In this chapter, we have discussed security and why it is important. Applying the OWASP security by design principles is a good first step to ensure that your serverless stack is secure. We then discussed IAM roles and gave an overview of policies, explaining how they are the key documents to ensure restricted access to AWS resources. We then looked at an overview of some of the security concepts and principles regarding securing your serverless microservices, specifically regarding Lambda, API Gateway, and DynamoDB.

We then built a scalable serverless microservice with a RESTful data API. We started by creating a DynamoDB table, then added data to it, and queried it, first using the AWS console manually, then using the Python Boto3 SDK. We then built a simple Lambda to parse the request URL parameters, query DynamoDB, and return the records as part of a response body. We then looked at setting the integration between the Lambda and the API Gateway. We then connected everything together by deploying the API. We created a fully working API that is highly scalable, that you can tweak very easily for your own use cases, and that is very cost effective. In less than 30 minutes, you have created a highly scalable serverless microservice with an API. It is pay-per-usage for the API Gateway and the Lambda costs. For DynamoDB, you can actually change the read and write capacity very easily, set it to autoscale the read and write capacity based on the load, or even pay based on actual usage via the on-demand capacity mode, making it fully pay-per-API usage and data stored, avoiding traditional capacity planning or over-provisioning.

We have done a lot of work in the AWS Console, but in later chapters, we will be doing most of the work using the AWS CLI, or using code deployment pipelines. However, using the AWS Console should have given you a really good understanding of what you can do in AWS, and how Lambda integrates with DynamoDB and API Gateway. This solid foundation is really useful when we automate most of the creation and provisioning using configuration, scripts, and code. In the following chapters, we will be adding more functionality, automated testing, and deployment pipelines, and implementing microservice patterns.

In your organization, you will be developing a lot of source code and you won't want to deploy it manually, as we have done in this chapter. You will want to first test the code automatically to make sure it is working as expected, then you will deploy the stack in a repeatable fashion. This is needed for continuous integration or continuous delivery systems used in production.

In the next chapter, we are going to talk about how to deploy your serverless microservices using code and configuration to make the process more repeatable and scalable.