320-S20-Track1
Integration Track 1
Front-End and Back-End ReadMe
- READ ME : TRACK ONE- ReachOUT
- TRACK ONE: DEMO OR DIE SCRIPT
- How to get the front end environment running
ReachOUT Backlog
AWS Cloud
ReachOUT
Consoles
Cloud Diagram
Getting start
- Go to AWS Console.
- Type in your
IAM user nameandPasswordfrom.cvsfile we gave you. - Be Aware: these are the password policies you need to pay attention to when you are asked to change the password during 1st-time login.
- Minimum password length is 14 characters
- Require at least one uppercase letter from Latin alphabet (A-Z)
- Require at least one lowercase letter from Latin alphabet (a-Z)
- Require at least one number
- Require at least one non-alphanumeric character (!@#$%^&*()_+-=[]{}|')
- Password expires in 90 day(s)
- Allow users to change their own password
- Remember last 24 password(s) and prevent reuse
Sign in- Find the service you are looking for.
- Congs! You made it!
IAM Credential and Permissions
Tutorial
Permission Policies
| Team | Group | Permissions | Remark |
|---|---|---|---|
| Big Hero 6 King Codras |
Frontend | S3FullAccess AmazonAPIGatewayInvokeFullAccess AmazonAPIGatewayPushToCloudWatchLogs AWSWAFReadOnlyAccess CloudFrontFullAccess AmazonAPIGatewayAdministrator AmazonRDSDataFullAccess AmazonRDSReadOnlyAccess AWSLambdaReadOnlyAccess AWSWAFConsoleReadOnlyAccess |
None |
| Segfault Line Team Kakashi |
Lambda | AmazonRDSFullAccess AWSLambdaFullAccess AmazonRDSDataFullAccess AWSWAFConsoleReadOnlyAccess RoleCreateWithBounds CreatePolicy |
For information regarding the creation of roles to use with services, please refer to Role Creation |
| 5 Guys | Cloud | AdministratorAccess | None |
Role Policies
| Role | Permissions |
|---|---|
| T1LambdaFullAcess | AWSLambdaFullAccess AmazonAPIGatewayInvokeFullAccess AmazonRDSDataFullAccess CognitoPolicies sesPerms |
Remark: To simplify the process of development, we combine all Lambda related permission policies into one giant Role. It works well so far, but may lead to security concerns.
Role Creation
For the Lambda teams only: Any policy can be written and attached to roles you create. However, you may only create roles that also have the T1LambdaPermissions policy set as their PermissionBoundary. This ensures that any role you create cannot have more permissions than your account has REGARDLESS OF THE POLICY ATTACHED. To do this, ensure that you create the roles needed before the creation of lambdas, and ensure that at the bottom of the creation menu you set the RoleBoundary to T1LambdaPermissions. If you do not do this, you WILL NOT BE ABLE TO CREATE THE ROLE.
S3 Bucket, CloudFront, and Route 53
Tutorial
Buckets
Host
Hosting the static website
Logs
Storing CloudFront Logs
Images
Storing resumes and other files
Storage
Storing pictures and images
Remark
The Host bucket hosts the website. Currently it's open to public to access the website. But since the CloudFront is set up, it could be restrict to only accessed via CloudFront to reach further security.
CloudFront
Remark
Setting up CloudFront is really easy and straightforward. Be careful DO NOT use the originally S3 Bucket URL in the default pull down list for Origin Domain Name. Please use the website endpoint URL in the "Static Website Hosting" section of the properties in S3 Bucket Console.
Route 53
We do not use Route 53 to register the domain, so don't worry about it.
RDS Database
Database Schema
Updated 5/4 10am
Click here for Full Version
Changes
4/29 6pm
- college varchar removed from students table
- recurring_id column added to appointment_block table
- Actually added specialization_for_appointment table to AWS
- supporter_major_preferences and supporter_minor_preferences are now 2 tables instead of 1 combined one
4/29 7am
- added tags relational table instead of storing the tags as a varchar array
- hours_before_appointment stores the time (in hours) before an appointment that supporters prefer to get appointments, this is a new field in supporter_preferences_for_students
- minors have been added to supporter_major_preferences
- in scheduled_appointments, the tags the student selected for the appointment are stored in an int array called “selected_tags"
- got rid of job_search in students and supporter_preferences_for_students table
- deleted number of students from appointment_block
- check duration in supporter_specializations is divisible by 5
- specializations_for_appointment relational table added
- check supporter_preferences_for_students_id in supporter_preferences_for_students is equal to supporter_id (the different id is important)
- added team_name for the team a supporter belongs to (varchar)
- got rid of password and salt_key in users
- added student_college relational table
- Added default table (to be used by lambdas as a config file)
Lambda Functions and API Gateway
Remark
The Back-end teams and Front-end teams are granted with all permission to set up Lambda Functions and API Gateway. And the documentation of integration tests is in Low Level Design Document.
Cognito
Tutorial
- AWS Cognito Tutorial Part I | Cognito User Pool & AWS Amplify setup
- AWS Cognito Tutorial Part II | Sign in & registration
- Cognito Commands
Overview
Amazon Cognito is a service that lets you add sign in, sign up and other permission restrictions to a website or mobile app. it was integrated with the website easily and handled complicated steps in the sign-in and sign-up process such as email verification and user authentication. Cognito is easily scalable to more than millions of user and its free tier handles 50,000 monthly active users, which should be enough for ReachOut, but if this number isn't enough, the cost for each monthly active user after 50,000 is only $0.00550.