initial commit

Author: lucidprogrammer

.gitattributes

@@ -0,0 +1,9 @@
+/test export-ignore
+/infrastructure export-ignore
+/build expport-ignore
+/.gitattributes export-ignore
+/.gitignore export-ignore
+/.terraform export-ignore
+/README.md export-ignore
+/main.tf export-ignore
+/yarn.lock export-ignore

.gitignore

@@ -0,0 +1,3 @@
+node_modules
+.terraform
+terraform.*

README.md

@@ -0,0 +1,69 @@
+# Overview
+
+This is an example graphql endpoint packaged as a aws lambda function deployed to an aws api gateway. All the infrastructure required is provisioned using terraform, only thing you need to use this is your AWS credentials.
+
+The code is structured to hold more than one lambda function. i.e. Currently the src/ folder contains only graphql folder. You can add additional lambda functions, and modify the main.tf if needed.
+
+The sample here does not use terraform backend configuration. For production, it is advisable to use a backend like S3.
+
+# Configure and Create graphql endpoint using Aws Lambda and Aws api_gateway
+
+## Prerequisites
+
+Make sure you have installed terraform & zip installed.
+
+## Clone this repo & install dependencies
+
+## Set environment variables.
+
+```
+export TF_VAR_aws_access_key=yourawsaccesskey
+export TF_VAR_aws_secret_key=yourawssecretkey
+export TF_VAR_region=awsregion
+
+```
+## Run locally
+```
+yarn run graphql-server
+
+```
+## Deploy infrastructure
+
+If you wish to change names of variables, for example, path or name of api etc, review variables.tf. But not mandatory.
+
+Run the following command.
+
+```
+yarn run test-deploy
+
+```
+
+You should see the _url_ where the deployment is available. Take a note of that and use in the following steps to test it.
+## From your browser
+
+Just browse to the _url_ path output you received in the previous step
+## Using Curl
+
+```
+//_url_ is the url you received while running the script.
+curl -X POST _url_ -d '{"query": "{users{firstName} }" }' -H 'Content-Type: application/json'
+
+```
+
+## Using AWS API Test Console
+
+Select _Method_ as POST in the dropdown list.
+
+_Query String_, provide the following
+
+```
+query= "{users{firstName} }"
+
+```
+_Headers_, provide the following,
+```
+Content-Type: application/json
+
+```
+
+Click _Test_ button.

build/.gitignore

@@ -0,0 +1,2 @@
+*.zip
+node_modules

graphql_server.js

@@ -0,0 +1,15 @@
+'use strict';
+
+const app = require('./src/graphql/graphql_app');
+
+// let's set the port on which the server will run
+app.set( 'port', 3000 );
+
+// start the server
+app.listen(
+	app.get('port'),
+	() => {
+		const port = app.get('port');
+		console.log('GraphQL Server Running at http://localhost:' + port );
+	}
+);

infrastructure/aws/api_gateway/aws_proxy/README.md

@@ -0,0 +1,2 @@
+# Overview
+If you are creating a AWS_PROXY style of integration, use this module. For example, express style integrations, use this module where everything is passed back and forth.

