Secure web socket implementation using AWS products and serverless framework
Secured web socket deployed on AWS infrastructure using the serverless framework.
This repository serves as an example for this medium article. Please, invest a few minutes reading it in case you need further detail.
All services have been implemented using NodeJS.
serverless documentation recommends creating a service user with restricted permissions in order to avoid security issues; for example, user leaking and having admin rights could be devastating for your AWS bill.
However, the policies provided on the official example do not provide access to AWS Cognito. In order to use proper permissions, check the sls-policies.json file within this repository.
The required AWS infrastructure is as follows:
First of all, you need an AWS account. Then it is mandatory to configure serverless locally with your credentials.
Once you've set your environment up, you can deploy the entire stack using the following command:
serverless deploy -v
In case you want to deploy an specific lambda, you can use this other command:
serverless deploy function -f <functionName> -v
You can also remove all the allocated resources by executing this command:
serverless remove -v