AWS Lambda with API Gateway and spring boot

By

Authentication with Firebase using AWS Lambda, API Gateway and Spring boot


In this post, i will show you an example on how to create a Lambda function using a spring boot application, and then access the lambda function using API Gateway.

A good use- case for this kind of set-up is as follows:
Consider you have an api key which you are using to access a backend service like Firebase authentication. 
Assuming that you have a frontend single page application like Angular, React etc, in a typical scenario you provide the api key in the environment.ts file and then invoke the backend using the api. 
The biggest problem obviously is that since the single page applications are executed on the browser, anyone accessing the application can use the api key.

There are different ways to solve this problem, for example keep the key in some backend application and make a request to the backend application to fetch the key.
Though i feel this is not the best solution as the end users can still inspect the network tab and see the response.
Also, you would need to deploy your backend application and manage it on your own and also take care of scaling the backend application based on increase in user demand.

This seems too much efforts just for fetching a key. What we need is a service which can take in the user data, apply the secret key to the request and then forward the request to the backend service like firebase and return the response back and without us worrying about the scalability.

This screams for a AWS service like AWS Lambda.

Pre-Requisites

  • AWS Account(to create AWS Lambda function and API Gateway)
  • Firebase Account (to setup authentication)



Steps Overview

Step 1: We will create a project in fireabase which will serve as our authentication store.

Firebase provides free plans to create projects and configure authentication which can be accessed via rest endpoints.

Step 2: Create a spring boot application to access the firebase authentication backend. 

Step 3: Create a AWS Lambda function which uses the packaged spring boot appplication

Step 4: Expose the AWS Lambda via Rest Api using API Gateway.

The whole setup can be easily achieved at zero cost using free tier.


Architecture


Arch overview

Steps:

Firebase setup:
  • Create a new project in Firebase, choose one of the free plans.
  • Navigate to the authentication tab and create users.
  • To login, with the created user, the firebase rest endpoint can be used:
         https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=[API_KEY]
  
where API_KEY can be obtained from the firebase project overview.

For further reading: Firebase Rest API

Spring Boot Application:

A spring boot application can be easily converted to a AWS Lambda function using Spring Cloud Function.

I used the following blog post to create my own function.

The source code for my project can be found on GitHub

Note: Add your firebase api key to the url defined in the LoginFunction.java
Then build the application using mvn clean package


AWS Lambda Function Creation:

  • Navigate to AWS Lambda on AWS Console and create a new Function. Select Java 8 runtime and Upload the packaged spring boot application.
         Also ensure that the handler is set to                    com.prashant.lambdaservicerequestor.MyRequestHandler
 
Lambda defn

  •      In the Environment Variables section, add the following environment variable:
                  FUNCTION_NAME : login.
      
      This tells AWS lambda to invoke the login method (defined as                   bean LambdaservicerequestorApplication) should be invoked by AWS Lambda.

  • In the basic settings section, increase the timeout to around 35 seconds and also note down the name of the IAM role assoiated with the Lambda function. This role needs to be modified when using with API Gateway.

         Using the test feature of the Lambda, create a test case and send a json in the following format:
{
"email":"<email configured in authentication section for user in firebase  >",
"password":"<passoword configured for user in authentication section in firebase>"

}
 
For the first test, the response will be slow as it requires the spring boot application to bootup. Subsequent requests will be faster.

AWS API Gateway setup:

API Gateway can be used to invoke lambda functions using rest endpoint.
  •  Create a new API Gateway and choose type as Rest API  
        
API gateway 1
  •     Click on Actions and create a new resource
       
  • Again click on actions and now click on create method and use the value POST from dropdown
   
  

  •     On clicking on Post Method, you should be able to click on Test.
          
 This opens a new dialog where you can enter the request body(same as the one used during Lambda test)
{
"email":"<email configured in authentication section for user in firebase  >",
"password":"<passoword configured for user in authentication section in firebase>"

}
  • Deploy the API gateway by clicking on actions and Deploy API.
  • Invoke the rest endpoint using the Invoke URL (with a tool like Postman)