Create a software as a service (SaaS) portal for a reference corporation, Example Corp. This example corporation lets interested customers create an account and sign up for a web-based software subscription.
• Enable website hosting for the Example Corp. website by using Amazon Simple Storage Service (Amazon S3).
• Set up and verify an email address identity by using Amazon SES. When new user accounts are created, verification emails are sent to the address that you specify in Amazon Simple Email Service (SES).
• Make the streaming applications available to users who sign up for the software subscription by using Amazon AppStream 2.0.
• Create a policy and role by using AWS Identity and Access Management (IAM).
• Attach the IAM policy to the IAM role that you created. The policy is required to run a function that you'll create.
• Create a new user pool and add an app client by using Amazon Cognito. Amazon Cognito provides user management and authentication to your AppStream streaming applications.
• Create a function by using AWS Lambda. The function generates a streaming URL for the streaming user after they have authenticated through Cognito.
• Create a RESTful API by using Amazon API Gateway. The resource and method are used to exchange requests between the streaming user and the Lambda function.
The application architecture uses Amazon S3, Amazon SES, Amazon Cognito, Amazon API Gateway, AWS Lambda, and Amazon AppStream 2.0, as shown in the following diagram.
This project includes six modules. You must complete each module before proceeding to the next.
- Host a static website
- Manage users
- Build a serverless backend
- Deploy a RESTful API
- Test your setup
- Clean up your project resources
AWS Experience: We recommend familiarity with AppStream 2.0 and other AWS services. If you are new to AppStream 2.0, see the AppStream 2.0 Getting Started Guide. This guide describes how to:
- Install and configure two applications.
- Perform foundational administrative tasks by using the AppStream 2.0 console.
- Provision a virtual network in Amazon Virtual Private Cloud (Amazon VPC) by using a provided AWS CloudFormation template.
Time to complete: 2.5 hours
- An AWS account: This lets you begin using AppStream 2.0 and other AWS services. For more information, see How do I create and activate a new Amazon Web Services account?
- An AppStream 2.0 environment: An AppStream 2.0 image, fleet, and stack are required to complete this project. For information about how to create these resources, see the following topics in the AppStream 2.0 Developer Guide:
- Email accounts: Have access to at least one test user email address to complete the configuration described in this project.
CloudFormation Template: You can launch one of these AWS CloudFormation templates in the Region of your choice to build the resources necessary for this workshop automatically.
Region | CloudFormation Template |
---|---|
US West (Oregon) | Launch stack > |
US East (N. Virginia) | Launch stack > |
Asia Pacific (Mumbai) |
Launch stack > |
Asia Pacific (Tokyo) | Launch stack > |
Asia Pacific (Sydney) | Launch stack > |
Asia Pacific (Singapore) | Launch stack > |
Asia Pacific (Seoul) | Launch stack > |
EU (Ireland) | Launch stack > |
EU (Frankfurt) | Launch stack > |
The following steps show how to use a template in AWS CloudFormation to automate most of the tasks described in Modules 1 through 4 of this project. For a list of these tasks, see the “Tasks you’ll accomplish” section in the project Overview page.
Note
Although the CloudFormation template automates most of the tasks for this project, an existing AppStream 2.0 image, fleet, and stack are still required. The CloudFormation template does not create these resources. In addition, you must set up and verify an email address identity by using Amazon Simple Email Service (SES). For more information, see “Step 1. Add and verify a new email address identify in Amazon SES” in Module 2. Manage Users.
1. Make sure that you are signed in to the AWS Management Console.
2. In the list of regional choices, open the Launch Stack link that is associated with the AWS Region in which you want to build your environment for this project.
3. On the Quick create stack page, the following information displays:
- Template URL: The URL for the template
- Stack description: A description for the CloudFormation stack.
- Stack name: The name of the CloudFormation stack. The default name is as2-stack-002. Keep the default name or optionally, change the name to one that is meaningful to you (or example, examplecorp-cfn-stack-saas).
4. Under Parameters, do the following:
- For AppStream2FleetName, type the name of the AppStream 2.0 fleet to use.
- For AppStream2StackName, type the name of the AppStream 2.0 stack to use.
- For S3BucketName, type a globally unique name for your Amazon S3 bucket (for example, examplecorp-s3bucket-saas-<yourfirstname-yourlastname>). The S3 bucket hosts your website.
5. Under Capabilities, you are notified that the template includes Identity and Access Management (IAM) resources that have minimum required permissions. Specifically, [AWS::IAM::Role] capabilities are required. Select the check box to acknowledge that CloudFormation might create IAM resources with custom names.
6. Choose Create stack.
7. When the creation process completes, the AWS CloudFormation console displays a status of CREATE_COMPLETE.
8. With your stack selected, choose the Outputs tab.
9. In the Outputs table, under the Key column, make a note of the values for the resources that the CloudFormation template created:
- BucketName – The name of the S3 bucket. The name that you specified for the S3 bucket in step 4 is used.
- ExampleCorpApiGWInvokeUrl -- The API Gateway invoke URL. The URL follows this format: https://<code>.execute-api.<region>.amazonaws.com/dev
- Cognito User Pool ID -- The ID for the Cognito user pool.
- Client ID -- The ID for the app client. The ID follows this format: <region>_<code>.
- Website URL -- The Amazon S3 website endpoint for the S3 bucket. The URL follows this format: https://<S3bucketname>.s3-website-<region>.amazonaws.com.
10. Download the contents of the Example Corp website assets zip file. (workshop_02_SaaS.<GUID>.zip) to your local computer.
11. Extract the contents of the file that you downloaded on your local computer.
12. Navigate to the location where you extracted the contents of the zip file on your local computer, and open the following file in a text editor: assets/js/config.js.
13. In the file, search for and set values for the following variables:
- userPoolId – The ID of the Cognito user pool.
- userPoolClientId -- The value of the app client ID.
- region -- The code for the AWS Region where you created your CloudFormation stack. For a list of Region codes, see the Region column in the AppStream 2.0 Region and Endpoint table.
- Invokeurl -- The value of the API Gateway invoke URL.
14. Save your changes and close the file.
15. Open the Amazon S3 console at https://console.aws.amazon.com/s3/.
16. In the Bucket name list, choose the name of the S3 bucket that you specified in step 4.
17. Navigate to the location where you extracted the contents of the zip file on your local computer. Open the workshop_02_SaaS.<GUID> folder. This folder includes the following folders and files:
- assets
- images
- index.html
- LICENSE.TXT
- NOTICE.TXT
- register.html
- signin.html
- THIRD-PARTY.TXT
- verify.html
18. Select all of the files and folders under the workshop_02_SaaS.<GUID> directory. Do not select the folder itself.
19. In the Amazon S3 console window, on the Overview tab, choose Upload.
20. Drag and drop your selections into the Upload dialog box.
21. Choose Upload.
22. Wait for the upload to complete, and verify that the correct files and folders appear in the list on the Overview tab.
23. In the menu in the upper left corner of the console, choose Services.
24. In the search box, type cloudformation, and then choose CloudFormation from the search results.
25. In the Stacks list, under Stack name, choose the name of the stack that CloudFormation created.
26. On the Outputs tab, under Value, choose the URL that corresponds to the WebsiteURL key. The Example Corp website home page displays.
27. In the website address bar, append the URL with /signin.html. The Example Corp Portal Sign In page displays.
28. To continue testing, perform the steps starting with step 2 in in Module 5. Test your setup.