AWS Learn === ###### tags: `AWS` `cloud` `IaC` `DNS` `SSL` [TOC] > This doc tutorial use `aws-cdk-lib` develop. ## Required * [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) * `npm i -g aws-cdk` this is cli module * nodejs `^14.18.x` * typescript `~4.9.4` * `npm i -D @types/aws-lambda` interface > change new region run once `$ cdk bootstrap` ## Basic Cli * `$ aws s3 ls` * `$ cdk init [--language typescript]` * `$ cdk diff` * `$ cdk deploy` * `$ cdk destroy` will uninstall all deploy at this code. * `$ cdk synth` review `CloudFormation` file ## ACM [AWS Certificate Manager](https://ap-northeast-3.console.aws.amazon.com/acm/home?region=ap-northeast-3#/certificates/list) [SSL For Free](https://www.sslforfree.com/) [Google Domain](https://domains.google.com/registrar/cosmoit.codes/dns?hl=zh&_ga=2.120751307.2145633470.1674175535-1989676735.1674175535) 1. Request SSL cert 2. Use `CNAME` verify domain * NAME in Google.DNS.NAME `Warn!! SSL For Free Name have your domain, must remove domain like "_XXXXXXXXXXX.www.abc.com" => "_XXXXXXXXX"` * point in Google.DNS.DATA * TTL 600 or 3600 (s) 3. Download cert.zip and unzip import to `ACM` * private.key * certificate.crt * ca_bundle.crt 4. If use nginx use `$ cat certificate.crt ca_bundle.crt >> certificate.crt` ## Serverless new lambda function `src/index.ts` => `dist/index.js` ```typescript= import { APIGatewayEvent } from 'aws-lambda'; export const handler = async (e: APIGatewayEvent) => { return { statusCode: <httpStatusCode>, headers: { [key: string]: string }, body: '<meta charset="utf-8"><h1>good 中文</h1>' } }; ``` `src/otherFunc.ts` => `dist/otherFunc.js` ```typescript= import { APIGatewayEvent } from 'aws-lambda'; export const handler = async (e: APIGatewayEvent) => { return { statusCode: <httpStatusCode>, headers: { [key: string]: string }, body: '<meta charset="utf-8"><h1>good 中文</h1>' } }; ``` `lib/<project>-stack.ts` ```typescript= import * as lambda from 'aws-cdk-lib/aws-lambda'; import * as apigw from 'aws-cdk-lib/aws-apigateway'; import * as acm from 'aws-cdk-lib/aws-certificatemanager' const main = new lambda.Function(this, 'lambda', { runtime: lambda.Runtion.NODEJS_18_X, handler: 'index.handler', // This <index> is `lambda.Code.fromAsset('dist')` filename, and <handler> is export function code: lambda.Code.fromAsset('dist') }); const otherFunc = new lambda.Function(this, 'otherFunc', { runtime: lambda.Runtime.NODEJS_18_X, handler: 'otherFunc.handler', code: lambda.Code.fromAsset('dist') }); const apiGatewayName = 'Endpint'; const api = new apigw.LambdaRestApi(this, apiGatewayName, { handler: main }); // If need mutiple apiGateway const api = new apigw.LambdaRestApi(this, apiGatewayName, { handler: main, proxy: false }); // Setting custom domain const domain = 'www.abc.com'; const acmArn = 'arn:aws:acm:<region>:<IAM_ID>:certificate/xxxxxxxxxxx'; const resource = 'otherFunc'; const cert = acm.Certificate.fromCertificateArn( this, 'Certificate', acmArn ); // debug // new cdk.CfnOutput(this, 'AcmArn', { // value: cert.certificateArn // }); const api = new apigw.LambdaRestApi(this, apiGatewayName, { handler: main, proxy: false, domainName: { domainName: domain, certificate: cert } }); api.root.addMethod('GET', new apigw.LambdaIntegration(main)); const otherApi = api.root.addResource(resource); otherApi.addMethod('GET', new apigw.LambdaIntegration(otherFunc)) ``` ## EC2 ## ECK ### ECR ### ECS