NanoAPI Docs
Intro to Nano APIGetting Started
Tutorials
1. Deploy A Simple Math APIStep 1: Fork the Example RepoStep 2: Setup AWSStep 3: Configure Nano APIStep 4: Run the BuildStep 5: Verifying the DeployStep 6: View the AWS Resources (Optional)Step 7: Cleanup (Optional)Conclusion
Security
Supported Technologies

Tutorial 1: Deploy A Simple Math API

Time to complete: 10 minutes

This tutorial assumes that you have already gone through the Getting Started page and connected your GitHub account.

Will following this tutorial cost me anything?

This tutorial is totally free on both Nano API and AWS! Since the repo is public on GitHub, it will fall under our free usage quota. All of the AWS resources involved are included on the free tier as well. (But be sure to delete them afterwards, just in case)

Step 1: Fork the Example Repo

We've made an example repo for you to play around with and explore before committing to using the tool. This repo is available here: NodeJS Test API.

  1. In the upper right-hand corner, select "fork"
  2. Give the repo a name.
  3. Make sure to select the account as the owner that you have connected to NanoAPI.

Step 2: Setup AWS

This step assumes that you are setting up a fresh AWS account. If you're interested in the security considerations for your AWS account, please see: AWS Security.

After setting up your account and your billing details, go to the IAM service within the AWS Console.

2.1 Create a Manged Policy

Nano API needs to be able to create and manage AWS resources on your behalf. To do this, we'll create a managed policy that we can attach to a user group later.

  1. In the AWS Console, navigate to the IAM service.
  2. In the left-hand pane, click on "Policies".
  3. Click on "Create Policy".
  4. Click on the "JSON" tab.
  5. Copy the following JSON into the text field:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "NanoAPICreateRole",
"Action": [
"iam:AttachRolePolicy",
"iam:CreateRole",
"iam:PutRolePolicy",
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::<account_id>:role/APIGatewayExecLambda",
"arn:aws:iam::<account_id>:role/AwsBuilderFunctionCreation"
]
}
]
}
  1. Replace <account_id> with your AWS account ID. You can find this in the upper right-hand corner of the AWS Console (in the dropdown with your account name).
  2. Click "Review Policy".
  3. Give the policy a name. For this tutorial we'll use NANOAPI_MANAGE_ROLES.
  4. Click "Create Policy".

NOTE: APIGatewayExecLambda and AwsBuilderFunctionCreation are the default names for the roles that Nano API creates in your AWS account. But they will not exist at the time of creating this policy. That's okay! We'll attach this policy to a user group later, and when Nano API tries to create the roles, it will have the permissions to do so.

2.2 Create the User group

Now that we have a managed policy for IAM, we can create a user group that will have the permissions to create and manage AWS resources on your behalf.

  1. In the IAM Console, click on "User Groups".
  2. Click on "Create Group".
  3. Go ahead and come up with a name for the group. For this tutorial we'll use NANOAPI_ACCESS.
  4. Scroll down to the "Permissions" section and type "Lambda" in the search box.
  5. Click the checkbox next to "AWSLambda_FullAccess".
  6. Clear the search and this time search for "Gateway".
  7. Click the checkbox next to "AmazonAPIGatewayAdministrator".
  8. Clear the search and this time search for "NANOAPI".
  9. Click the checkbox next to "NANOAPI_MANAGE_ROLES". This is the policy we created in the previous step.
  10. Click "Next: Tags".
  11. (Optional) Add tags to the group and click "Next: Review".

These are the minimum required policies that enable Nano API to create, configure, and delete AWS API Gateway and Lambda resources on your behalf.

Finally, click "Create Group".

2.3 Create a User

For Nano API to manage your AWS account, it needs to be able to assume the role of a user with limited access.

  1. In the left-hand pane of IAM, click on "Users", and then "Add users".
  2. We'll use the name "NAPI_BUILD_ACCOUNT" for this tutorial.
  3. Leave the "Provide user access to the AWS Management Console" unchecked. We won't need it. Click "Next".
  4. Select "Add User to Group" and click the checkbox next to "NANOAPI_ACCESS". Click "Next".
  5. Click on "Create User".
  6. Now that the user is created, we need to get the ID to allow Nano API to perform actions as that user. Click on the newly created "NAPI_BUILD_ACCOUNT".
  7. Click on "Security Credentials".
  8. Scroll down to "Access Keys" and click on "Create access key".
  9. In this menu, select "Application running outside AWS", and click "Next".
  10. (Optional) Create tags and click "Create access key".
  11. Note down BOTH the "Access key" and "Secret access key" and keep them somewhere safe.

2.4 Collect Account Info

As a last step, AWS will need Nano API to specify your account ID and selected region in some of the requests we make on your behalf.

  1. In the upper right-hand corner of the AWS console, click on your account name and copy the " Account ID" listed there (without dashes).
  2. Then, in the dropdown next to it, select a region to deploy to. (Ex: "us-west-1")

Step 3: Configure Nano API

Now we have everything we need to get a build started! Open up the Nano API Dashboard and navigate to the "Secrets and Variables" page.

  1. Select the "Secrets" tab and click on "+ Add Repository Secret".
  2. For the "Name" field, type ACCESS_KEY and paste the AWS Access key into the "Secret" field.
  3. Repeat the above steps for ACCESS_SECRET, REGION, and ACCOUNT_ID.

Step 4: Run the Build

We're almost done. The last step is to actually run the build. Navigate to "My Repositories" and find the NodeJS Test API you forked earlier.

Click on "Run Build", and watch the magic happen! 😎

Step 5: Verifying the Deploy

Now for the fun part, testing our new serverless function API.

In the build logs output, you will see a list of GET and POST urls. Copy one of them, and make one of the following requests:

GET:

curl <your_aws_url>/api/v2/maths/time

POST:

curl -X POST -H "Content-Type: application/json" -d '{"a":5, "b":3}' <your_aws_url>/api/v2/maths/addition

Step 6: View the AWS Resources (Optional)

If you're curious about what we've created for you in AWS, feel free to open the AWS console and navigate to the Lambda or API Gateway services to see your new resources.

NOTE: If you don't see your resources, make sure you have the correct region selected in the upper right-hand corner of the console.

Step 7: Cleanup (Optional)

To make doubly sure that AWS doesn't charge you for usage, make sure to clean up the following resources in the AWS console:

Lambda

  1. Open the Lambda console and click on "functions" in the left-hand side of the screen.
  2. Click the select all checkbox above the functions and click "Actions" > "Delete".
  3. Type "delete" in the text field and click "Delete".

API Gateway

  1. Open the API Gateway Console and select the API we've just created.
  2. Click on "Actions" > "Delete".

And that's it! Your AWS account is now reset.

Conclusion

This tutorial has shown what Nano API can do for streamlining the switch to serverless. Now that your account is setup, you can run builds on any other Repos you own without any additional configuration. Happy coding! 🎉