Serverless

You have a bunch of code to commit for your Docker image so that you can update your app that runs in Amazon EKS. STOP! First scan your source code with CodeQL before you commit and push!

Photo by Muhammad Zaqy Al Fattah on Unsplash

The Solution

In this tutorial, we’ll go over scanning C# source code for vulnerabilities in a development environment using the CodeQL CLI.

Remember, for any example solution from AWS with .NET, we focus on the code that exemplifies the problem we are trying to solve. We don’t include logging, input validation, exception handling, etc., and we embed the configuration data within classes instead of using environment variables, configuration files, key/value stores and the like. These items should not be skipped for proper solutions.

Containers are easy to distribute and can run just about anywhere. At this point, you can download just about any popular software as a container…

PostgreSQL? Check!
mongoDB? Sure!
Redis? Absolutely!

So, it certainly makes sense if you are planning to release your next software project as a container based solution. And, if you use. NET for software development, developing container based solutions may have just got a bit easier for you. In .NET 7, Microsoft introduced publishing a .NET project as a Docker image by simply using the dotnet publish command.

Amazon Simple Queue Service or Amazon SQS is a distributed message queuing service that enables developers to build loosely coupled solutions. Often valued for its ease of use, Amazon SQS queues can be spun up in a matter of seconds from the AWS console, SDK or the CLI. Still, there are subtleties that developers should be aware of when developing solutions with Amazon SQS.

Photo by Shumilov Ludmila on Unsplash

Encryption

Messages stored in an Amazon SQS queue is data at rest. And, we can protect that data by encrypting it with KMS keys, just like we would if we were going to protect data in an Amazon S3 bucket or an Amazon SNS topic. With Amazon SQS Server-side encryption, messages are encrypted when they are received by SQS and are decrypted when delivered to a message consumer that is authorized for the SQS message queue and the KMS key.

The .NET 6 runtime for AWS Lambda gave .NET developers a few more options when developing AWS Lambda functions. One such option is top-level statements. The top-level statements feature was designed to greatly simplify developing applications in C# by removing a lot of the “boilerplate” code.  For instance, in this tutorial we will utilize a console application to develop an AWS Lambda function and in this console application you will notice that our Program.cs file does not have a Main function or even a namespace statement. Checkout Microsoft’s tutorial on top-level statements to learn more.

Often touted as a solution for microservices, Minimal APIs are a new feature in ASP.NET Core that allows developers to easily create HTTP based APIs with minimal dependencies. On top of that, ASP.NET Core minimal APIs are simple, only requiring a csproj file and a Program.cs file.

Photo by Jakub Mičuch on Unsplash

The Solution

In this tutorial, well take a look at using ASP.NET Core minimal APIs as a way to build AWS Lambda functions. We’ll first develop the ASP.NET Core minimal API and then we’ll make a small change that turns the minimal API into a Lambda Function.

The AWS console is great for creating, modifying and visualizing your AWS resources, services and infrastructure. However, if you need automation and repeatability, the AWS CLI is where it’s at.

For this tutorial, we’ll use .NET as the reference technology. Although, most of this tutorial can be used with other languages like, Python, Node.js, Go, etc. When you see references to .NET, feel free to swap in your programming language of choice.

Get all the code on GitHub.

AWS Lambda, the popular AWS service, has been the solution behind many microservices. Some even argue that AWS Lambda enabled the microservice trend over the last five to seven years. And, the serverless/AWS Lambda trend does not show any signs of slowing down.

Even with its popularity, there was always one missing ingredient, a URL that could directly invoke the AWS Lambda function. Some could argue that this could be accomplished through the use of AWS API Gateway along with AWS Lambda. Although, what if you don’t need everything that AWS API Gateway gives you? Or, what if you don’t want or need the hassle of AWS API Gateway? And, maybe, you’re just looking for a checkbox in the AWS Console for the Lambda configuration that enables a URL for the function? If this sounds like you, then the wait is over, because that’s just the feature that AWS recently announced for Lambda.

Skip the detail and show me the solution.

AWS Lambda is one of the hottest technologies in cloud software development today. And, as hot as it is, there is still a lot of confusion on just what Lambda is and how to develop a serverless function. 

First, let’s clarify a few things, serverless doesn’t mean that there isn’t a server. It just means that you don’t have to provision, maintain, upgrade (etc.) a server in order to develop and deploy your software.

Amazon Simple Notification Service, AKA SNS, is a versatile pub/sub AWS service that supports several different endpoints including, SMS, email and HTTP/HTTPS. Amazon SNS also supports AWS services as endpoints, like Amazon SQS, AWS Lambda and AWS Kenesis Data Firehouse. Amazon Simple Notification Service, which is often leveraged to do the heavy lifting in a fan-out pattern, provides a simplified path for creating pub/sub based applications without having to set up tons of infrastructure. Even with this simplified path, there are a few things that every developer should know before they start their Amazon SNS journey.