Python based flask application for hosting track data for the ER embeddable map
Using Zappa for deployment.
Here we setup a user that the ER Map Server uses to get approved subject data
- Create OAuth Application called "ER Public Map" with client id "er-public-map", confidential: client credentials
- Create User "ER Public Map API" with username "erpublicmapapi"
- Assign Permission set that has access to the subject groups granted to the Public Map. "ER Public Map"
- Create authtoken, assign "ER Public Map" app and user "ER Public Map API"
- We use this authtoken below in the ER Map Server config.
The primary settings are configured the the following environment variables
"environment_variables": {
"LOGIN_TOKEN": "<login token used by the map>",
"ER_TOKEN": "<er server token, tied to the account with track data>",
"SERVER_URL": "",
"ER_HOST": "https://<er server address>",
"SUBJECTS_BUCKET": "<s3 bucket name>" //S3 bucket to store cached subject tracks
}
Follow the instructions in Zappa docs on settting up AWS certificate. The certificate arn is recorded in the zappa_settings.json. Also the "zappa certify" command installs the certificate.
- create a virtual environment on the deployment machine. From the root of this project execute the following commands
uv venv --python=3.12 .venv
uv sync
source .venv/bin/activate- Add/Update a "dev_local" section of the zappa_settings.json file
"local": {
"environment_variables": {
"LOGIN_TOKEN": "",
"ER_TOKEN": "<token>",
"ER_HOST": "<er server url>",
"SERVER_URL": "http://localhost:5000",
"SUBJECTS_FOLDER": "<local foldername to cache subject data>"
}
}
- run the downloader the first time to get data from your ER server
python map-api/run_downloader
- Finally launch the API server
python map-api/api.py
- Same as in setup for development, create virtual environment and install requirements
- Make a copy of zappa config file, zappa_settings.config so that we can add the site specific tokens and secrets. Do no check this into source control.
- Rename the "prod" config to something identifiable in AWS Lambda. Prefer the sitename.
- Update the config inserting secrets and tokens for the site
- To support multiple sites we put all the site credentials into a json file, then base64 encode it, placing the result in the zappa_settings, in the ER_HOST_CONFIG field
- er_host_config.json is where we keep the er site settings
- use the "encode_er_host_config.py" helper to base encode, it prints to the terminal the result
- copy the result into zappa_settings.json::ER_HOST_CONFIG
- the current er_host_config.json contents is kept in a Google secret names er_host_config
- Here: projects/114355216468/secrets/er_host_config
- the zappa_settings can be found here: projects/114355216468/secrets/er_host_zappa_settings
- Deploy to AWS Lambda. This assumes you already have AWS command line access keys setup appropriately and you have permission to add a Lambda config on AWS
zappa deploy <configname from step 3 above>
- Need to make updates to the config? do that and then
zappa update <configname>
- Bring the zappa process down or remove it?
zappa undeploy <configname>
For a production pipeline we want to leverage Zappa's and AWS's support for SSL and an SSL certificate. There are some entries in the Zappa config that we use along with setup in AWS.
- Create a certificate for the hostname you plan to use with this Map Server. For example "ermap-server-sandbox.pamdas.org"
- record the ARN and name, updating the zappa_settings.json config section.
- once done, we use the zappa certify command to configure the certificate with our lambda
zappa certify <configname>
Our default deployment sets up the map server at https://ermap-server.pamdas.org
To test a specific sites subject data, we plug in the sites name in the url
https://ermap-server.pamdas.org/easterisland/api/v1.0/subjects