cdklambdatokenauthorizerjwt

package module

v0.0.18 Latest Latest Go to latest Published: Nov 12, 2022 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cloudy-with-a-chance-of-meatballs/cdk-lambda-token-authorizer-jwt

Links

Open Source Insights

README ¶

CDK Lambda TokenAuthorizer JWT

Add a lambda function to your project which can be used as a apigateway token authorizer

Install

TypeScript

npm install @cloudy-with-a-chance-of-meatballs/cdk-lambda-token-authorizer-jwt
yarn add @cloudy-with-a-chance-of-meatballs/cdk-lambda-token-authorizer-jwt

Python

pip install cloudy-with-a-chance-of-meatballs.cdk-lambda-token-authorizer-jwt

Usage


import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as apigateway from 'aws-cdk-lib/aws-apigateway';

//### EXAMPLE: import the function
import { TokenAuthorizerJwtFunction } from "@cloudy-with-a-chance-of-meatballs/cdk-lambda-token-authorizer-jwt";
//### END

export class HelloworldStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const api = new apigateway.RestApi(this, 'ApiName', {});

    //### EXAMPLE: init the function
    const tokenAuthFunction = new TokenAuthorizerJwtFunction(this, 'lambdaFunctionName', {
      environment: {
        // PROVIDE VARIABLES
        TOKEN_AUTHORIZER_JWKS_URI: 'https://example.auth0.com/.well-known/jwks.json',
        TOKEN_AUTHORIZER_JWKS_KID: 'SOME_KID_FROM_JWKS_RESPONSE',
        // OR
        TOKEN_AUTHORIZER_JWT_VERIFICATION_SECRET: 'A_PUBLIC_KEY_OR_SYMETRIC_SECRET'
      }
    });
    //### END

    const tokenAuthorizer = new apigateway.TokenAuthorizer(this, 'tokenAuthorizerName', {
      //### EXAMPLE: use as handler
      handler: tokenAuthFunction
      //### END
    });

    // ...
    const someMethod = SOMEAPIRESOURCE.addMethod("GET", SOMETARGETINTEGRATION, { authorizer: tokenAuthorizer });
  }
}

Documentation ¶

Overview ¶

cdk-lambda-token-authorizer-jwt

Index ¶

func NewTokenAuthorizerJwtFunction_Override(t TokenAuthorizerJwtFunction, scope constructs.Construct, id *string, ...)
func TokenAuthorizerJwtFunction_ClassifyVersionProperty(propertyName *string, locked *bool)
func TokenAuthorizerJwtFunction_FromFunctionArn(scope constructs.Construct, id *string, functionArn *string) awslambda.IFunction
func TokenAuthorizerJwtFunction_FromFunctionAttributes(scope constructs.Construct, id *string, attrs *awslambda.FunctionAttributes) awslambda.IFunction
func TokenAuthorizerJwtFunction_IsConstruct(x interface{}) *bool
func TokenAuthorizerJwtFunction_IsResource(construct constructs.IConstruct) *bool
func TokenAuthorizerJwtFunction_MetricAll(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
func TokenAuthorizerJwtFunction_MetricAllConcurrentExecutions(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
func TokenAuthorizerJwtFunction_MetricAllDuration(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
func TokenAuthorizerJwtFunction_MetricAllErrors(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
func TokenAuthorizerJwtFunction_MetricAllInvocations(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
func TokenAuthorizerJwtFunction_MetricAllThrottles(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
func TokenAuthorizerJwtFunction_MetricAllUnreservedConcurrentExecutions(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
type TokenAuthorizerJwtFunction
- func NewTokenAuthorizerJwtFunction(scope constructs.Construct, id *string, props *awslambda.FunctionOptions) TokenAuthorizerJwtFunction

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewTokenAuthorizerJwtFunction_Override ¶

func NewTokenAuthorizerJwtFunction_Override(t TokenAuthorizerJwtFunction, scope constructs.Construct, id *string, props *awslambda.FunctionOptions)

Experimental.

