Serverless Stack Update to IAM

[jayair]

Update July 19

The guide and the sample projects have been updated. A few links for reference:

• Tagged version before the change
• The merged PR
• Tagged version after the change

---

What is going on

We are updating the Serverless backend API to use IAM as an authorizer and React.js app to make signed API requests.

What is going to happen

Over the next few days we'll post the chageset for the proposed update to give people a chance to review it. And then we'll update Serverless-Stack.com and all the code for the demo project. We'll still leave the changeset up and tag the repo in case people still want to look at the older version of the tutorial.

What should I do

If you are currently working through the tutorial there will be a changeset to refer to. And use this comment thread for help if you have any questions.

Why the change

The current version of the tutorial uses the User Pool directly as an authorizer for the backend. While this works, the recommended way to do authorization in AWS is by using the IAM. All AWS API requests must be securely signed with Signature Version 4 using IAM credentials. Serverless Framework added support for IAM as an authorizer relatively recently. To use IAM as an authorizer we need to use our Cognito Identity Pool to grant our users temporary IAM credentials. This setup is also necessary in the case where you would like to add Google or Facebook as a way to authenticate your users.

Is this a big change

It is not a very big change to the code base of our demo project. But the flow is a little different and the two setups (the current one and the IAM one) cannot work together at the same time. Also, IAM as an authorizer is more secure but it can be a lot more confusing to set up and difficult to work through.

---

As always feel free to contact us via Twitter (@fanjiewang or @jayair) or email if you have any questions.

[dbeja]

That's great! Will you also include an example with a Social Identity Provider (Google, Facebook,...)?

[jayair]

@dbeja It's not in this update but we will work on that after we roll this out. We haven't been able to write about the social logins pretty much because we needed to do make this update first.

[mmiinnovations]

Thanks! This is great.

[jayair]

Proposed Chageset (WIP)

https://github.com/AnomalyInnovations/serverless-stack-com/compare/dev

The new changes are being worked on in the above brach. Feel free to take an early peek.

[larrybek]

Waiting for your update !!! You're doing great work.

[bharloe]

Love this tutorial. Any idea of a specific time frame we can expect these changes to get published?

[jayair]

@bharloe Yeah they are just about ready to be published. We just wanted to make sure we give folks who are going through the tutorial currently a bit of a heads up.

Ideally, it should be up early next week.

[bharloe]

Thanks, looking forward to it!

[zamirkhan]

Thanks for the heads up! For those who have already worked through most of the tutorial and made some customizations for their own specific needs, do these changes imply starting from scratch on the API side of things or is it something that can be migrated to with relative ease?

[jayair]

@zamirkhan Yeah you should be able to migrate. It's just a few changes to different parts of the setup.

[muescha]

i would like to start the tutorial - if it is ready to publish, why not publish it now and make the old tutorial available via subfolder / subdomain...

[jayair]

@muescha It's almost ready. Just need to wrap up the code samples for all the chapters. I'm aiming for Wednesday.

[CharithW]

This is great.
I have struggling through the net to find proper way to integrate with apigClient sdk to my react app.
Hopefully you will be able to release this soon.
Thank you for the great work :)