11 - Securing our Deployment with AWS System Manager Parameter Store

codingforentrepreneurs · codingforentrepreneurs · commit 31221369b37a · 2024-01-24T15:01:55.000-07:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -9,6 +9,7 @@
   },
   "dependencies": {
     "@neondatabase/serverless": "^0.7.2",
+    "aws-sdk": "^2.1543.0",
     "drizzle-orm": "^0.29.3",
     "express": "^4.18.2",
     "serverless-http": "^3.1.1"
diff --git a/serverless.yml b/serverless.yml
@@ -8,6 +8,18 @@ provider:
   environment:
     DEBUG: ${env:DEBUG, 0}
     DATABASE_URL: ${env:DATABASE_URL, "fallback value"}
+  iam:
+    role:
+      name: serverless-my-ssm-role
+      statements:
+        - Effect: 'Allow'
+          Resource: '*'
+          Action:
+            - "ssm:GetParameter"
+            - "ssm:GetParameters"
+            - "ssm:GetParametersByPath"
+            - "ssm:GetParameterHistory"
+            - "ssm:DescribeParameters"
 
 functions:
   api:
@@ -21,6 +33,7 @@ custom:
       - AWS_ACCESS_KEY_ID
       - AWS_SECRET_ACCESS_KEY
       - AWS_SESSION_TOKEN
+      - DATABASE_URL
 
 plugins:
   - serverless-offline
diff --git a/src/index.js b/src/index.js
@@ -1,27 +1,40 @@
 const serverless = require("serverless-http");
 const express = require("express");
-const { neon, neonConfig} = require('@neondatabase/serverless'); //commonjs
+const AWS = require("aws-sdk")
+const { neon, neonConfig } = require('@neondatabase/serverless'); //commonjs
 
+const AWS_REGION='us-east-2'
+const STAGE = process.env.STAGE || 'prod'
 
 const app = express();
+const ssm = new AWS.SSM({region: AWS_REGION})
+
+const DATABASE_URL_SSM_PARAM=`/serverless-nodejs-api/${STAGE}/database-url`
 
 
 async function dbClient(){
   // for http connections
   // non-poooling
+  const paramStoreData = await ssm.getParameter({
+      Name: DATABASE_URL_SSM_PARAM,
+      WithDecryption: true
+  }).promise()
+  // console.log(paramStoreData.Parameter.Value)
+  // const dbUrl = ??
   neonConfig.fetchConnectionCache = true
-  const sql = neon(process.env.DATABASE_URL);
+  const sql = neon(paramStoreData.Parameter.Value);
   return sql
 }
 
 
 app.get("/", async (req, res, next) => {
   console.log(process.env.DEBUG )
   const sql = await dbClient()
-  const [results] = await sql`select now();`
+  const [dbNowResult] = await sql`select now();`
+  const delta = (Date.now() - dbNowResult.now.getTime()) / 1000
   return res.status(200).json({
     message: "Hello from root!",
-    results: results.now,
+    delta: delta,
   });
 });
 
