This project lets you provision a ready-to-use fully serverless real-time chat application using Amazon ApiGateway Websockets. The infrastructure code is using the AWS Cloud Development Kit(AWS CDK) and implemented in both Typescript and NET8. The frontend is written using Angular 17.
TS | NET8 | Feature description |
---|---|---|
✅ | ✅ | "One-click" serverless deployment using AWS CDK |
✅ | ✅ | Infrastructure is split into 6 interdependent stacks (Authorization, Database, REST API, Websocket API, Frontend, Observability) |
✅ | ✅ | Secure HTTPS connection and content delivery using Amazon Cloudfront |
✅ | ✅ | Built-in authentication using Amazon Cognito |
✅ | ✅ | Built-in REST API authorization using Cognito UserPool Authorizer |
✅ | ✅ | Synchronous real-time messaging using API Gateway Websocket API |
✅ | ✅ | Asynchronous user status updates using Amazon SQS and API Gateway Websocket API |
✅ | ✅ | Environment-agnostic Single Page Application frontend (dynamic environment configuration loading) |
✅ | ✅ | Complete request tracing using AWS X-Ray |
✅ | ✅ | Lambda Powertools integration |
✅ | ✅ | Structured logging and monitoring using Amazon Cloudwatch |
✅ | ✅ | Custom metrics & Cloudwatch dashboard |
✅ | ❌ | Built-in infrastructure security check using CDK-NAG |
The infrastructure backend has been split into two directories (infrastructure-ts
, infrastructure-dotnet
). These folders contain language-specific implementations for both the AWS CDK code and the lambda handlers. Please read the Readme file in the relevant directory for specific deployment instructions.
- AWS CLI installed and configured with the aws account you want to use.
- AWS CDK installed and configured with the aws account you want to use.
- docker installed and is up and running locally (required for the lambda function builds).
- Angular CLI installed.
- dotnet8 installed (for the NET8 infrastructure version)
For the sake of this demo, not all security features are enabled to save cost and effort of setting up a working PoC.
Below you can find a list of security recommendations in case you would like to deploy the infrastructure in a production environment:
- Currently all registered users can immediately access the application without second factor authentication or account confirmation. This is not suitable for production use. Please change the Cognito configuration to enable e-mail/sms verification and MFA. In a future release this will be addressed with a feature flag to toggle between different authentication modes.
- The DynamoDB tables have no backups configured by default. Please enable PITR (point-in-time recovery) and table backups. The tables will be removed on cloudformation stack deletion.
- Logging for the APIGateway API/stage and for the Cloudfront distribution are disabled. Please enable these additional logs in production environments for audit and troubleshooting purposes.
- The Cloudfront distribution uses the default cloudfront domain and viewer certificate. The default viewer certificate defaults to the TLSv1 protocol. In order to enforce newer protocols, please use a custom domain with a custom certificate and set the MinimumProtocolVersion to TLSv1.2.
For language specific instructions, please check the readme file in the related infrastructure directory.
- Change directory to where UI code lives.
cd UI
- Restore NPM packages for the project
npm install
- Build the frontend application
ng build --prod
The chat application's URL will be found at the Frontend stack's output. Open the Cloudfront Distribution's URL in your browser, where you'll be redirected to the Cognito login/singup page.
Run the following command in the relevant infrastructure directory to delete the cloudformation stacks:
cdk destroy --all
The backend is fully instrumented using AWS Xray and Lambda Powertools for TypeScript (beta).
The backend outputs 3 custom metrics from the websocket API backend:
- New Connections
- Closed Connections
- Messages Delivered
The Observability Stack (TS / NET8) creates a custom Cloudwatch Dashboard where these metrics are visualised.
Requests are automatically traced and instrumented using AWS X-Ray. You can use the ServiceMap to visualise the interactions between the backend components and trace latencies, response codes, etc. between these components.
You can find a more detailed description of what the API handler functions are doing here.
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.