A fully serverless product inventory API built with AWS Lambda, API Gateway, and DynamoDB. Designed to support multi-user access, role-based permissions, and secure asset uploads via pre-signed S3 URLs. This API offers scalable CRUD operations with zero server maintenance.
Frontend → API Gateway → Lambda → DynamoDB
- API Gateway routes requests to Lambda based on defined paths and methods.
- Lambda functions handle validation, auth checks, and data operations.
- DynamoDB stores product inventory data with flexible schema support.
- IAM roles ensure secure, scoped access for all service interactions.
- Authentication + RBAC: Multi-user access control with permission tiers.
- Pre-Signed S3 Uploads for secure file handling.
- CRUD Support for managing product listings (create, update, delete, read).
- Production Monitoring (Integrated with CloudWatch Logs and custom metrics)
This serverless REST API is designed to handle CRUD operations (Create, Read, Update, Delete) in a scalable and cost-effective way, making it perfect for managing dynamic data-driven applications. This instance as a centralized inventory management system, where users can add new products, retrieve product info, update inventory levels, and delete outdated entries.
- Centralized inventory management
- Modular API backend for React or mobile apps
- Easily extendable to user management, project tracking, or asset pipelines
- AWS free tier account
- Postman desktop app
- The 2 Python files included in this repository for the Lambda function
Important
- Cost Awareness: Even on the free tier, there are limits to usage, and you should still be monitoring your API Gateway and Lambda usage. Once you go over:
- 1 million requests or 400,000 GB for AWS Lambda
- 1 million HTTP API calls for Amazon API Gateway
- 25 GB of storage or 2.5 million read/write requests
at some point within a month, you’ll be charged. With AWS, you get charged for what you use. But this exceedance only really happens if you’re using this project heavily, like for a business.
- Utilize CloudWatch Logs: It is 99.9% of the time going to be an error from the Lambda function code. Learning how to use this AWS service can save you a lot of time.
- Teardown: Delete resources (API Gateway, Lambda function, and DynamoDB tables) when you're done to avoid additional charges.
First, open up the Postman Desktop app to run the API. Enter in the URL for your API that you can find in the API Gateway console on AWS, and then add on the path (like /health or /product) to interact with the API and make calls to it.
| REST API Endpoint Reference |
|---|
GET /health → Health check |
GET /products → Fetch all |
POST /product → Add new product |
PATCH /product/{id} → Update product |
DELETE /product/{id} → Delete product |
It's a good idea to first check the health of your API and running into errors later that are hard to pinpoint. You can do that by using GET with the /health path and when you see 200 OK, that means your API is healthy and good to go.
Add products into your database with different details on each of them with POST.
Retrieve info on your items with GET or pull all of the info on every item in your database by changing the path to /products.
Update info on items with PATCH
DELETE an item by entering in the productID.
If you came across this wanting to make a serverless API similar to this one, you can follow along with the step-by-step-instruction file that I’ve attached next to the code.
| Error | Likely Causes | How to Fix |
|---|---|---|
| 500 Internal Server Error | Lambda bug, invalid input, or IAM permission | Open CloudWatch Logs → locate the failed invocation → inspect error trace (e.g., syntax error, null access, or permission denied) → fix logic or update IAM roles. |
| 400 Bad Request | Malformed JSON or incorrect path/params | In Postman, ensure correct HTTP method, headers, and body format (e.g., valid JSON with required fields) → confirm API Gateway path/resource matches. |
| CORS Failure | Missing headers in API Gateway config | Go to API Gateway → select each resource + method (GET, POST, etc.) → enable CORS and redeploy the API. Make sure OPTIONS method is added as well. |
| Empty response | Bad logic or missing return in Lambda | Check Lambda code to ensure it ends with a return that includes both statusCode and a JSON-encoded body → test with mock events to verify output. |