Use oso to add fine-grained authorization to a serverless Node.js app running on AWS Lambda, API Gateway, and DynamoDB.
The main benefit of developing a serverless application is that managing servers, balancing load, scaling up and down, and a hundred other things become someone else's problem (🎉). However, securing your serverless application with authorization remains decidedly your problem.
The cloud providers offer some helpful primitives like authentication solutions, access control for their own cloud services, and hooks for you to write your own custom authorization code, but much of the heavy lifting is left up to you. In addition to writing tons (and tons and tons) of JSON, you'll have to figure out the precise baton waves required to orchestrate your authorization service / function / sidecar (/ clowncar) to ensure that everything is wired up correctly ("Resource": "*" ought to do it) and that it's at least as available as the service it's protecting.
Or you could skip all that and use oso, the open source policy engine for authorization:
In our latest post, we'll show you how oso makes it simple to add extensible, fine-grained authorization to your serverless application - https://www.osohq.com/post/add-authorization-to-a-serverless-nodejs-app
Today you'll learn how to deploy a Node.js application to AWS Lambda with the help of the Serverless Framework.
Once upon a time, not so long ago, a word caught my ear. Lambda. That struck a chord, remembering the good old days of playing Half-Life as a kid. Little did I know what AWS Lambda was, and how incredibly awesome it is. If you’re intrigued, stick around. I’ll only take a few minutes out of your already busy day, and you surely won’t mind. Getting Started with AWS Lambda and Node.js
Create S3 Bucket and upload csv file; Install Serverless Framework locally on your machine; Create a Serverless project (Node.js/Express.js) ...
Build a secure serverless API using AWS Lambda functions, Node.js, and React. Serverless architecture with AWS Lambdas is quickly becoming a popular option for companies looking to deploy applications without the overhead of maintaining servers. AWS Lambda functions are event-driven and serverless—triggered to process a piece of code and return a result. AWS Lambdas can be written in most common languages today on a variety of platforms including .NET Core, Java, Go and, in the case of this post, Node.js.
Serverless Express enables you to easily host Express.js APIs on AWS Lambda and AWS HTTP API. Here is how to get started and deliver a Serverless Express.js based API with a custom domain, free SSL certificate and much more!