This week I did a talk for SkyBet at the JVM Thing. It was a great night and brilliant to see such a broad range of topics covered.

The basis of it was a live demo. This Terraform module spins up a Lambda function behind an API gateway to store credit card details in a DynamoDB.

# add a Lambda function to field HTTP requests
module "lambda" {
  source = "./lambda"
  aws_region = "${var.aws_region}"
}

# create a static site in S3
module "static" {
  source = "./static"
  site_bucket_name = "<bucket name>"
  aws_region = "${var.aws_region}"
  post_target = "${module.lambda.kardapi_gateway_deployment_invoke_url}/card/add"
}
output "static_url" {
  value = "${module.static.site_url}"
}

It then creates a static website in an S3-bucket to post card details to the Kotlin handler.

# create bucket
resource "aws_s3_bucket" "site_static" {
  bucket = "${var.site_bucket_name}"
  acl = "public-read"

  cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["PUT","POST"]
    allowed_origins = ["*"]
    expose_headers = ["ETag"]
    max_age_seconds = 3000
  }
  policy = <<EOF
{
  "Id": "bucket_policy_site_static",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "bucket_policy_site_static_main",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::${var.site_bucket_name}/*",
      "Principal": "*"
    }
  ]
}
EOF
  website {
      index_document = "index.html"
      error_document = "error.html"
  }
  tags {
  }
  force_destroy = true
}

For security reasons and to emphasise this is a proof-of-concept, it randomly generates the ‘card’ numbers so that no real credit card information gets stored.

// use JS to make up card details
function makeRandom(id, min, max, format) {
    var output = '';
    var separator = '-';
    // split format up into XX blocks
    var chunks = format.split(separator);
    // loop through blocks and substitute
    for (var i=0 ; i<chunks.length ; ++i) {
        // 2nd, 3rd, nth chunk is preceded by a separator
        if (i !== 0) {
            output += separator;
        }
        var chunk = chunks[i];
        // create a random number and pad to be the correct length
        var chnum = pad(Math.floor((Math.random()*(max - min)) + min), chunk.length);
        // append number to output
        output += '' + chnum;
    }
    // apply to field
    $(id).val(output);
    return output;
}
function pad(n, width, z) {
    z = z || '0';
    n = n + '';
    return n.length >= width ? n : new Array(width - n.length + 1).join(z) + n;
}
makeRandom('input[name=number]', 0, 9999, 'XXXX-XXXX-XXXX-XXXX');
makeRandom('input[name=expirymonth]', 01, 12, 'XX');
makeRandom('input[name=expiryyear]', 19, 26, 'XX');
makeRandom('input[name=cvv]', 0, 999, 'XXX');

Terraform does a lovely job on the templating, which means we can dynamically insert the handler’s (API gateway) URL into the form’s HTML.

<form name="addcard" action="${post_target}" method="post">
    <p>Name: <input type="text" name="name" value="" /></p>
    <p>Card number: <input class="readonly" type="text" name="number" value="" readonly="readonly" /></p>
    <p>Expiry: <input class="readonly" type="text" name="expirymonth" value="" readonly="readonly" /> / <input class="readonly" type="text" name="expiryyear" value="" readonly="readonly" /></p>
    <p>CVV: <input class="readonly" type="text" name="cvv" value="" readonly="readonly" /></p>
    <input type="submit" name="submit" value="Store" />
</form>

The source code is available open-source thanks to SkyBet’s progressive attitude towards proof-of-concept work - really enjoying working with the Nexus team there. The infrastructure-as-code is based on Lightenna’s Workstream examples so can be spun-up with a single terragrunt apply command. Whether you’re a pro-coder or just getting started, check it out and let me know how you get on.

Leave a comment