Welcome!
In this tutorial, we will configure settings in Cloud9 and then the AWS CLI to deploy a basic REST API via Chalice.
What is Chalice?
AWS Chalice is a framework for writing serverless applications in Python that provides familiar, declarative APIs to help you write your application. From the first version of this framework, AWS has provided a deployment packager that handles the details of how to package your application for AWS Lambda.
AWS Chalice allows you to quickly create and deploy applications that use Amazon API Gateway and AWS Lambda. Chalice provides:
A command-line tool for creating, deploying, and managing your app
A familiar and easy-to-use API for declaring views in Python code
Automatic IAM policy generation
Let's get started!
Create Cloud9 Environment:
AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. It includes a code editor, debugger, and terminal.
- Navigate to the AWS Console and type Cloud9 in the services search bar:
- Click Create Environment
In the Create environment screen:
Click the "Name" field.
- Type Name of Project
Click "VPC settings" Click Custom VPC or Default VPC
Select the appropriate subnet or default "No preference"
Click Create
Create IAM Role for Cloud9 EC2 Instance
Ec2 Instance IAM roles allow applications to securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles. For this example, we will utilize an Admin IAM role instead of the default Cloud9 permissions for our Ec2 instance.
After the Cloud9 environment is created, let's create an IAM role for the EC2 Instance:
Head to the Console services search bar and type: IAM
- Click Roles > Create Role
For this example, we will be adding AdministratorAccess to our role.
Select AdministratorAccess policy and Create a Role with Role Name: Cloud9Ec2InstanceAdmin:
- Navigate to the EC2 Dashboard via the Services search bar in the AWS Console:
- Click instances(running)
Select the cloud9 Ec2 Instance
- Actions > Security > Modify IAM role:
Attach the Cloud9Ec2InstanceAdmin role:
Select the Cloud9EC2InstanceAdmin
Click Update IAM Role
Navigate back to Cloud 9 and Select the radio button for our newly created environment
Click the radio button for the Cloud9 Environment we created:
Click Open in Cloud9
- This will take you to the Cloud9 IDE screen:
Configure Cloud9 Credential Management
For an AWS Cloud9 EC2 development environment, AWS Cloud9 makes temporary AWS access credentials available to you in the environment. AWS calls these AWS-managed temporary credentials. AWS Cloud9 puts additional restrictions on how its temporary credentials can be used to access AWS actions and resources from the environment (security best practice). To avoid any issues, we will disable managed temporary credentials in favor of our Admin IAM Role.
In the Cloud9 Screen:
- Click the Settings icon in the top right:
- Click AWS Settings:
- De-Select AWS managed temporary credentials:
Exit out of the settings window
Select the Window drop-down:
- Click New Terminal
Configure the CLI, Install Chalice & Deploy
The
config
andcredentials
files are files that the AWS Command Line Interface (AWS CLI) uses to interact with AWS. These include your security credentials, the default output format, and the default AWS Region. The AWS CLI stores this information in a profile (a collection of settings) nameddefault
in thecredentials
file. By default, the information in this profile is used when you run an AWS CLI command that doesn't explicitly specify a profile to use. For this example, we will be utilizing instance metadata and environment variables to configure the options and credentials.
- Type the following commands in the terminal window of Cloud9 to configure the CLI and download Chalice:
- Install text utilities:
sudo yum -y install jq gettext
- Configure CLI w/ Instance Metadata
export AWS_REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region)
echo "export AWS_REGION=${AWS_REGION}" >> ~/.bash_profile
aws configure set default.region ${AWS_REGION}
aws configure get default.region
- Setup environment variables for account ID
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
echo "export AWS_ACCOUNT_ID=${AWS_ACCOUNT_ID}" >> ~/.bash_profile
- Install Chalice:
pip install chalice
Create New-Project "Name"
- In this example, we will use "rolldice" as the project name:
chalice create new-project rolldice
- CD into "rolldice" directory
cd rolldice
- Notice that Chalice has created a directory with app.py and requirements.txt
- Deploy the endpoint
chalice deploy
- Copy API endpoint and paste into a new browser or use the Curl command to check our endpoint:
curl https://endpoint/api
You should have received the hello world message! Chalice makes it easy to deploy Rest API as it automates the Lambda Function, API and I AM Role creation.
Cleanup Infrastructure
To Delete the infrastructure associated with Chalice:
- Type in the following command:
chalice delete
- You can now head back over to the Clou9 Dashboard in the AWS Console and delete the Environment
Great job! We successfully launched our REST API via Chalice.
We've configured our Cloud9 environment, the AWS CLI, and deployed our API. You could utilize other IDE's such as Visual Studio Code..etc as long as you configure the CLI for programmatic access.
Till next time!