A serverless authentication proof of concept built with Node.js and AWS. This project demonstrates a basic authentication architecture using AWS Lambda, API Gateway, DynamoDB, Secrets Manager, JWTs, bcrypt password hashing, and Terraform-managed infrastructure.
This project explores how to structure a lightweight serverless authentication service using AWS-native resources. It includes Lambda handler code, utility modules, data models, and Terraform infrastructure definitions for deploying the core cloud resources.
The goal of this project is to demonstrate backend API design, authentication flow design, infrastructure-as-code, and AWS serverless architecture.
- Serverless authentication flow using AWS Lambda
- API Gateway integration for HTTP endpoints
- DynamoDB-backed user data storage
- JWT-based authentication
- Password hashing with bcrypt
- Secret management through AWS Secrets Manager
- Terraform configuration for AWS infrastructure
- Modular source structure with handlers, models, and utilities
Runtime: Node.js Language: JavaScript Cloud: AWS Lambda, API Gateway, DynamoDB, Secrets Manager Infrastructure: Terraform Security/Auth: JWT, bcrypt Tools: AWS SDK, npm
auth-poc-nodejs-aws/
├── src/
│ ├── handlers/
│ ├── models/
│ └── utils/
├── terraform/
│ ├── api_gateway.tf
│ ├── dynamodb.tf
│ ├── iam.tf
│ ├── lambda.tf
│ ├── main.tf
│ ├── outputs.tf
│ ├── secrets_manager.tf
│ └── variables.tf
├── package.json
├── package-lock.json
└── .gitignore
The application is designed as a serverless authentication service:
Client
↓
API Gateway
↓
AWS Lambda
↓
DynamoDB
↓
Secrets Manager
API Gateway receives HTTP requests and routes them to Lambda handlers. The Lambda functions process authentication logic, interact with DynamoDB for user data, use bcrypt for password hashing, and rely on Secrets Manager for sensitive configuration such as JWT signing secrets.
The terraform/ directory defines the AWS infrastructure required for the proof of concept, including:
- API Gateway resources
- Lambda configuration
- DynamoDB table configuration
- IAM permissions
- Secrets Manager resources
- Terraform variables and outputs
Install dependencies:
npm installBuild the Lambda deployment package:
npm run buildDeploy infrastructure:
npm run deployDeployment requires configured AWS credentials and Terraform installed locally.
This is a proof-of-concept project and should not be used as-is in production.
Before using this pattern in a production system, I would add:
- Stronger request validation
- Refresh token flow
- Rate limiting
- Account lockout or throttling
- Centralized logging and monitoring
- Automated tests for authentication edge cases
- Environment-specific Terraform configuration
- CI/CD deployment workflow
- More restrictive IAM policies where appropriate
- Node.js backend development
- AWS Lambda serverless architecture
- REST API infrastructure with API Gateway
- DynamoDB data modeling basics
- JWT-based authentication
- Password hashing with bcrypt
- Infrastructure-as-code with Terraform
- AWS IAM and Secrets Manager integration
- Modular backend project organization
- Add unit tests for handlers and utilities
- Add request validation schemas
- Add login and register endpoint documentation
- Add example API requests
- Add GitHub Actions for test/build validation
- Add architecture diagram
- Add refresh token support