Docs Menu
Docs Home
/ /
Atlas App Services
/ /

AWS Service [Deprecated]

On this page

  • Overview
  • Configuration Parameters
  • Service Actions
  • AWS Service Rules
  • Rule Conditions
  • Example
  • Usage
  • Call an AWS Service from an Atlas Function
  • Supported AWS Services

Important

Third Party Services & Push Notifications Deprecation

Third party services and push notifications in App Services have been deprecated in favor of creating HTTP endpoints that use external dependencies in functions.

Webhooks have been renamed to HTTPS Endpoints with no change in behavior. You should migrate existing Webhooks.

Existing services will continue to work until September 30, 2025.

Because third party services and push notifications are now deprecated, they have been removed by default from the App Services UI. If you need to manage an existing third party service or push notification, you can add the configurations back to the UI by doing the following:

  • In the left navigation, under the Manage section, click App Settings.

  • Enable the toggle switch next to Temporarily Re-Enable 3rd Party Services, and then save your changes.

Amazon Web Services (AWS) provides an extensive collection of cloud-based services. Atlas App Services provides a generic AWS service that enables you to connect to many of these services.

You will need to provide values for the following parameters when you create an AWS service interface:

<Service Name>/config.json
{
"name": "<Service Name>",
"type": "aws",
"config": {
"accessKeyId": <Access Key ID>,
"region": "us-east-1"
},
"secret_config": {
"secretAccessKey": "<Secret Name>"
}
}
Parameter
Description
Service Name
config.name

A unique name for the service.

Access Key ID
config.accessKeyId

The access key ID for an AWS IAM user. The user should have programmatic access and appropriate permissions for all AWS services that you plan to interact with.

Secret Access Key
secret_config.secretAccessKey

The name of a Secret that stores a secret access key for the IAM user whose ID is specified in Access Key ID. You can find this value next to the Access key ID when you create a new IAM user or create a new access key for an existing IAM user.

Tip

See also:

Each AWS service has different actions that you can perform on that service. App Services uses the action names specified in the AWS SDK for Go for each service.

Note

App Services uses the same names (and casing) for the AWS services and actions as the AWS Go SDK.

For each supported AWS service, App Services supports any action that:

  1. Takes a single input parameter.

  2. Returns one of two objects: an output object, or an error.

For example, the S3 service includes a PutObject action. App Services supports this action because it takes a single input type of PutObjectInput, and returns either a PutObjectOutput or an error.

You must specify rules to enable the AWS services and actions. Each rule applies to a single service API, plus one or all actions on that service. As with other service rules in App Services, a rule must evaluate to true to enable the action.

For example, the following rule enables all actions on the Kinesis service:

AWS Kinesis rule.
click to enlarge

Note

The default value of the When field contains only empty brackets, which means the rule will always evaluate to true, and therefore all calls to the action are valid.

This rule can also be expressed as the following rule expression. Note that in the array of actions, the asterisk (*) after the service name indicates that all actions of that service are enabled:

{
"name": "kinesis",
"actions": [
"kinesis:*"
]
}

For each service action, the rule you create may include any of the properties of the input object for that action as a condition for validating the rule. The %%args expansion provides access to these properties.

The S3 service includes the PutObject action, which takes an input object of type of PutObjectInput. You can reference any of the properties on the PutObjectInput object in a rule's When expression with the %%args expansion.

Using the Bucket property of the PutObjectInput object, you can create a rule that enables the PutObject action on the S3 service, but restricts the action to a list of approved buckets. In this example, we use a user-defined constant called myS3Buckets for the list of approved bucket names:

AWS S3 rule
click to enlarge

This can also be expressed as the following JSON:

{
"name": "s3",
"actions": [
"s3:PutObject"
],
"when": {
"%%args.Bucket": {
"$in": "%%values.myS3Buckets"
}
}
}

The S3 service includes the GetObject action, which takes an input object of type of GetObjectInput. You can reference any of the properties on the GetObjectInput object in a rule's When expression with the %%args expansion.

In the following example, we create a rule that enables the GetObject action on a specific bucket called realmReadWritableBucket:

AWS S3 rule
click to enlarge

This can also be expressed as the following JSON:

{
"name": "s3",
"actions": [
"s3:GetObject"
],
"when": {
"%%args.Bucket": {
"$in": "realmReadWritableBucket"
}
}
}

You can call an AWS service from an Atlas Function and from the SDKs. The following sections show each of these processes.

The following examples show how to call various AWS services from within an Atlas Function. In each example, it is assumed the named service has already been created.

exports = async function() {
const s3 = context.services.get('MyAwsService').s3("us-east-1");
const result = await s3.PutObject({
"Bucket": "my-bucket",
"Key": "example",
"Body": "hello there"
});
console.log(EJSON.stringify(result));
return result;
};
exports = async function(arg) {
const s3 = context.services.get('MyAwsService').s3("us-east-1");
const result = await s3.GetObject({
"Bucket": "realmReadWritableBucket",
"Key": "coffee.jpeg"
});
console.log(EJSON.stringify(result));
return result;
};
exports = function(){
const s3 = context.services.get("MyAwsService").s3("us-east-1");
const presignedUrl = s3.PresignURL({
"Bucket": "my-s3-bucket-name",
"Key": "/some/path",
// HTTP method that is valid for this signed URL. Can use PUT for uploads, or GET for downloads.
"Method": "GET",
// Duration of the lifetime of the signed url, in milliseconds
"ExpirationMS": 30000,
})
return presignedUrl
};

Refer to the S3 API Reference for implementation details.

Important

Object Size Limitation

App Services supports a maximum file size of 4 Megabytes when working with AWS S3 objects.

exports = async function(event) {
const kinesis = context.services.get('MyAwsService').kinesis("us-east-1");
const result = await kinesis.PutRecord({
Data: JSON.stringify(event.fullDocument),
StreamName: "realmStream",
PartitionKey: "1"
});
console.log(EJSON.stringify(result));
return result;
};

Refer to the Kinesis API Reference for implementation details.

exports = async function() {
const lambda = context.services.get('MyAwsService').lambda("us-east-1");
const result = await lambda.Invoke({
FunctionName: "myLambdaFunction",
Payload: context.user.id
});
console.log(result.Payload.text());
return EJSON.parse(result.Payload.text());
};

Refer to the Lambda API Reference for implementation details.

exports = async function(){
const ses = context.services.get('MyAwsService').ses("us-east-1");
const result = await ses.SendEmail({
Source: "sender@example.com",
Destination: { ToAddresses: ["docs@mongodb.com"] },
Message: {
Body: {
Html: {
Charset: "UTF-8",
Data: `This is a message from user ${context.user.id}`
}
},
Subject: {
Charset: "UTF-8",
Data: "Test Email Please Ignore"
}
}
});
console.log(EJSON.stringify(result));
return result;
};

Refer to the SES API Reference for implementation details.

Your App can connect to the following AWS services:

  • Athena

  • Batch

  • CloudWatch

  • Comprehend

  • EC2

  • Firehose

  • Glacier

  • IOT

  • Kinesis

  • Lambda

  • Lex Runtime Service

  • Machine Learning

  • Mobile Analytics

  • Polly

  • RDS

  • Redshift

  • Rekognition

  • S3

  • SES

  • Step Functions (SFN)

  • SNS

  • SQS

  • Textract

Back

Twilio.send()