Become an AWS pro by learning to run serverless applications with AWS Lambda. Developed by AWS Solution Certified Architects. Get hands-on, no setup, no cleanup, no hassle.

aws_image.tar.gz

LANG

LC_ALL

aws_access_key_id

aws_secret_access_key

BUCKET_NAME

aws_region

dockerjob

dockerjob-copy

RunSamLogsTail

RunCfnLint

RunSamLocal

RunVersionCode

RunGradualDeployment

RunDeploymentAlert

RunChap6CustomisingResponses

RunChap6Processingrequestparameters

RunChap6GlobalSettings

RunChap6CreatingParameterisedCloudFormationStacks

RunChap7

RunChap8

RunChap9AvoidingCircularReferences

RunChap9ConditionalResources

RunChap10InvokingSystemUtilities

RunChap10PublishingToSAR

RunChap11UploadingFilestoS3

RunChap12LambdaUtilityFunctions

dockerjob-copy-ForceRelaunch

dockerjob-copy-copy-FR

RunSamLogsTail-copy

RunCfnLint-copy

RunSamLocal-copy

RunVersionCode-copy

RunGradualDeployment-copy

RunDeploymentAlert-copy

RunChap6CustomisingResponses-copy

RunChap6Processingrequestparameters-copy

RunChap6GlobalSettings-copy

RunChap6CreatingParameterisedCloudFormationStacks-copy

RunChap7-copy

RunChap8-copy

RunChap9AvoidingCircularReferences-copy

RunChap9ConditionalResources-copy

RunChap10InvokingSystemUtilities-copy

RunChap10PublishingToSAR-copy

RunChap11UploadingFilestoS3-copy

RunChap12LambdaUtilityFunctions-copy

RunSamLogsTail-copy1

RunVersionCode-copy1

RunGradualDeployment-copy1

RunDeploymentAlert-copy1

RunChap6CustomisingResponses-copy1

RunChap6Processingrequestparameters-copy1

RunChap6GlobalSettings-copy1

RunChap6CreatingParameterisedCloudFormationStacks-copy1

RunChap7-copy1

RunChap8-copy1

RunChap9AvoidingCircularReferences-copy1

RunChap9ConditionalResources-copy1

RunChap10InvokingSystemUtilities-copy1

RunChap10PublishingToSAR-copy1

RunChap11UploadingFilestoS3-copy1

RunChap12LambdaUtilityFunctions-copy1

In the world of modern development, serverless computing has become table stakes. Serverless computing has seen a major uptake with AWS Lambda having an increased adoption of 667% in 2018. Companies are making the switch to serverless for shorter time to market and decreased operational costs, but for you the advantage lies in the ability to offload the burden of managing infrastructure to serverless platforms, so you can focus on building even better apps.

In this course, you will learn how to run serverless applications using AWS Lambda. You’ll start with the basics such as creating a web service where you’ll learn the steps to deploy an AWS Serverless Application Model (SAM). You’ll then move on to more advanced topics such as handling HTTP Requests, using external storage, and managing sessions and user workflows. By the end of this course, you will be ready to work with AWS Lambda in a professional setting, and you’ll have a great, transferable skill that employers will love to see.

Running Serverless Applications with AWS Lambda

# Cross-origin resource sharing (CORS)
Client code will need to access resources from S3 and API Gateway, which will be on different domains. To prevent online fraud, browsers request special authorisation when a page from one domain wants to access resources on another domain. This is cross-origin resource sharing (CORS). Here's a quick introduction to how CORS works. It should be enough for your needs in this course (for a more in-depth introduction to CORS, check out the [_Cross-Origin Resource Sharing_](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) documentation page on the Mozilla Developer Network):

An _origin_, in browser terminology, is a combination of URL protocol, domain and, optionally, network port. So, for example, the origin <https://runningserverless.com> is distinct from <https://gojko.net>. Browsers will happily load scripts or images from a different origin during primary web page parsing, but they will not allow background network requests to different origins so willingly. For example, a page from runningserverless.com can include an image from gojko.net in its HTML contents without any special configuration. However, the same page will not be able to read the same image asynchronously using JavaScript unless the CORS settings of gojko.net explicitly allow it.

# Pre-flight request
Before executing a network request from JavaScript code, browsers will verify that the page is actually allowed to access a resource on a different origin. Browsers do that by sending a _pre-flight_ request to the resource URL. The pre-flight request is an HTTP call using the _OPTIONS_ method, including the resource it wants to access and the CORS context URL. It's essentially a browser asking the remote server: 'If I were to try making this request for a page from this origin, would you let me?' 

The resource server is supposed to reply to the pre-flight request repeating the requested origin and providing a list of HTTP headers and methods it would allow for that resource. Technically, the server response needs to include the policy in the `Access-Control-Allow-Origin`, `Access-Control-Allow-Methods` and `Access-Control-Allow-Headers` HTTP headers. 

The browser then compares the allowed methods and headers to the request the JavaScript code wants to send. If everything matches, it proceeds with the full request. Otherwise, it will make the JavaScript code think that there was a network error. 

When the resource server responds to the full request (not just the pre-flight request), it also needs to include the _Access-Control-Allow-Origin_ header, responding with the same origin as the current page. Without that, the browser will refuse to pass the result back to the JavaScript code.

> CORS security errors are particularly tricky to troubleshoot​ because they only apply to background browser actions. Running exactly the same request from a command line, for example using `curl`, won't show any problems. You also won't find any logs on the server about such problems, because browsers kill requests before they even reach your API. 

When you move web assets to a separate website endpoint and move the client workflows to JavaScript, you'll introduce potential CORS issues into the application. 

The first step in the [figure](https://www.educative.io/courses/running-serverless-applications-aws-lambda/moving-static-assets-out-of-lambda-functions), retrieving the web page, is a direct request, so it falls outside CORS. 

The second step ('get pre-signed grants') will be a JavaScript call to the API Gateway URL, which will be on a different origin, so it will be restricted by CORS. 

The third step ('upload file') will post a form dynamically to the uploads bucket URL, also on a different origin and restricted by CORS. 

The fourth step ('get results') also requires CORS, because you'll be polling the results bucket dynamically to check whether the file is ready.

# Configuring S3 buckets for CORS

The second and third CORS issues are easy to address. Because S3 supports basic web serving features, including CORS, you can use CloudFormation to configure CORS policies on S3 buckets. You just need to add the CORS origin (the website endpoint for the static assets) to the upload and thumbnails bucket using the `CorsConfiguration` property.

The upload bucket should only allow `POST` requests across origins, and only from the pages loaded from the assets bucket. The `UploadS3Bucket` resource is changed in your template to match the following listing (the important changes are in lines 8-16).


In this lesson, you will learn how to work with cross-origin resource sharing when using AWS Lambda. 

Working With Cross-Origin Resource Sharing

Getting Started

Setup Tools for Local Development

Creating a Web Service

Host a Serverless Application on AWS Lambda

Development and Troubleshooting

Core Features of AWS Lambda

Handling HTTP Requests

Using External Storage

Cheaper, Faster, Serverless

Handling Platform Events

Using Application Components

Managing Sessions and User Workflows

Designing Robust Applications

Deployment Options

Process Amazon SNS Notifications with AWS Lambda

Working With Cross-Origin Resource Sharing

Host a Serverless Application on AWS Lambda

Process Amazon SNS Notifications with AWS Lambda

Working With Cross-Origin Resource Sharing

Cross-origin resource sharing (CORS) #