di-account-management-backend

The backend and data store that serves the account management application.

This is a serverless application for AWS. It's built and deployed using the SAM CLI.

Prerequisites

We recommend using nvm to install and manage Node.js versions. Run:

nvm install

from the root of the repository or in any lambda/ folder to install the correct version on Node.

We transpile and package the Lambda functions using sam build. This needs esbuild installed globally:

npm install -g esbuild

Pre-commit

This repository uses pre-commit to run linting on all staged files before they're committed. Install & setup pre-commit by running:

pip install pre-commit
pre-commit install

Testing

Each Lambda function is a separate NPM application and has its own unit tests.

To run the tests for the query-user-services Lambda:

cd lambda/query-user-services
npm ci
npm run lint
npm run test

Post-deploy tests

We run integration tests against the deployed application in our build environment as part of the pipeline. We bundle them in post-deploy-tests.Dockerfile; this contains a /run-tests.sh script which wraps the tests.

To run the container locally against the build environment run:

aws sso login --profile di-account-build-admin

eval "$(aws configure export-credentials --profile di-account-build-admin --format env)"

docker build . -t test -f post-deploy-tests.Dockerfile

docker run -t \
  -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
  -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
  -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
  -e AWS_SECURITY_TOKEN=$AWS_SECURITY_TOKEN \
  -e AWS_DEFAULT_REGION="eu-west-2" \
  test

Deploying the application

Deploy the application to the dev AWS account by running

cd infrastructure
sam build
gds aws di-account-dev -- sam deploy

Once the application is deployed to dev we can test it by adding a fake event to the input queue:

1. Open the AWS console for the dev account (gds aws di-account-dev) and go to the SQS page.
2. Find the input queue for your stack and copy the queue URL.
3. Send an event to the queue using the AWS CLI:

gds aws di-account-dev -- aws sqs send-message \
  --queue-url QUEUE_URL \
  --message-body '{"event_name":"event-name","timestamp":1666169856,"client_id":"client-id","user":{"user_id":"user_id"}}'

Sending support ticket for reported suspicious activity

Summary

• When a suspicious activity is added to the SNS topic, this create-support-ticket lambda is triggered, it creates a Zendesk Ticket using the key value pair of the event body.

What the Lambda does

• Ensure all environment variables required to successfully connect to, create ticket and send to Zendesk are provided
• Validates the fields in the received event
• Retrieves the values for the environment variable keys in AWS Secrets
• Validates that values exist for the required keys - these include zendesk api credentials, groups, etc
• Creates a zendesk ticket and sends to Zendesk
• If any of the steps above fails, send the SNS record to DLQ for retry later