Using AWS's API Gateway + Lambda + Python to run a simple websocket application. For learning/testing

Overview

aws-simple-websocket

Using AWS's API Gateway + Lambda + Python to run a simple websocket application. For learning/testing. The AWS Resources seemed overly complex and were missing some critical gotchas in setting up a system like this.

Example terminal showing usage

Using the following for guidance:

Architecture

To keep things as basic as possible we're using a bare minimum of resources and CLI helpers where possible.

A client makes a connection via Websocket to an API Gateway V2. That gateway maintains a socket connection for us, and sends events to some sort of "integration" or handler. In our case, this will be a Lambda function that will handle the incoming socket events ($connect/$disconnect). It will handle messages sent from websocket clients, and to further expand this example, an outside data source via SNS topic. The API Gateway requires us to keep track of Connection IDs, so we can programmatically and precisely send messages to specific clients.

Using Terraform (in ./deployment) the following are created:

Architecture Diagram

  1. API Gateway V2 (Websocket) - The primary Websocket management service which holds sockets for connections and can hit a variety of AWS integrations

  2. Lambda - The main executor of business logic - where all our code will live

  3. S3 - A basic Key/Value store for our connections

  4. SNS - To demonstrate an external publisher, our Lambda function is also listening to an SNS Topic

Some additional resources are needed:

  1. CloudWatch - Logging for API Gateway and Lambda function with retention periods set by default

  2. IAM - Permissions to glue everything together

Deployment

This demo repo uses Terraform to manage cloud resources. These are all stored in the ./deployment repository. NOTE: Creating resources in AWS may incur charges to your account. Ensure you have billing alarms setup and understand AWS costs. This demo repo should cost almost nothing, however.

  1. Install Terraform
  2. Change to ./deployment directory
  3. Init Terraform (terraform init)
  4. It's best practice to use "Workspaces" to namespace resources in terraform for different environments, so create a dev workspace (terraform workspace new dev)
  5. Check if you need to enable API Gateway Logging in your current region. Feel free to set ./deployment/enf.tf:init_api_gw_logging_role to false if your account already has this setup
  6. Create the resources terraform apply
  7. Run /util/lambda-deploy dev to build and deploy the lambda code. There are no external dependencies, just boto3

Usage

Contained in ./util are a lot of small CLI scripts to allow us to interact with the system without bloating the core too much with things like static web pages for the app side.

  • lambda-build - builds a zip archive for deployment to Lambda

  • lambda-deploy - runs lambda-build and deploys the archive to the provided Lambda environment. Uses terraform to get the name of our Lambda function to deploy to

  • send-data [json] - Sends a JSON payload to connected clients via SNS Topic. Uses terraform to get the name of our SNS Topic

  • tail-logs - Watches logs for the API Gateway and Lambda function. Uses terraform to get the name of our the log groups

  • connect - Connect to the websocket using a small utility, websocat

Quick Example

  1. Deploy the stack using the above instructions.
  2. ./util/connect to connect and listen to the websocket
  3. Using a new terminal session, ./util/send-data '{"hello": "world"}'
  4. View that in your first terminal with connect running, you'll see {"hello": "world"}

Users can broadcast messages to other users as well, not just through SNS. With a connected client, send:

{"action": "broadcast", "message": "Good news, everyone!"}

You will then see: {"message": "Good news, everyone!"} in all the connected clients.

Improvements

  1. Move from print() to logging module, for the sake of keeping this really simple, I left print in there
You might also like...
A simple, configurable application and set of services to monitor multiple raspberry pi's on a network.
A simple, configurable application and set of services to monitor multiple raspberry pi's on a network.

rpi-info-monitor A simple, configurable application and set of services to monitor multiple raspberry pi's on a network. It can be used in a terminal

Simple P2P application for sending files over open and forwarded network ports.

