Serverless REST API with DynamoDB
medium
iac ready
cloud lab
terraform -chdir=terraform fmt -check
Use the guide first.
The full learning guide is on this page. Open the repository files only when a step asks you to inspect code, fork the project, or download raw assets.
Project Guide
Section titled “Project Guide”Lambda based REST API entirely through code - API Gateway, YAML & Terraform
Serverless Applications with AWS Lambda and API Gateway
🛡️ 2026 DevSecOps Enhancements (What You Will Learn)
Section titled “🛡️ 2026 DevSecOps Enhancements (What You Will Learn)”Serverless architectures offload OS-level patching to AWS, but they introduce new attack vectors. This project highlights 2026 serverless DevSecOps principles:
- API Gateway Exploitation Prevention: A public-facing API Gateway must be fronted by AWS WAF (Web Application Firewall) to mitigate OWASP Top 10 API threats (like injection and parameter tampering) before they ever trigger Lambda invocations (preventing DoS billing attacks).
- Lambda IAM Least Privilege: Each individual Lambda function must be scoped with a granular IAM execution role. A function writing to DynamoDB should only have
dynamodb:PutItemon that specific table ARN, notdynamodb:*across the account.
Compilation
Section titled “Compilation”sam package —template-file template.yaml —output-template-file deploy.yaml —s3-bucket $SAM_CODE_BUCKET
-
terraform init
-
terraform plan
-
terraform deploy
-
terraform destroy