In ARN we Trust: understanding the building blocks of AWS
AWS is built using an API. The arn is just like an http url, and what it enables is cross-account access to anything in the world. For instance, if you want to run a lambda, you can do so from the command line. Calling this arn is the same as calling an http request, all the way to the fact that you will get back a 200 status.
Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls. — AWS Website
Below we will show an example of viewing your Lambda Arn in Commandeer.
Follow Along
If you want to follow along, you can do so by downloading the Commandeer App and connecting to your LocalStack or AWS environments.
Available on Linux, Windows, and Mac
Commandeer is a tool built by developers for developers that solves three things in the cloud. First, we are focused on the deployment of your IAC. Secondly, we enable you to ‘Test your Plumbing’. Lastly, Commandeer provides you the ability to easily view your data. (Manage AWS, Algolia, Slack, Twilio, SendGrid, Serverless, LocalStack, Ansible, Docker and more from your desktop)
Viewing Your ARN
Below you can see our lambda on the Commandeer Lambda detail page. (This is the version 1.0 layout, so it is a little different, if you are following along on our Beta app, on launch we will have some more charts in here tied to your recent invocations.)
As you can see above, there is an arn that is hidden (actually two if you count the tags, which are produced by using the Serverless Framework for deployment). Why do we do that, well this is a very important url, it actually contains your account id in the route. If someone has this, then all they need are some keys and they are in. Thus, you should be very careful with this. We do everything we can to obfuscate these inside our tool, but there are certain times you need it. If that is the case, you can press the little eye button next to the arn.
This will bring up a modal where you can then view and copy this arn. This is really helpful if you are needing to test out some things from the command line.
You can see that the arn consists of 7 different parts
- arn — this is the beginning of the url, like http or https
- aws — might be redundant, but aws is the next part of the url
- lambda — this is the name of the service, everything in AWS is a service, they are the OG’s of the microservice game for sure
- us-west-2 — this is the region or data center that is being routed to
- accountNumber — this is the account numberof your aws account that this lambda is running in
- function — each service can have a grouping, in this case it is a function in lambda
- commandeer-dev-inviteStreamHandler — this is the name of the function
Conclusion
Arn’s are really powerful stuff and is why AWS is such a great platform. By having every service available via a RESTful API driven pattern from day one, developers are able to do almost anything they want with the services. Where Commandeer comes in, is we enable you not to have to do so much web clicking or terminal grok’king just to do something simple, like view what the ARN is for a service. Over the next few weeks we will be discussing how to invoke lambda’s and view the resulting invocation CloudWatch Logs from inside Commandeer. You can do so now in the Beta version, but for Version 1, we think you are going to like how it is done.
Happy developing,
Sergeant Serverless
Available on Linux, Windows, and Mac
Commandeer is a tool built by developers for developers that solves three things in the cloud. First, we are focused on the deployment of your IAC. Secondly, we enable you to ‘Test your Plumbing’. Lastly, Commandeer provides you the ability to easily view your data. (Manage AWS, Algolia, Slack, Twilio, SendGrid, Serverless, LocalStack, Ansible, Docker and more from your desktop)