Interludic2000 feature cdk apigw sqs lambda sns #2798
Conversation
| iam.PolicyStatement( | ||
| effect=iam.Effect.ALLOW, | ||
| actions=["sns:Publish"], | ||
| resources=["*"] |
There was a problem hiding this comment.
Lambda function has permission to publish to all SNS resources using wildcard "*" which violates least privilege principle.
Restrict SNS publish permissions to specific topic ARN or use account-level resource constraint.
...
resources=[f"arn:aws:sns:{self.region}:{self.account}:*"]
...
| if not phone_number or not message: | ||
| logger.error("Missing phoneNumber or message in event body") | ||
| return | ||
|
|
There was a problem hiding this comment.
Lambda function doesn't validate phone number format before sending to SNS, allowing potential injection or abuse.
Add regex validation for E.164 phone number format before processing.
# Validate E.164 format
if not re.match(r'^\+[1-9]\d{1,14}$', phone_number):
logger.error(f"Invalid phone number format: {phone_number}")
return
| @@ -0,0 +1,141 @@ | |||
| # Webhook SNS Pattern - CDK Version | |||
There was a problem hiding this comment.
| # Webhook SNS Pattern - CDK Version | |
| # Webhook Amazon SNS Pattern - CDK Version |
| ## Architecture | ||
|
|
||
| ``` | ||
| API Gateway (POST) → SQS Queue → Lambda Function → SNS (SMS) |
There was a problem hiding this comment.
| API Gateway (POST) → SQS Queue → Lambda Function → SNS (SMS) | |
| Amazon API Gateway (POST) → Amazon SQS Queue → AWS Lambda Function → Amazon SNS (SMS) |
|
|
||
| ## Components | ||
|
|
||
| - **API Gateway**: REST API endpoint to receive webhook events |
There was a problem hiding this comment.
| - **API Gateway**: REST API endpoint to receive webhook events | |
| - ** Amazon API Gateway**: REST API endpoint to receive webhook events |
|
|
||
| - **API Gateway**: REST API endpoint to receive webhook events | ||
| - **SQS Queue**: Decouples the API from processing and provides reliability | ||
| - **Lambda Function**: Processes messages and sends SMS via SNS |
There was a problem hiding this comment.
| - **Lambda Function**: Processes messages and sends SMS via SNS | |
| - ** AWS Lambda Function**: Processes messages and sends SMS via SNS |
| - **API Gateway**: REST API endpoint to receive webhook events | ||
| - **SQS Queue**: Decouples the API from processing and provides reliability | ||
| - **Lambda Function**: Processes messages and sends SMS via SNS | ||
| - **SNS**: Sends SMS messages to phone numbers |
There was a problem hiding this comment.
| - **SNS**: Sends SMS messages to phone numbers | |
| - ** Amazon SNS**: Sends SMS messages to phone numbers |
| cdk deploy | ||
| ``` | ||
|
|
||
| 4. Note the API Gateway endpoint URL from the output. |
There was a problem hiding this comment.
| 4. Note the API Gateway endpoint URL from the output. | |
| 4. Note the Amazon API Gateway endpoint URL from the output. |
| "description": "API Gateway webhook integration that queues events in SQS and processes them with Lambda to send SMS notifications via SNS", | ||
| "language": "Python", | ||
| "level": "200", | ||
| "framework": "AWS CDK", |
There was a problem hiding this comment.
| "framework": "AWS CDK", | |
| "framework": "CDK", |
|
|
||
| This is a simplified AWS CDK implementation of a webhook integration pattern that receives webhook events via API Gateway, queues them in SQS, and processes them with Lambda to send SMS notifications via SNS. | ||
|
|
||
| ## Architecture |
There was a problem hiding this comment.
The architecture explanation is brief and lacks details on how the components interact.
Expand the architecture explanation section to provide a more detailed description of how API Gateway, SQS, Lambda, and SNS work together in this pattern.
Adding an architecture diagram might be even better.
4 participants
Issue #, if available:
Description of changes:
This is a simplified AWS CDK implementation of a webhook integration pattern that receives webhook events via API Gateway, queues them in SQS, and processes them with Lambda to send SMS notifications via SNS.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.