AWS DynamoDB
A simple REST API that uses AWS DynomoDB as its data store.
At the end of this chapter you will be able to:
-
Set up an AWS DynamoDB Table
-
Use the
ROSADemosRolewith OpenShift SA -
Deploy the
FruitsAppJava Application -
Check and verify only authorized OpenShift SA is able peform CRUD on DynamoDB
Pre-Requisites
Ensure that you have completed the following before running the exercises of this chapter:
-
All steps in AWS IAM is completed
Build Service UI
|
Do this only if you have not already build it or made some changes to UI |
All the demos use demonstrates the integration with simple Fruits REST API,to play with API the demos provides ReactJS UI.
The following section details how build UI to make it available for the other demo applications to use it as part of respective packaging.
Navigate to tutorial home folder
cd $TUTORIAL_HOMERun maven commands to build and install UI artifacts to local repo:
./mvnw -N install(1)
./mvnw -Pbuild-ui clean install(2)| 1 | Install the projects to the local maven repo |
| 2 | Install the UI to the local maven repo, it will be used by the Quarkus and SpringBoot project packaging |
cd $TUTORIAL_HOME/dynamodbEnsure you are on the right OpenShift project rosa-demos:
oc project -qSetup DynamoDB
Creation of DynamoDB is disabled by default, you need to enable it create the table QuarkusFruits that will be used as part of this Demo:
Edit the file $TUTORIAL_HOME/setup/env/extravars#L11 and update dynamodb to be True.
Run the setup script to create the DynamoDB table,
$TUTORIAL_HOME/setup/hack.shLet’s ensure if all the required environment variables are set up correctly
export AWS_REGION='<your aws_region value>'(1)| 1 | The AWS region to use |
export ROSA_DEMO_ROLE_ARN=$(aws iam get-role --role-name --output json ROSADemosRole | jq -r '.Role.Arn')(1)| 1 | The AWS Role ARN for the ROSADemosRole IAM role |
Check Application Deployments
Once the maven build completes successfully you can check the status of the application deployment:
oc get deploy -n rosa-demosBased on which variant of Application you deployed Quarkus or SpringBoot you should see an output as shown below. Assuming the Quarkus variant deployed:
NAME READY UP-TO-DATE AVAILABLE AGE
db-adminer 1/1 1 1 19h
pgsql-client 1/1 1 1 14h
rosa-fruits-app-quarkus 1/1 1 1 4h48m|
You can also verify the same via ROSA OpenShift Web Console by navigating to |
Check Application Deployments
The AWS IAM role allows accessing the application only from rosa-demos workspace and as rosa-demo-sa,
Get the Route:
export APP_URL="http://$(oc get route rosa-fruits-app -n rosa-demos -ojsonpath='{.spec.host}')"Application UI
Open the $APP_URL in your browser. The UI will allow you to list, add and delete fruits.
|
The List will display an error if you are not authorized to access the APP :) |
Using Swagger UI
You can access the Swagger UI from http://$APP_URL/swagger-ui and perform the REST operations.
The following REST URI end points are available:
e.g.
e.g. |
e.g. |
e.g. |
Verify Access
To make sure the IAM works, try deploying the application a different namespace, for e.g. demos
oc new-project demosNow do the Quarkus or SpringBoot deployment on the demos namespace.
Now when you try any of the API methods above, you should get HTTP 403 as the IAM policy controls the Service Account (rosa-demo-sa) and its namespace.