func TokenAuthorizerJwtFunction_ClassifyVersionProperty ¶

func TokenAuthorizerJwtFunction_ClassifyVersionProperty(propertyName *string, locked *bool)

Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details. Experimental.

func TokenAuthorizerJwtFunction_FromFunctionArn ¶

func TokenAuthorizerJwtFunction_FromFunctionArn(scope constructs.Construct, id *string, functionArn *string) awslambda.IFunction

Import a lambda function into the CDK using its ARN. Experimental.

func TokenAuthorizerJwtFunction_FromFunctionAttributes ¶

func TokenAuthorizerJwtFunction_FromFunctionAttributes(scope constructs.Construct, id *string, attrs *awslambda.FunctionAttributes) awslambda.IFunction

Creates a Lambda function object which represents a function not defined within this stack. Experimental.

func TokenAuthorizerJwtFunction_IsConstruct ¶

func TokenAuthorizerJwtFunction_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func TokenAuthorizerJwtFunction_IsResource ¶

func TokenAuthorizerJwtFunction_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func TokenAuthorizerJwtFunction_MetricAll ¶

func TokenAuthorizerJwtFunction_MetricAll(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric

Return the given named metric for this Lambda. Experimental.

func TokenAuthorizerJwtFunction_MetricAllConcurrentExecutions ¶

func TokenAuthorizerJwtFunction_MetricAllConcurrentExecutions(props *awscloudwatch.MetricOptions) awscloudwatch.Metric

Metric for the number of concurrent executions across all Lambdas. Experimental.

func TokenAuthorizerJwtFunction_MetricAllDuration ¶

func TokenAuthorizerJwtFunction_MetricAllDuration(props *awscloudwatch.MetricOptions) awscloudwatch.Metric

Metric for the Duration executing all Lambdas. Experimental.

func TokenAuthorizerJwtFunction_MetricAllErrors ¶

func TokenAuthorizerJwtFunction_MetricAllErrors(props *awscloudwatch.MetricOptions) awscloudwatch.Metric

Metric for the number of Errors executing all Lambdas. Experimental.

func TokenAuthorizerJwtFunction_MetricAllInvocations ¶

func TokenAuthorizerJwtFunction_MetricAllInvocations(props *awscloudwatch.MetricOptions) awscloudwatch.Metric

Metric for the number of invocations of all Lambdas. Experimental.

func TokenAuthorizerJwtFunction_MetricAllThrottles ¶

func TokenAuthorizerJwtFunction_MetricAllThrottles(props *awscloudwatch.MetricOptions) awscloudwatch.Metric

Metric for the number of throttled invocations of all Lambdas. Experimental.

func TokenAuthorizerJwtFunction_MetricAllUnreservedConcurrentExecutions ¶

func TokenAuthorizerJwtFunction_MetricAllUnreservedConcurrentExecutions(props *awscloudwatch.MetricOptions) awscloudwatch.Metric

Metric for the number of unreserved concurrent executions across all Lambdas. Experimental.