infrastructure/aws/api_gateway/aws_proxy/main.tf

@@ -0,0 +1,76 @@
+
+variable "api_name" {
+  description = "name of the api"
+  default = "api"
+}
+
+variable "api_path" {
+  description = "path of the api"
+  default = "api"
+}
+
+variable "lambda_arn" {
+  description = "arn of the associated lambda function"
+}
+
+variable "region" {
+  description = "region"
+}
+variable "account_id" {
+  description = "account id"
+}
+
+variable "deploy_stage" {
+  description = "stage name for deployment"
+}
+
+
+# API Gateway
+resource "aws_api_gateway_rest_api" "api" {
+  name = "${var.api_name}"
+}
+
+resource "aws_api_gateway_resource" "resource" {
+  path_part = "${var.api_path}"
+  parent_id = "${aws_api_gateway_rest_api.api.root_resource_id}"
+  rest_api_id = "${aws_api_gateway_rest_api.api.id}"
+}
+
+resource "aws_api_gateway_method" "method" {
+  rest_api_id   = "${aws_api_gateway_rest_api.api.id}"
+  resource_id   = "${aws_api_gateway_resource.resource.id}"
+  http_method   = "ANY"
+  authorization = "NONE"
+}
+
+resource "aws_api_gateway_integration" "integration" {
+  rest_api_id             = "${aws_api_gateway_rest_api.api.id}"
+  resource_id             = "${aws_api_gateway_resource.resource.id}"
+  http_method             = "${aws_api_gateway_method.method.http_method}"
+  uri                     = "arn:aws:apigateway:${var.region}:lambda:path/2015-03-31/functions/${var.lambda_arn}/invocations"
+  # lambda can be invoked by POST only
+  integration_http_method = "POST"
+  # type is AWS_PROXY as we are going to integrate with an express lambda function.
+  type                    = "AWS_PROXY"
+}
+# https://docs.aws.amazon.com/apigateway/latest/developerguide/stage-variables.html?icmpid=docs_apigateway_console
+resource "aws_api_gateway_deployment" "deployment" {
+  depends_on = ["aws_api_gateway_method.method","aws_api_gateway_integration.integration"]
+  rest_api_id = "${aws_api_gateway_rest_api.api.id}"
+  stage_name  = "${var.deploy_stage}"
+}
+output "url" {
+  value = "${aws_api_gateway_deployment.deployment.invoke_url}"
+}
+
+# Lambda
+resource "aws_lambda_permission" "apigw_lambda" {
+  statement_id  = "AllowExecutionFromAPIGateway"
+  action        = "lambda:InvokeFunction"
+  function_name = "${var.lambda_arn}"
+  principal     = "apigateway.amazonaws.com"
+  # More: http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html
+  # source_arn = "arn:aws:execute-api:${var.region}:${var.account_id}:${aws_api_gateway_rest_api.api.id}/*/${aws_api_gateway_method.method.http_method}${aws_api_gateway_resource.resource.path}"
+  # arn:aws:execute-api:region:account-id:api-id/stage/METHOD_HTTP_VERB/Resource-path
+  source_arn = "arn:aws:execute-api:${var.region}:${var.account_id}:${aws_api_gateway_rest_api.api.id}/*/*/*"
+}

infrastructure/aws/lambda/main.tf

@@ -0,0 +1,39 @@
+variable "name" {
+  description = "The name of the lambda to create, which also defines (i) the archive name (.zip), (ii) the file name, and (iii) the function name"
+  default = "lambda"
+}
+
+variable "runtime" {
+  description = "The runtime of the lambda to create"
+  default     = "nodejs6.10"
+}
+
+variable "handler" {
+  description = "The handler name of the lambda (a function defined in your lambda)"
+  default     = "handler"
+}
+variable "zip_file_path" {
+  description = "path of the zip file"
+  default     = "./"
+}
+
+module "role"{
+  source = "./role"
+}
+
+resource "aws_lambda_function" "lambda" {
+  filename      = "${var.zip_file_path}${var.name}.zip"
+  function_name = "${var.name}_lambda_${var.handler}"
+  handler       = "${var.name}_lambda_${var.handler}.${var.handler}"
+  role          = "${module.role.role}"
+  runtime       = "${var.runtime}"
+  source_code_hash = "${base64sha256(file("${var.zip_file_path}${var.name}.zip"))}"
+}
+
+output "name" {
+  value = "${aws_lambda_function.lambda.function_name}"
+}
+
+output "arn" {
+  value = "${aws_lambda_function.lambda.arn}"
+}

infrastructure/aws/lambda/role/role.tf

@@ -0,0 +1,23 @@
+resource "aws_iam_role" "iam_role_for_lambda" {
+  name = "iam_role_for_lambda"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+output "role"{
+  value = "${aws_iam_role.iam_role_for_lambda.arn}"
+}

infrastructure/deployment/test/.gitignore

@@ -0,0 +1,2 @@
+# use a backend instead of git ideally. if you are a single developer, it should be ok and remove this .gitingnore
+terraform.*

