Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/diogofcunha/api-gateway-auth-policy
AWS auth policy generator for API gateways lambda authorizers
https://github.com/diogofcunha/api-gateway-auth-policy
api-gateway api-gateway-custom-authorizer authorization aws lambda nodejs typescript
Last synced: about 1 month ago
JSON representation
AWS auth policy generator for API gateways lambda authorizers
- Host: GitHub
- URL: https://github.com/diogofcunha/api-gateway-auth-policy
- Owner: diogofcunha
- License: mit
- Created: 2020-02-13T22:24:49.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2024-06-18T02:44:13.000Z (7 months ago)
- Last Synced: 2024-11-09T11:42:25.547Z (about 2 months ago)
- Topics: api-gateway, api-gateway-custom-authorizer, authorization, aws, lambda, nodejs, typescript
- Language: TypeScript
- Homepage:
- Size: 844 KB
- Stars: 6
- Watchers: 2
- Forks: 1
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# api-gateway-auth-policy
[](https://circleci.com/gh/diogofcunha/api-gateway-auth-policy)
[![npm package][npm-badge]][npm]
[npm-badge]: https://img.shields.io/npm/v/api-gateway-auth-policy.png?style=flat-square
[npm]: https://www.npmjs.com/package/api-gateway-auth-policy
This package aims to solve the problem of generating AWS auth policies for API gateways lambda authorizers.
Authorizers an easy and combinient way to secure your aws lambda invokations, to find more about it consult [aws docs](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html).
Being written in typescript, this package aims to be 100% type safe, avoiding common mistakes and being self documented.
## Install
```shell
yarn add api-gateway-auth-policy
```
## Usage example
The public methods exposed by the api are all chainable.
```typescript
const optionalConfig = {
region: 'eu-west-1',
stage: 'production',
apiId: 'xxxxxxxxxx',
};
const accountId = '12345';
new ApiGatewayAuthPolicy(accountId, optionalConfig)
.allowMethod(HttpVerb.GET, '/media', {
StringEquals: {'aws:username': 'johndoe'},
})
.allowMethod(HttpVerb.PATCH, '/media')
.allowMethod(HttpVerb.POST, '/media')
.denyMethod(HttpVerb.DELETE, '/media')
.denyMethod(HttpVerb.PUT, '/media', {
IpAddress: {
'aws:SourceIp': ['203.0.113.0/24', '2001:DB8:1234:5678::/64'],
},
})
.render('principalId');
```
## Generated policy example
```json
{
"context": {
"isSecured": true,
"name": "diogo"
},
"policyDocument": {
"Statement": [
{
"Action": "execute-api:Invoke",
"Condition": {
"StringEquals": {
"aws:username": "johndoe"
}
},
"Effect": "Allow",
"Resource": ["arn:aws:execute-api:*:12345:*:*:GET:/media"]
},
{
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": ["arn:aws:execute-api:*:12345:*:*:PATCH:/media", "arn:aws:execute-api:*:12345:*:*:POST:/media"]
},
{
"Action": "execute-api:Invoke",
"Condition": {
"IpAddress": {
"aws:SourceIp": ["203.0.113.0/24", "2001:DB8:1234:5678::/64"]
}
},
"Effect": "Deny",
"Resource": ["arn:aws:execute-api:*:12345:*:*:PUT:/media"]
},
{
"Action": "execute-api:Invoke",
"Effect": "Deny",
"Resource": ["arn:aws:execute-api:*:12345:*:*:DELETE:/media"]
}
],
"Version": "2012-10-17"
},
"principalId": "*"
}
```