Types ¶

type TokenAuthorizerJwtFunction ¶

type TokenAuthorizerJwtFunction interface {
	awslambda.Function
	// The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
	// Experimental.
	Architecture() awslambda.Architecture
	// Whether the addPermission() call adds any permissions.
	//
	// True for new Lambdas, false for version $LATEST and imported Lambdas
	// from different accounts.
	// Experimental.
	CanCreatePermissions() *bool
	// Access the Connections object.
	//
	// Will fail if not a VPC-enabled Lambda Function.
	// Experimental.
	Connections() awsec2.Connections
	// Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
	//
	// You can specify options for this version using the `currentVersionOptions`
	// prop when initializing the `lambda.Function`.
	// Experimental.
	CurrentVersion() awslambda.Version
	// The DLQ associated with this Lambda Function (this is an optional attribute).
	// Experimental.
	DeadLetterQueue() awssqs.IQueue
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Experimental.
	Env() *awscdk.ResourceEnvironment
	// ARN of this function.
	// Experimental.
	FunctionArn() *string
	// Name of this function.
	// Experimental.
	FunctionName() *string
	// The principal this Lambda Function is running as.
	// Experimental.
	GrantPrincipal() awsiam.IPrincipal
	// Whether or not this Lambda function was bound to a VPC.
	//
	// If this is is `false`, trying to access the `connections` object will fail.
	// Experimental.
	IsBoundToVpc() *bool
	// The `$LATEST` version of this function.
	//
	// Note that this is reference to a non-specific AWS Lambda version, which
	// means the function this version refers to can return different results in
	// different invocations.
	//
	// To obtain a reference to an explicit version which references the current
	// function configuration, use `lambdaFunction.currentVersion` instead.
	// Experimental.
	LatestVersion() awslambda.IVersion
	// The LogGroup where the Lambda function's logs are made available.
	//
	// If either `logRetention` is set or this property is called, a CloudFormation custom resource is added to the stack that
	// pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention
	// period (never expire, by default).
	//
	// Further, if the log group already exists and the `logRetention` is not set, the custom resource will reset the log retention
	// to never expire even if it was configured with a different value.
	// Experimental.
	LogGroup() awslogs.ILogGroup
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// The construct node where permissions are attached.
	// Experimental.
	PermissionsNode() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// Execution role associated with this function.
	// Experimental.
	Role() awsiam.IRole
	// The runtime configured for this lambda.
	// Experimental.
	Runtime() awslambda.Runtime
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// The timeout configured for this lambda.
	// Experimental.
	Timeout() awscdk.Duration
	// Adds an environment variable to this Lambda function.
	//
	// If this is a ref to a Lambda function, this operation results in a no-op.
	// Experimental.
	AddEnvironment(key *string, value *string, options *awslambda.EnvironmentOptions) awslambda.Function
	// Adds an event source to this function.
	//
	// Event sources are implemented in the @aws-cdk/aws-lambda-event-sources module.
	//
	// The following example adds an SQS Queue as an event source:
	// “`
	// import { SqsEventSource } from '@aws-cdk/aws-lambda-event-sources';
	// myFunction.addEventSource(new SqsEventSource(myQueue));
	// “`.
	// Experimental.
	AddEventSource(source awslambda.IEventSource)
	// Adds an event source that maps to this AWS Lambda function.
	// Experimental.
	AddEventSourceMapping(id *string, options *awslambda.EventSourceMappingOptions) awslambda.EventSourceMapping
	// Adds one or more Lambda Layers to this Lambda function.
	// Experimental.
	AddLayers(layers ...awslambda.ILayerVersion)
	// Adds a permission to the Lambda resource policy.
	// See: Permission for details.
	//
	// Experimental.
	AddPermission(id *string, permission *awslambda.Permission)
	// Adds a statement to the IAM role assumed by the instance.
	// Experimental.
	AddToRolePolicy(statement awsiam.PolicyStatement)
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Configures options for asynchronous invocation.
	// Experimental.
	ConfigureAsyncInvoke(options *awslambda.EventInvokeConfigOptions)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Grant the given identity permissions to invoke this Lambda.
	// Experimental.
	GrantInvoke(grantee awsiam.IGrantable) awsiam.Grant
	// Return the given named metric for this Function.
	// Experimental.
	Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// How long execution of this Lambda takes.
	//
	// Average over 5 minutes.
	// Experimental.
	MetricDuration(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// How many invocations of this Lambda fail.
	//
	// Sum over 5 minutes.
	// Experimental.
	MetricErrors(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// How often this Lambda is invoked.
	//
	// Sum over 5 minutes.
	// Experimental.
	MetricInvocations(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// How often this Lambda is throttled.
	//
	// Sum over 5 minutes.
	// Experimental.
	MetricThrottles(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

Experimental.

func NewTokenAuthorizerJwtFunction ¶

func NewTokenAuthorizerJwtFunction(scope constructs.Construct, id *string, props *awslambda.FunctionOptions) TokenAuthorizerJwtFunction

Experimental.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
jsii Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.	Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL