ShonenChains

• 

  api-gw-lambda-diagram

• 

  lambda-authorizer-diagram

• 

  Successful Lambda Authorizer

• 

  Successful Lambda Authorizer using VSCode Terminal

• 

  Successful CORS testing using Postman

• 

  Successful CORS testing using command line curl

• 

  Successful Hello World feedback from lambda function

Inspiration As cloud-native architectures become increasingly popular, I wanted to explore how AWS serverless technologies like Lambda and API Gateway could be combined to build scalable APIs with observability and access control features. The goal was to simulate a real-world backend workflow that includes versioning, canary deployment, monitoring, CORS configuration, and authentication.

What it does This project sets up a fully serverless REST API using AWS Lambda and API Gateway. It includes:

1. Lambda functions to serve API responses.
2. API Gateway to expose and manage REST endpoints.
3. CloudWatch for log monitoring.
4. Canary deployment for safe feature rollout.
5. CORS configuration for cross-origin access.
6. A Lambda Authorizer that validates JWT tokens to secure endpoints.

How we built it We built it step-by-step as follows:

1. Created multiple AWS Lambda functions using Python.
2. Connected the functions to API Gateway endpoints.
3. Enabled logging and monitored logs using CloudWatch.
4. Configured and tested canary deployments to route traffic between versions.
5. Enabled CORS with custom OPTIONS responses.
6. Secured endpoints using a custom Lambda Authorizer integrated with JWT authentication.
7. Tested everything using Postman and curl.

Challenges we ran into

1. Managing canary deployment settings correctly without breaking production traffic.
2. Integrating JWT securely via Lambda Authorizer, especially around permissions and token structure.
3. Ensuring proper function deployment timing before testing to avoid outdated versions.

Accomplishments that we're proud of

1. Successfully implemented a full lifecycle of a serverless API: from initial deployment to monitoring, versioning, and securing endpoints.
2. Learned to manage complex API Gateway configurations like canaries and authorizers.
3. Understood the internals of secure token-based authentication using JWT in a practical AWS context.

What we learned

1. How to use Lambda and API Gateway effectively for scalable and maintainable serverless APIs.
2. How to manage canary deployments in AWS and promote versions safely.
3. Hands-on experience with JWT, token signing, and Lambda Authorizers.
4. How to observe API activity and debug effectively using CloudWatch.

What's next for ShonenChain We plan to:

1. Add DynamoDB integration to persist API data.
2. Implement more advanced security (rate-limiting, API keys).
3. Create a front-end interface to interact with the API.
4. Package the project as a reusable template for other developers learning serverless architecture.

Built With

• api-gateway
• aws-lambda
• postman-api
• python
• visual-studio-code
• windows-command-line-interface-with-wsl-installed