FileShareV2 A major overhaul to the V1 (now deprecated) FileShare application. V2 brings major improvements in both UI and performance. V2 is now base

GhostVPN - Simple and lightweight TUI application for CyberGhostVPN
GhostVPN - Simple and lightweight TUI application for CyberGhostVPN

GhostVPN Simple and lightweight TUI application for CyberGhostVPN. Screenshot Us

This is a simple python script to collect sub-domains from hackertarget API
This is a simple python script to collect sub-domains from hackertarget API

Domain-Scraper 🌐 This is a simple python script to collect sub-domains from hackertarget API Note : This is tool is limited to 20 Queries / day with

A simple tool to utilize the basic functionality of the Private API From Virus Total

Welcome To VT-SCAN (viurs total api) Information This is a simple tool to utilize the basic functionality of the Private API From Virus Total. with th

This is a zeep based SOAP client wrapper for simple communication with the Bricknode SOAP API.

This is a zeep based SOAP client wrapper for simple communication with the Bricknode SOAP API.

A Scapy implementation of SMS-SUBMIT and (U)SIM Application Toolkit command packets.

A Scapy implementation of SMS-SUBMIT and (U)SIM Application Toolkit command packets.

Desktop application for checking sites connection in a background mode
Desktop application for checking sites connection in a background mode

Site connectivity checker Desktop application for checking site connection in a background mode by sending ICMP messages. Problem and solution Usually

 sync application configuration and settings across multiple multiplatform devices
sync application configuration and settings across multiple multiplatform devices

sync application configuration and settings across multiple multiplatform devices ✨ Key Features • ⚗️ Installation • 📑 How To Use • 🤔 FAQ • 🛠️ Setu

Owner
Seth Miller
Seth Miller
A lightweight python script that can monitor the T-Mobile Home Internet Nokia 5G Gateway for band and connectivity and reboot as needed.

tmo-monitor A lightweight Python 3 script that can monitor the T-Mobile Home Internet Nokia 5G Gateway for band and connectivity and reboot as needed.

null 61 Dec 17, 2022
A Python based command line ARP Spoofer utility, which takes input as arguments for the exact target IP and gateway IP for which you wish to Spoof ARP request

A Python based command line ARP Spoofer utility, which takes input as arguments for the exact target IP and gateway IP for which you wish to Spoof ARP request

Abhinandan Khurana 1 Feb 10, 2022
Openconnect VPN RPi Gateway

Openconnect-VPN-RPi-Gateway See the blog (Chinese) for how to build an Openconne

Zhongze Tang 2 Jan 30, 2022
The module that allows the collection of data sampling, which is transmitted with WebSocket via WIFI or serial port for CSV file.

The module that allows the collection of data sampling, which is transmitted with WebSocket via WIFI or serial port for CSV file.

Nelson Wenner 2 Apr 1, 2022
Simple Port Scanner script written in Python, plans is to expand upon this script to turn it into a GUI based pen testing suite

PortScanner Simple Port Scanner script written in Python, plans is to expand upon this script to turn it into a GUI based pen testing suite. #IMPORTAN

null 1 Oct 23, 2021
Passive TCP/IP Fingerprinting Tool. Run this on your server and find out what Operating Systems your clients are *really* using.

Passive TCP/IP Fingerprinting This is a passive TCP/IP fingerprinting tool. Run this on your server and find out what operating systems your clients a

Nikolai Tschacher 158 Dec 20, 2022
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

?? WebMap A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation

Iliass Alami Qammouri 274 Jan 1, 2023
A tiny end-to-end latency testing tool implemented by UDP protocol in Python 📈 .

udp-latency A tiny end-to-end latency testing tool implemented by UDP protocol in Python ?? . Features Compare with other existing latency testing too

Chuanyu Xue 5 Dec 2, 2022
This script helps us to add IP, host name entry in hosts file and create directory run nmap scan and directory scan with your favourite tools

A python script to automate your set-up for Hack The Box, It sets up Workspace, Opens TMUX session, connects to OpenVPN, Runs Nmap and many more...

Cognizance 7 Mar 25, 2022
A simple python application for generating a WiFi QR code for ease of connection

A simple python application for generating a WiFi QR code Initialize the class by providing QR code values WiFi_QR_Code(self, error_correction: int =

Ivan 2 Aug 1, 2022