Hello, Retail! is a Nordstrom Technology open-source project. Hello, Retail! is a 100% serverless, event-driven framework and functional proof-of-concept showcasing a central unified log approach as applied to the retail problem space. All code and patterns are intended to be re-usable for scalable applications large and small.
Check out https://github.com/Nordstrom/hello-retail-workshop for more explanation and a guided tour of how you might expand hello-retail with new functionality.
If you are responsible for deploying this system, you'll want to do the following:
-
Create an encryption key for use with KMS (
IAM
>Encryption keys
, select your target region,Create Key
) -
Create a Twilio account, open your "Account Settings" and create a secondary auth token for use by the hello-retail system
-
Encrypt your Twilio account's SID and also the Secondary Auth Token with the encryption key created in step 1 and place them into your private.yml:
twilio:
accountSid: ABC[...]==
authToken: DEF[...]==
this can be done easily using the "encryption helpers" capability in the Lambda console. Alternatively, the following AWS CLI command should do the trick:
aws kms encrypt --region <region> --key-id <keyId> --plaintext <accountSid> --output text --query CiphertextBlob
aws kms encrypt --region <region> --key-id <keyId> --plaintext <authToken> --output text --query CiphertextBlob
- Purchase a Twilio number and add it to your
private.yml
:
twilio:
<stage>: +12345678901 # full `+<countryCode>` and 10 digit number
-
Create an Login with Amazon account to add authentication and identity using oAuth.
-
In the Login with Amazon Developer Center -> Sign into the App Console -> Register new application button. Fill out requested information about the application.
-
Copy the Application ID to the
private.yml
in the propertyloginWithAmazonAppId
and the Client ID to the propertyloginWithAmazonClientId
:
# Login with Amazon
loginWithAmazonClientId: amzn1.application-oa2-client.0c5b13fba4be0ae5b7c1816481fc93a
loginWithAmazonAppId: amzn1.application.0bfd7ce688a440a1a0a1ad215923053e1
-
Expand Web Settings and click the Edit button.
-
In the Allowed JavaScript Origins enter the Fully Qualified Domain Name for your hosted websites, e.g.
https://<stage>.<example.com>
wherestage
will be the name of the stage web application when deployed, andexample.com
is the registered domain name. Local development requires thathttps://localhost:7700
is allowed as an origin. This application does not employ return URLs. Once the list of origins is complete, click "Save".
To deploy the entirety of the project, execute the following from the repository's root directory:
npm run root:install:all
npm run root:deploy:all
If an errors occur, troubleshoot, resolve, and resume deployment.
- Add the following roles as "Key Users" of the encryption key created in step 1 of the "Pre-Deploy Action & Configuration" section
<stage>ProductPhotosMessage1
<stage>ProductPhotosUnmessage1
<stage>ReceiveRole1
-
Note the
ServiceEndpoint
output from the execution ofnpm run photos:deploy:5
. Alternatively, inspect or describe the stackhello-retail-product-photos-receive-<stage>
and note theServiceEndpoint
output. This value will look likehttps://<apiId>.execute-api.us-west-2.amazonaws.com/<stage>
. Open the phone number configuration page for the Twilio number that you purchased and set the Messaging Webhook (use defaults "Webhooks/TwiML", "Webhook", and "HTTP POST") value to that value with a/sms
appended to it (e.g.https://<apiId>.execute-api.us-west-2.amazonaws.com/<stage>/sms
). It may be helpful to note the stage name in the "Friendly Name" field as well. Then save those configuration changes. -
Enable TTL on the table
<stage>-hello-retail-product-photos-data-PhotoRegistrations-1
using the attributetimeToLive
The code changes in the branch effectively instruments the lambdas in the Hello-Retail application
by wrapping the aws
requirements with the aws-xray-sdk
which forwards the AWS trace ID to the
other AWS services so their telemetry is included in the X-Ray Trace.
There does not appear to be support for CloudFormation to define a Lambda with Active Tracing enabled, so for each Lambda for which tracing information is desired, will need to be enabled in the AWS Console under Configuration -> Advanced Settings -> AWS X-Ray -> Enable Active Tracing.
The first time this change is made to a Lambda, the following message is displayed in the console
When you save your function with active tracing enabled, Lambda will automatically add permissions:
"xray:PutTraceSegments", "xray:PutTelemetryRecords"
to the function's current role if it does not have necessary permissions.
and when the Save button is clicked, there is an error message:
The Configuration tab failed to save. Reason: The provided execution role does not have permissions to call PutTraceSegments on XRAY
and the user is required to wait 30-60 seconds, click the Save button again, and the Lambda will save successfully
with the changes made according to the first message by adding a policy named like AWSLambdaTracerAccessExecutionRole-XXXXXXXXX
to
the Lambda's role.
- Add
xray:PutTraceSegments
andxray:PutTelemetryRecords
to appropriate roles in this branch.