Open in app

Sign in

Write

Sign in

Building and Securing Serverless Applications with AWS Lambda, Docker, Elastic Container Registry (ECR) and API Gateway

Jouneid Raza
5 min readOct 28, 2023

--

In the ever-evolving landscape of cloud computing, serverless architecture has emerged as a game-changer. AWS Lambda, coupled with Docker containers and API Gateway, provides a robust foundation for building, deploying, and securing serverless applications. In this comprehensive guide, we’ll take you through the process of creating a serverless application, step by step.

Prerequisites:

To embark on this journey, ensure you have the following prerequisites in place:

  1. AWS Account: You’ll need an AWS account with the necessary permissions and skills access.
  2. Docker: Docker must be installed on your local machine to containerize your application.
  3. AWS CLI: Make sure the AWS Command Line Interface (CLI) is installed on your local machine, and configured with the right access permissions.

Developing the Code:

Develop your Python application, containerize it, and ensure it runs as expected locally.

Step 1: Create and Containerize Your Application

  1. Develop Your Python Code: Start by creating a Python code locally. Save your code in a Python script and run it locally to verify the expected output.
  2. Requirements.txt: Create a requirements.txt file that lists all the necessary packages required to run your Python script.
  3. Dockerization: Craft a Dockerfile that pulls a base Python image, copies your Python script, and the requirements.txt file into a Docker image.
  4. Run Your Application: Execute the Docker container with the command to run your script.
  5. Image Building: After validating your script, you can proceed to build the Docker image. However, before that, let’s set up the Elastic Container Registry (ECR).

Setting Up Elastic Container Registry (ECR):

ECR acts as the repository for your Docker images.

Step 2: Create an ECR Repository

Create a repository to store your Docker images.

  1. Repository Creation: Within the AWS Management Console, click on “Get started” to create a repository. Ensure it’s configured as a private repository.
  2. Repository Name: Assign a name to your repository and click “Create.” Your ECR repository is now ready.
  3. Push Commands: In your repository, select the repository checkbox and click on “View push commands” to obtain the necessary commands to push your Docker image to the ECR repository.
  4. Command Execution: Copy and execute these commands step by step, starting with the login, followed by building, tagging, and pushing the image.
  5. Image Listing: After successfully running these commands, your Docker image will be listed within the ECR repository.

AWS Lambda Function Configuration:

Now, let’s configure AWS Lambda to run your containerized code.

Step 3: Create an AWS Lambda Function

  1. Select Your Region: Ensure you’ve selected the appropriate AWS region to create your Lambda function.
  2. Choose Container Image: In the Lambda function creation process, opt for “Container Image” as your execution environment.
  3. Function Name: Give a name to your Lambda function, reflecting the purpose it serves.
  4. Container Image Selection: Choose the container image you pushed earlier. Click “Browse Image,” select the repository, and choose the image. Note that you can have multiple images in a single repository.
  5. Function Creation: Your Lambda function will be created with the container image configuration in place.

Lambda Function Testing and Triggers:

After creating your Lambda function, explore its options and validate its performance.

Step 4: Testing and Trigger Configuration

  1. Code Customization: The Lambda function provides several tabs, including “Code,” where you can further customize your function’s code.
  2. Testing Your Function: For a simple test, click on “Test” and add an event. Keep it private and maintain the event JSON format as is. Save the event, then click “Test” to verify the function’s output. You should expect to receive a status code of 200.
  3. Adding Triggers: To enable API access and enhance security, follow the steps below.

Setting Up API Gateway:

API Gateway acts as the bridge between clients and your Lambda function, allowing you to define the rules of access.

Step 5: Configure API Gateway

  1. Select the API Type: Opt for a REST API to have complete control over requests.
  2. API Gateway Creation: Click “Build” to initiate the process.
  3. Create a New API: Create a new API, set a name, and click “Create API.” Ensure the API endpoint type is set to “regional.”
  4. Resource Creation: After creating an API, proceed to create a resource by clicking on the “Create Resource” option.
  5. Method Configuration: Create a method for the REST API endpoint by clicking on “Create Method.” Configure the method type (GET or POST) and choose the integration type as “Lambda Function.” Select the appropriate region and your Lambda function.
  6. API Deployment: You’ll need to deploy the API. If you have an existing stage, you can select it. Otherwise, create a new one.
  7. Deployment: Click “Deploy API,” select or create a stage, and deploy the endpoint.
  8. Invoke URL: Upon successful creation, you can find the invoke URL for this stage under the “Stage” option.

Securing Your API:

To enhance security, you’ll need to add an authentication method.

Step 6: Enhancing Security

  1. API Gateway Configuration: Return to your API Gateway configuration.
  2. API Keys: Click on “API Keys.” You can create a new API key or use an existing one. Let’s create a new one.
  3. API Key Creation: Click “Create API Key,” name it, and choose to auto-generate the key. Save it.
  4. API Key Details: You’ll find the created API key under “API Key Detail.” Copy it to save for later use.
  5. Usage Plan: Add this API key to a usage plan. If you don’t have one, create it.
  6. Usage Plans: In “Usage Plans,” create a usage plan, name it, specify the call count for the endpoint, and create the usage plan.
  7. Attach API Key: Go back to “API Keys” and attach the API key to the usage plan.
  8. Endpoint Security: Add the API key to your endpoint to ensure it won’t work without the key. Click on your endpoint (e.g., a GET request), enable the API key, save it, and deploy the API.
  9. Testing with API Key: When testing your endpoint, use Postman or a similar platform to create a request (GET or POST). Include the API key in the request header with the key x-api-key. Run the request, and you should receive a response.

With these well-defined steps, you’ve successfully created a secure AWS Lambda function, containerized your code, and set up an API Gateway with enhanced security, ensuring that your Lambda function remains protected from unauthorized access. This powerful serverless architecture unlocks a world of possibilities for your applications.

Feel free to contact me here on Linkedin, Follow me on Instagram, and leave a message (Whatsapp +923225847078) in case of any queries.

Happy learning!

Aws Ecr
Aws Lambda Functions
Aws Lamda Docker
Aws Api Gateway
Rest Api

--

--

Jouneid Raza
Jouneid Raza

Written by Jouneid Raza

94 Followers
0 Following

With 8 years of industry expertise, I am a seasoned data engineer specializing in data engineering with diverse domain experiences.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams