https://github.com/mjovanc/rust-aws-lambda

A simple example using Rust + AWS Lambda + Terraform.
https://github.com/mjovanc/rust-aws-lambda

aws aws-lambda cargo-lambda rust terraform

Last synced: 1 day ago
JSON representation

A simple example using Rust + AWS Lambda + Terraform.

• Host: GitHub
• URL: https://github.com/mjovanc/rust-aws-lambda
• Owner: mjovanc
• License: gpl-3.0
• Created: 2024-01-31T12:05:49.000Z (10 months ago)
• Default Branch: master
• Last Pushed: 2024-04-29T12:46:14.000Z (7 months ago)
• Last Synced: 2024-04-29T13:55:25.104Z (7 months ago)
• Topics: aws, aws-lambda, cargo-lambda, rust, terraform
• Language: Rust
• Homepage:
• Size: 51.8 KB
• Stars: 5
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Rust + AWS Lambda 

![build](https://img.shields.io/github/actions/workflow/status/mjovanc/rust-aws-lambda/ci.yml?branch=master)

[![rust-aws-lambda: rustc 1.75+](https://img.shields.io/badge/compiler-rustc_1.75+-lightgray.svg)](https://blog.rust-lang.org/2023/11/16/Rust-1.74.0.html)

This project is intended to demonstrate how to build a simple HTTP function in Rust and provision it to AWS with AWS Lambda using Terraform.

## Getting Started

First we need to configure AWS, so you have the access to provision necessary infrastructure on AWS.

### Create the GitHub Identity Provider

Navigate to IAM > Identity providers and create a new provider. Select OpenID Connect and add the following:

**Provider URL:** `https://token.actions.githubusercontent.com` \

**Audience:** `sts.amazonaws.com`

### Create the AWS role

Navigate to IAM > Roles and create a new role. Select **Web Identity** and choose the just created identity provider. Add the permissions you want to role to have, in this example we will use the AWS managed permission **AdministratorAccess** (please do not use it in production).

After the role has been created we are going to add the GitHub repo to the Trust relationships. After editing the trusted entities JSON should look something like this:

```json

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Effect": "Allow",

            "Principal": {

                "Federated": "arn:aws:iam::12345678:oidc-provider/token.actions.githubusercontent.com"

            },

            "Action": "sts:AssumeRoleWithWebIdentity",

            "Condition": {

                "StringEquals": {

                    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"

                },

                "StringLike": {

                    "token.actions.githubusercontent.com:sub": "repo:mjovanc/rust-aws-lambda:*"

                }

            }

        }

    ]

}

```

### Add `permissions` to the job in `ci.yml`

```yaml

permissions:

  id-token: write # This is required for requesting the JWT

  contents: read  # This is required for actions/checkout

```

### Update the AWS configure action in `ci.yml`

We need to update the `role-to-assume` to match your IAM account number and the role name.

```yaml

- name: Configure AWS Credentials

  uses: aws-actions/configure-aws-credentials@v2

  with:

    role-to-assume: arn:aws:iam::12345678:role/YourRoleNameHere

    aws-region: eu-west-1

```

Now you should be good to go and can run run the workflow.

## License

The GPLv3 License.