Decoding DjaoDjin sessions in your App

First, the web application needs to unpack the session information that will be passed by the subscription session proxy.

Create Role-based Access Rules for your App

Second, access rules must be created in the session proxy to forward requests to the application under various conditions. Example:

Packaging your App as a Docker Container

Additionally to deploy an application directly on the DjaoDjin platform, you need to package it as a Docker container. The packaged application should follow these guidelines:

Granting DjaoDjin Access to the Registry

If you uploaded your Docker container to Amazon Elastic Container Registry (ECR), you will need to grant DjaoDjin read-only access to the Registry in order to deploy the container. To provide access as a third-party to DjaoDjin, create an AWS IAM role with the following access policy and trust relationship.

Access policy
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage"
            ],
            "Resource": [
                "*" 
            ]
        }
    ]
}
Trust relationship
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::DJAODJIN AWS ACCOUNT:root"
      },
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "DJAODJIN PROVIDED EXTERNAL ID"
        }
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

djaodjin aws account and your external id are available on the container's page in your DjaoDjin account.

If your container needs to access an RDS instance, add the following access policy to the role. DjaoDjin will automatically create a rule in the security group for the container instance to connect to the database instance.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:RevokeSecurityGroupIngress"
            ],
            "Resource": [
                "arn:aws:ec2:REGION:AWS ACCOUNT:security-group/NAME OF SECURITY GROUP FOR RDS INSTANCE"
            ]
        }
    ]
}