Serverless-application-model: Implement AWS_IAM Authorizers

Created on 8 Feb 2019  路  9Comments  路  Source: aws/serverless-application-model

Based on the RFC #781, we need to implement the AWS_IAM Authorizers feature.

Requirements:

  1. Implement Transform
  2. Add tests
  3. Add example(s)

Some code areas to get started for any interested contributors:

  1. Add InvokeRole as a valid property of Auth https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/model/api/api_generator.py#L20
  2. Add an exception for AWS_IAM DefaultAuthorizer here https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/model/api/api_generator.py#L321
  3. Ensure this section is working and only a single sigv4 security definition gets added https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/swagger/swagger.py#L343
  4. Add 'sigv4' to securityDefinitions if it's defined as DefaultAuthorizer or if it is specified on any of the Methods https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/swagger/swagger.py#L289
  5. Update Integration with credentials https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/swagger/swagger.py#L101
contributorgood-first-issue priorit2-important typfeature
Source
picture brettstack
👍7 👀5

Most helpful comment

Hey @brettstack, I would like to start working on this since this feature is needed for my job.
No problem?

picture horike37 on 26 Feb 2019
9

All 9 comments

Is the idea that it would look something like:

Auth:
  Authorizers:
    AWS_IAM: some:arn:aws:1

and the serverless macro would transform that into specifying AWS_IAM for the auth type and add the policy to the resource policy on the API?

rhboyd picture rhboyd on 16 Feb 2019

or possibly

Auth:
  Authorizers:
    AWS_IAM: NOT_AN_ARN

And the macro would create an IAM Role named NOT_AN_ARN and substitute that Role ARN where applicable in the previous comment?

rhboyd picture rhboyd on 16 Feb 2019

@rhboyd check out the RFC #781

brettstack picture brettstack on 16 Feb 2019

Hey @brettstack, I would like to start working on this since this feature is needed for my job.
No problem?

horike37 picture horike37 on 26 Feb 2019
9

Absolutely! We look forward to a PR. 鉂わ笍

brettstack picture brettstack on 26 Feb 2019

Hey @brettstack, My PR #827 is just ready for review!
Please go ahead 馃憤 馃槃 Thanks!

horike37 picture horike37 on 28 Feb 2019
🎉4

Thanks @horike37! This has been merged to develop and we'll get it out to production asap.

brettstack picture brettstack on 15 Mar 2019
🎉1 😄1

Great! Can't wait to release 馃槃

horike37 picture horike37 on 16 Mar 2019
1 👍1

Released with SAM v1.11.0!

keetonian picture keetonian on 26 Apr 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

MaxVynohradov picture MaxVynohradov  路  3Comments
vinkris picture vinkris  路  3Comments
kwcrook picture kwcrook  路  3Comments
jiravani picture jiravani  路  3Comments
sanjP10 picture sanjP10  路  3Comments