CSHARP-4127: Language specific examples for AWS Lambda.

[DmitryLukyanov]

How to configure AWS auth for atlas cluster:

1. Get your AWS_* (aws_access_key_id, aws_secret_access_key, aws_session_token) credentials in Single Sign-on page:
   

Pay attention that values should be regenerated from time to time.
2. Configure credentials folder here: c:\Users\{user_name}\.aws\
3. Get your arn via get-caller-identity:

   $ ./aws sts get-caller-identity
    {
        "UserId": "blablabla:[dmitry.lukyanov@mongodb.com](mailto:dmitry.lukyanov@mongodb.com)",
        "Account": "%ID_VALUE%",
        "Arn": "arn:aws:sts::%ID_VALUE%:assumed-role/%ROLE_NAME%/[dmitry.lukyanov@mongodb.com](mailto:dmitry.lukyanov@mongodb.com)"
     }

pay attention on %ROLE_NAME%
4. list all roles via:

     $ ./aws iam list-roles
     {
       "Roles": [
       {
             "Path": "..",
             "RoleName": "%ROLE_NAME%",
             "Arn": "arn:aws...:
        ...

in the provided roles, search for a record with a RoleName equal to %ROLE_NAME% and record his arn.
5. In your atlas cluster, create a new user with AWS authentication and set AWS IAM Role ARN from #4.
6. Then configure a mongoClient in the same way as it's done in this PR with MONGODB-AWS auth credentials

[DmitryLukyanov]

LambdaSerializer is not supported for previous TFs

[DmitryLukyanov]

The scope of these code examples is limited to the instructions on:
How to share the client (“Example 1”. See first snippet in this section for structure)
How to connect to the deployment using AWS IAM authentication (“Example 2”. Same structure as “Example 1”, but see the blue note box in the docs for which lines need to be replaced to work with AWS IAM auth)

[JamesKovacs]

See comment on DRIVERS-2018. We need to expand our example slightly to include some minimal CRUD operations otherwise we aren't guaranteed to be successfully talking to a server. We might have just established connection pool, but not successfully connected to a cluster from AWS Lambda.

https://jira.mongodb.org/browse/DRIVERS-2018?focusedCommentId=4504303&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-4504303

[DmitryLukyanov]

it was decided to use find instead listdatabases.

[JamesKovacs]

Minor change requested.

[JamesKovacs]

Password should be stored in a SecureString.

[JamesKovacs]

Microsoft is no longer recommending the use of SecureString.
https://docs.microsoft.com/en-us/dotnet/api/system.security.securestring?view=net-6.0
And this rule:
https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md

Let's skip the use of SecureString that I initially suggested and keep the example easier to follow as you have it.

[JamesKovacs]

PasswordEvidence has a ctor that accepts a SecureString.

[JamesKovacs]

LGTM

[BorisDog]

Is it guaranteed that the ctor will be called once/not concurrently?
Or should it be static ShareMongoClientLambdaHandler ?

[DmitryLukyanov]

Recommended way I found was about regular ctor, see for example here https://blog.steadycoding.com/using-singletons-in-net-core-in-aws-lambda/. The note what I didn't mention before, that there are 2 modes for AWS Lambda called "Cold" and "Warm" start ("Hot is a bit different): https://medium.com/@danielmanchev/cold-warm-and-hot-start-in-aws-lambda-bc8d64f28575. So the actually reused instance will be only after warm start. Each Cold start will create new instance of lambda handler

[BorisDog]

From the first glance I fail to see the reason for initializing a static property in regular ctor. Do we know why is this the recommended way, and is it AWS recommendation as well?
In AWS .Net samples static ctors are used.
Probably we'd need to look deeper into this.

[DmitryLukyanov]

As far as I understand, both ways can be used. This is what created by VS "Simple S3 function" project:

[BorisDog]

Yes, note that S3Client in this case is not static. The initialization of a static field in non-static constructor is what puzzles me, but this does not mean it's not working though. I think we have to be able to explain such unusual combination, or follow the official samples.

[DmitryLukyanov]

it's true, I forgot that suggested MongoClient is static. I think it can work in any way, but I will look at this one more time :(

[DmitryLukyanov]

I think it's fine to take what is suggested in the VS templates (ie official place). So I removed static modifier

[DmitryLukyanov]

I asked this in this issue just in case awsdocs/aws-lambda-developer-guide#360

[BorisDog]

Are environment variables part of the Aws Lambda auth process?
If not, maybe for simplicity just use dummy values: var username = "<username>"

[DmitryLukyanov]

it's not specified in our envs, but I saw it in other examples exactly in this form, so I would leave it as here

[BorisDog]

In this case I wonder if Environment.GetEnvironmentVariable adds any additional value for the sample. Maybe we'd better keep it as simple as possible...

[DmitryLukyanov]

As far as I know, it's a common way to expect these variables filled like you can see here: https://docs.aws.amazon.com/vsts/latest/userguide/lambda-netcore-deploy.html. Additionally it simplifies using this code in the driver if we want to run it. If I recall correctly, we can even not specify these values explicitly and they still be used by the driver implicitly (but not sure off the top of my head about details). I can check it later if you think that it makes sense

[BorisDog]

Looks like it's only one of the options, used in case of "build agent process", not sure what it is :)
Also I don't think we should prioritize simplifying the usage of this code in our driver.

Not a big issue, I just think it introduces some "noise" to the sample, and not sure we got any use for it.

[DmitryLukyanov]

At the very least these variables present in the examples that we needed to mimic: https://www.mongodb.com/docs/atlas/manage-connections-aws-lambda/. So I think we even have no way to not set it

[BorisDog]

Yes, note that S3Client in this case is not static. The initialization of a static field in non-static constructor is what puzzles me, but this does not mean it's not working though. I think we have to be able to explain such unusual combination, or follow the official samples.

[BorisDog]

Looks like it's only one of the options, used in case of "build agent process", not sure what it is :)
Also I don't think we should prioritize simplifying the usage of this code in our driver.

Not a big issue, I just think it introduces some "noise" to the sample, and not sure we got any use for it.

[BorisDog]

In all samples a came across, I see additional inputType parameter in Handler function:
https://docs.aws.amazon.com/lambda/latest/dg/csharp-handler.html

Can it be omitted, and do you happen to have some official sample without it?

[DmitryLukyanov]

it can be omitted

[DmitryLukyanov]

to have some official sample without it?

I just saw that it works without this argument

[BorisDog]

LGTM