You can synch your ebooks amongst all your devices (including iPhone/iPad, Android, laptops, etc.) via Dropbox. You get free updates for the life of the edition. And, of course, you can always come back and re-download your books when needed. Ebooks bought from the Amazon Kindle store are subject to Amazon's polices. Limitations in Amazon's file format may cause ebooks to display differently on different devices. For more information, please see our FAQ at pragprog.com/frequently-asked- questions/ebooks. To learn more about this book and access the free resources, go to https://pragprog.com/book/brapps, the book's homepage. Thanks for your continued support, Dave Thomas and Andy Hunt The Pragmatic Programmers The team that produced this book includes: Jacquelyn Carter (editor), Potomac Indexing, LLC (indexer), Nicole Abramowitz, Liz Welch (copyeditor), Gilson Graphics (layout), Janet Furlow (producer) For customer support, please contact [email protected]. For international rights, please contact [email protected]. To my wife Jenny, who gives me strength; My daughter Katherine, for her kindness; And my son Will, who’ll save the world Table of Contents Acknowledgments Introduction Guiding Principles How to Read This Book Online Resources 1. Starting Simple Serverless Web Applications Using Your Workspace Deploying to Amazon S3 First Deployment 2. Routing Views with Hash Events Designing a Testable Router The Router Function Adding Routes Adding View Parameters Loading the Application Deploy Again 3. Essentials of Single Page Apps Creating a View Defining the Data Model Handling User Input Creating an Application Shell Using Custom Events Deploy Again 4. Identity as a Service with Amazon Cognito Connecting to External Identity Providers Creating an Identity Pool Fetching a Google Identity Requesting AWS Credentials Creating a Profile View Deploy Again 5. Storing Data in DynamoDB Working with DynamoDB Creating a Table Authorizing DynamoDB Access Saving Documents Fetching Documents Data Access and Validation Deploy Again 6. Building (Micro)Services with Lambda Understanding Amazon Lambda Deploy First Writing Lambda Functions Invoking Lambda Functions Using the Amazon API Gateway Deploy Again 7. Serverless Security Securing Your AWS Account Query Injection Attacks Cross-Site Scripting Attacks Cross-Site Request Forgery Wire Attacks and Transport Layer Security Denial-of-Service Attacks Deploy Again 8. Scaling Up Monitor Web Services Analyze S3 Web Traffic Optimize for Growth Costs of the Cloud Deploy Again (and Again, and Again...) A1. Installing Node.js A2. Assigning a Domain Name Bibliography Copyright © 2016, The Pragmatic Bookshelf. Early Praise for Serverless Single Page Apps The software industry is the ultimate meritocracy—millions of developers individually deciding which technologies and trends lead to better, more testable code; simpler solutions; more reliable outcomes; and less burdensome maintenance. Ben is one of the visionaries who has looked forward, seen the future in the form of serverless designs, and then come back to teach the rest of us how to build the next generation of applications. Like having a software coach by your side, his book makes serverless design patterns easy to understand and leads you naturally into following best practices for deploying and testing. →Tim Wagner @timallenwagner Serverless Single Page Apps is a comprehensive, approachable guide for developers of all backgrounds. Whether or not you use AWS, you will find the lessons on everything from security and identity to data access indispensable. →Will Gaul Ben walks through just the right mix of JavaScript to build client-side logic, Cognito for authentication and authorization, and Lambda for more sensitive features that can’t be trusted to browsers. JavaScript developers will find new ways to do typically server-side functions and will finish the book with a working serverless app that costs next to nothing to run. → Ryan Scott Brown Author at serverlesscode.com and Serverless Framework contributor Your dream app will no longer be on the application server, inside of a big computer stored in your company’s closet. It is on the cloud—secure, and managed by a fleet of services with excellent uptime. Let this book start your new development journey. →Daniel Hinojosa Author of Testing in Scala This book is a great introduction to the bleeding-edge concept of building a serverless web application. It will take you from having zero knowledge to deploying serverless applications. →Jake McCrary Lead software developer, Outpace Systems I read a lot of technical books. This one is the best I’ve read this year, and one of the best of all time. Ben Rady has an authorial voice that is both relaxed and assuring. I never get the sense that he’s bragging about his knowledge or needlessly padding his material. He switches fluently between “here’s what we’re doing” and “here’s why we’re doing it” without relying too heavily on one approach over the other. His opinions and his technical choices are well founded and sound. Read this book. →David Rupp RuppWorks LLC Acknowledgments Thanks to Jackie Carter, my editor, as well as Dave, Andy, and everyone else at The Pragmatic Bookshelf for their time, support, and energy. I could not have created this book without you. Thanks to all my technical reviewers, including Alex Disney, Clinton Begin, Daniel Hinojosa, David Rupp, Jake McCrary, James Ross, Jeff Sacks, Joshua Graham, Lucas Ward, Rene Duquesnoy, Rob Churchwell, Ryan Brown, and Sebastian Krueger. Thanks to everyone at Amazon who helped me validate the ideas in this book, including Tim Wagner, Bob Kinney, Tim Hunt, and Will Gaul. Also, thanks to everyone who provided other feedback during the beta, either personally, via the errata page, on the forums, or on Github.com, including Bill Caputo, Christopher Brackert, Christopher Moeller, Dennis Burke, Ezequiel Rangel, Fred Daoud, Hal Wine, Jerry Tang, Ron Campbell, and Timm Knape. Thank you all for helping me create this book! Your feedback was invaluable to me, and I truly appreciate your time and attention. Copyright © 2016, The Pragmatic Bookshelf.