main.tf

@@ -0,0 +1,57 @@
+variable "aws_access_key" {
+  description = "AWS access key"
+}
+
+variable "aws_secret_key" {
+  description = "AWS secret key"
+}
+
+variable "aws_region" {
+  description = "AWS region"
+  default     = "us-east-1"
+}
+
+variable "deploy_stage"{
+  description = "Deployment Stage"
+}
+
+provider "aws" {
+  access_key = "${var.aws_access_key}"
+  secret_key = "${var.aws_secret_key}"
+  region     = "${var.aws_region}"
+}
+# expose the discovered account_id etc
+data "aws_caller_identity" "current" {}
+
+output "aws_account_id" {
+  value = "${data.aws_caller_identity.current.account_id}"
+}
+
+output "caller_arn" {
+  value = "${data.aws_caller_identity.current.arn}"
+}
+
+output "caller_user" {
+  value = "${data.aws_caller_identity.current.user_id}"
+}
+
+module "graphql_lambda"{
+  source = "./infrastructure/aws/lambda"
+  name = "graphql"
+  zip_file_path      = "./build/"
+}
+
+module "graphql_lambda_api_gateway"{
+  source = "./infrastructure/aws/api_gateway/aws_proxy"
+  api_name = "${var.graphql_api_name}"
+  api_path = "${var.graphql_api_path}"
+  lambda_arn ="${module.graphql_lambda.arn}"
+  region     = "${var.aws_region}"
+  account_id = "${data.aws_caller_identity.current.account_id}"
+  deploy_stage = "${var.deploy_stage}"
+
+}
+
+output "url" {
+  value = "${module.graphql_lambda_api_gateway.url}/${var.graphql_api_path}"
+}

package.json

@@ -0,0 +1,29 @@
+{
+  "name": "graphql-lambda-terraform",
+  "version": "1.0.0",
+  "description": "Example graphql lambda application with terraform IAC(infrastructure as code)",
+  "main": "graphql_server.js",
+  "author": "Lucid Programmer<[email protected]>",
+  "license": "MIT",
+  "scripts": {
+    "graphql-server": "node graphql_server.js",
+    "production-install": "yarn install --modules-folder=./build/node_modules --production=true",
+    "zip-graphql": "yarn run production-install && git archive -9 -o ./build/graphql.zip HEAD:src/graphql && cd build && zip -ur ./graphql.zip . -i \"node_modules/*\"",
+    "zip": "yarn run zip-graphql",
+    "test-deploy-plan": "TF_VAR_deploy_stage=test yarn run zip && terraform plan -out=./infrastructure/deployment/test/terraform.tfstate",
+    "test-deploy": "TF_VAR_deploy_stage=test yarn run test-deploy-plan && terraform apply ./infrastructure/deployment/test/terraform.tfstate"
+  },
+  "dependencies": {
+    "aws-serverless-express": "^3.0.2",
+    "body-parser": "^1.18.2",
+    "express": "^4.16.2",
+    "express-graphql": "^0.6.11",
+    "graphql": "^0.11.7"
+  },
+  "engines": {
+    "node": ">= 6.10.0"
+  },
+  "devDependencies": {
+    "chai": "^4.1.2"
+  }
+}

src/graphql/graphql_app.js

@@ -0,0 +1,25 @@
+'use strict';
+
+const express = require('express');
+const body_parser = require('body-parser');
+
+const expressGraphQL = require('express-graphql');
+
+// let's import the schema file we just created
+const GraphQLSchema = require('./schema');
+
+const app = express();
+
+app.use( body_parser.json({ limit: '50mb' }) );
+
+app.use(
+	'/',
+	expressGraphQL( () => {
+		return {
+			graphiql: true,
+			schema: GraphQLSchema,
+		}
+	})
+);
+
+module.exports = app;

src/graphql/graphql_lambda_handler.js

@@ -0,0 +1,7 @@
+'use strict'
+
+const awsServerlessExpress = require('aws-serverless-express');
+const app = require('./graphql_app');
+const server = awsServerlessExpress.createServer(app);
+
+exports.handler = (event, context) => awsServerlessExpress.proxy(server, event, context);