In this project you will write ruby code to provide a semi-trivial HTTP API. Your code will be deployed using a single AWS Lambda function.
Student has leveraged JWTs to provide authorization protection to HTTP endpoints.
Student has utilized HTTP request methods, resources, headers, and bodies to differentiate between distinct HTTP requests.
Student has implemented two endpoints to an HTTP API.
Student can deploy code to AWS Lambda.
Student has compared the performance of a static website to that of a dynamic website.
Tuesday October 8, 10:59:59 AM PDT
This protected endpoint is used to simply reflect the content contained within
data field of a valid JWT. It is a demonstration of how authorization can
be enforced on an endpoint.
Requires a valid token from
POST /token passed via the HTTP Header
Authorization whose value is
On success, returns a json document containing the contents of the
field from the provided token and responds with the status code
401 if either the token is not yet valid, or if it is expired.
403 if a proper
Authorization: Bearer <TOKEN> header is not
This endpoint is used to obtain the JWT necessary to request
/. Normally such
an endpoint would be used to authenticate a user (e.g., verify a username and
password) before returning an authorization token. For simplicity we’re skiping
the authentication step and will always return a token for a valid request.
On success, returns a json document of the format
with status code
HS256 signature (the symmetric key to use is in the environment
contains exactly three fields
data which includes the request body from the HTTP requst
exp which is set to 5 seconds after the generation time
nbf which is set to 2 seconds after the generation time
415 if the request content type is not
422 if the body of the request is not actually json.
All HTTP responses should have the content type
shouldn’t need to do anything to satisfy this requirement.
Requests to any other resources must respond with status code
/token which do not use the appropriate HTTP method must
respond with status code
The CS291 SSH jump box provides all the necessary configuration to deploy this
project to AWS. Using the
*.pem file you were shared on Google Drive, ssh
into the jump box via:
ssh -i <ACCOUNT_NAME>.pem <ACCOUNT_NAME>@ec2.cs291.com
For example, if your account name is
some-student, you should have the file
some-student.pem, and you will run the command:
ssh -i some-student.pem email@example.com
Once on the box you can clone the template repository:
git clone https://github.com/scalableinternetservices/cs291a_project1_template.git
Then, run the file directly to ensure the example code works:
cd cs291a_project1_template ruby function.rb
Deploy the function:
Note: Please do not do any load testing from this machine.
Please use the following script to verify your web application: https://github.com/scalableinternetservices/ucsb_website/tree/master/scripts#project-1-verification-script
On average, how many successful requests can
ab complete to
/token in 8
seconds with various power-of-two concurrency levels between 1 and 256?
Using data you’ve collected, describe how this service’s performance compares to that of your static webpage from Project 0 (remeasure those results if necessary).
What do you suspect accounts for the difference in performance between GitHub pages and your AWS Lambda web service?