Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Pattern Submission: AWS API Gateway IAM authorization and AWS v4 request signing (sls & Python) #2044

Closed
wants to merge 3 commits into from
Closed

New Pattern Submission: AWS API Gateway IAM authorization and AWS v4 request signing (sls & Python) #2044

wants to merge 3 commits into from

Conversation

bb245
Copy link
Contributor

@bb245 bb245 commented Jan 15, 2024
edited
Loading

Issue #, if available: #2045

Description of changes:

This pattern involves employing an AWS_IAM authorizer to secure an API endpoint through Python 3 and the Serverless framework. It illustrates the process of signing the HTTP request using IAM credentials and adhering to the AWS v4 signing process. This ensures access to the protected endpoint from a public API. The interaction with APIs is facilitated by AWS API Gateway.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@bb245 bb245 mentioned this pull request Jan 15, 2024
Closed
@bb245 bb245 changed the title New Pattern Submission: AWS API Gateway HTTP API, Lambdas, IAM Auth, DynamoDB, Python, and the Serverless Framework (SLS & Python) New Pattern Submission: AWS API Gateway REST API, Lambdas, IAM Auth, DynamoDB, Python, and the Serverless Framework (SLS & Python) Jan 16, 2024
@bb245 bb245 changed the title New Pattern Submission: AWS API Gateway REST API, Lambdas, IAM Auth, DynamoDB, Python, and the Serverless Framework (SLS & Python) New Pattern Submission: AWS API Gateway REST API, Lambdas, IAM Auth, DynamoDB (SLS & Python) Jan 16, 2024
@bb245 bb245 marked this pull request as draft January 16, 2024 18:35
@bb245
Inital commit
61bfdab 
Clean up serverless.yml

Clean up serverless.yml

Rename project folder and serverless.yaml clean-up

Refactor codebase and folder structure
@bb245 bb245 force-pushed the bb245-feature-apigw-lambda-auth-ddb-sls-py branch from 97cb3e9 to 61bfdab Compare January 19, 2024 17:25
@bb245 bb245 changed the title New Pattern Submission: AWS API Gateway REST API, Lambdas, IAM Auth, DynamoDB (SLS & Python) New Pattern Submission: AWS API Gateway IAM authorization and AWS v4 request signing (SLS & Python) Jan 19, 2024
@bb245 bb245 marked this pull request as ready for review January 19, 2024 17:29
@bb245
Copy link
Contributor Author

bb245 commented Jan 19, 2024

@cornelcroi @bls20AWS fyi, moved the PR from draft to review.

@github-actions GitHub Actions
Copy link

@undefined your 'example-pattern.json' is missing some key fields, please review below and address any errors you have

  1. description: description does not meet maximum length of 150

If you need any help, take a look at the example-pattern file.

Make the changes, and push your changes back to this pull request. When all automated checks are successful, the Serverless DA team will process your pull request.

@bb245 bb245 force-pushed the bb245-feature-apigw-lambda-auth-ddb-sls-py branch from e663c29 to 68270f3 Compare January 22, 2024 14:12
@bb245 bb245 closed this Jan 22, 2024
@bb245 bb245 reopened this Jan 22, 2024
@bb245 bb245 force-pushed the bb245-feature-apigw-lambda-auth-ddb-sls-py branch from a60906a to 35fcc8d Compare January 22, 2024 15:01
@bb245
Copy link
Contributor Author

bb245 commented Jan 23, 2024

@cornelcroi @bls20AWS FYI, the description char limit is fixed.

@bb245 bb245 closed this Jan 24, 2024
@bb245 bb245 reopened this Jan 24, 2024
@github-actions GitHub Actions
Copy link

Valid pattern file found.

Reviewer you can view the pattern file here

@cornelcroi
Copy link
Contributor

Hi @bb245,

I've reviewed the code and tried to understand from the readme what is the purpose of the pattern and here are my remarks:

  • the workflow is not easy to understand from the diagram
  • you are showing basically how a lambda calls another lambda through a public API GW endpoint (protected using AWS_IAM) but this an anti pattern (especially in your case where you have the same API GW in front of both Lambdas).
    I imagine your purpose was to show how to sign a request but in this implementation it makes an anti pattern.

I suggest you find another implementation to demonstrate how to sign requests.

@bb245 bb245 marked this pull request as draft January 27, 2024 17:45
@bb245 bb245 marked this pull request as ready for review January 28, 2024 00:51
@bb245 bb245 changed the title New Pattern Submission: AWS API Gateway IAM authorization and AWS v4 request signing (SLS & Python) New Pattern Submission: AWS API Gateway IAM authorization and AWS v4 request signing (sls & Python) Jan 28, 2024
@bb245 bb245 force-pushed the bb245-feature-apigw-lambda-auth-ddb-sls-py branch from c67874f to 3162f6f Compare January 28, 2024 20:22
@bb245 bb245 force-pushed the bb245-feature-apigw-lambda-auth-ddb-sls-py branch from 3162f6f to 112ddc3 Compare January 28, 2024 20:26
@bb245
Copy link
Contributor Author

bb245 commented Jan 28, 2024
edited
Loading

Hi @cornelcroi, I updated the implementation & request your review. Thank you.

@cornelcroi
Copy link
Contributor

Hi @bb245,

Thanks for the update.
The diagram now looks much better, easy to understand.
However in your pattern you make a call from a Lambda function to another Lambda function through an API Gateway endpoint which is still an anti pattern.
We will not be able to put this pattern on ServerlessLand.
If you come across another scenario where signing a request proves beneficial while adhering to a serverless pattern, we would be pleased to examine it.

@cornelcroi cornelcroi closed this Jan 30, 2024
@bb245 bb245 deleted the bb245-feature-apigw-lambda-auth-ddb-sls-py branch January 30, 2024 21:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@cornelcroi cornelcroi

@benjasl-stripe benjasl-stripe

Labels
invalid-example-pattern-file valid-example-pattern-file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bb245 @cornelcroi @benjasl-stripe