Project 2: Stories App

The Nebula-Stories-App is an iOS app, designed for storytelling, that offers a user-friendly platform where users can sign up, sign in, read the stories, and like and comment on the stories that they enjoyed reading. It uses several AWS services to provide a seamless and efficient user experience. Amazon Cognito manages user authentication, storing user data securely in a user pool and facilitating access through an identity pool. S3 Buckets are utilized for storing the text of the stories, ensuring reliable and scalable content delivery. Route 53 handles DNS services, effectively connecting the app's custom domain to the appropriate AWS resources. CloudFront, as a content delivery network, efficiently serves the stories to users with reduced latency and increased transfer speeds. ACM (AWS Certificate Manager) is used to manage SSL/TLS certificates, providing secure, encrypted connections. DynamoDB stores user interactions like story likes and comments offering fast and scalable database services. Lambda functions are employed for backend processing, executing code in response to specific triggers like user likes. Finally, API Gateway serves as the intermediary for frontend-backend communication, managing and securing REST API calls for registering and retrieving likes. Together, these services form a robust, scalable, and secure infrastructure for this interactive storytelling app.All the services used in the app, including Amazon Cognito, S3, Route 53, CloudFront, ACM, DynamoDB, Lambda, and API Gateway, are serverless, which offers significant benefits such as reduced operational overhead, scalability, and cost-effectiveness. Being serverless, these services automatically manage the underlying infrastructure, allowing developers to focus more on building and improving the app rather than on server maintenance and scaling.In the app's architecture, specific IAM roles are tailored for distinct services to adhere to the principle of least privilege.IAM Role for Cognito: This role is crucial for user authentication and authorization. It allows authenticated users to interact with S3 and API Gateway. The attached policies grant necessary permissions for these services, ideally scoped to the minimum required access. For instance, read-only access to specific S3 buckets or limited access to specific API Gateway endpoints.IAM Role for Lambda Functions: Each Lambda function has an associated IAM role that permits it to interact with DynamoDB. The role specifically includes permissions for read and write operations on the DynamoDB tables, such as StoryLikes. This setup ensures that Lambda functions can update or query the DynamoDB tables as required by the app's functionality.