Skip to main content

Enables ApiKey functionality (like in ApiGateway V1) for ApiGateway V2.

Project description

B.CfnCustomApiKeyAuthorizer

Pipeline

An AWS CDK resource that enables protection of your public APIs by using Api Keys.

Description

This custom authorizer enables Api Key functionality (just like in ApiGateway V1

Remarks

Biomapas aims to modernise life-science industry by sharing its IT knowledge with other companies and the community. This is an open source library intended to be used by anyone. Improvements and pull requests are welcome.

Related technology

  • Python3
  • AWS CDK
  • AWS CloudFormation
  • AWS API Gateway
  • AWS API Gateway Authorizer
  • AWS Lambda

Assumptions

This project assumes you are an expert in infrastructure-as-code via AWS CloudFormation and AWS CDK. You must clearly understand how AWS API Gateway endpoints are protected with Authorizers / Custom Authorizers and how it is managed via CloudFormation or CDK.

  • Excellent knowledge in IaaC (Infrastructure as a Code) principles.
  • Excellent knowledge in API Gateway, Authorizers.
  • Good experience in AWS CDK and AWS CloudFormation.
  • Good Python skills and basics of OOP.

Useful sources

Install

Before installing this library, ensure you have these tools setup:

  • Python / Pip
  • AWS CDK

To install this project from source run:

pip install .

Or you can install it from a PyPi repository:

pip install b-cfn-custom-api-key-authorizer

Usage & Examples

Firstly, create an api and stage:

from aws_cdk.aws_apigatewayv2 import CfnApi, CfnStage

api = CfnApi(...)
api_stage = CfnStage(...)

Create api key custom authorizer:

from b_cfn_custom_api_key_authorizer.custom_authorizer import ApiKeyCustomAuthorizer

authorizer = ApiKeyCustomAuthorizer(
    scope=Stack(...),
    name='MyCoolAuthorizer',
    api=api,
)

Use that authorizer to protect your routes (endpoints):

from aws_cdk.aws_apigatewayv2 import CfnRoute

route = CfnRoute(
    scope=Stack(...),
    id='DummyRoute',
    api_id=api.ref,
    route_key='GET /dummy/endpoint',
    authorization_type='CUSTOM',
    target=f'integrations/{integration.ref}',
    authorizer_id=authorizer.ref
)

Once your infrastructure is deployed, try calling your api endpoint. You will get "Unauthorized" error.

import urllib3

response = urllib3.PoolManager().request(
    method='GET',
    url='https://your-api-url/dummy/endpoint',
    headers={},
)

>>> response.status
>>> 401

Create ApiKey and ApiSecret by invoking a dedicated api keys generator lambda function:

# Your supplied name for the "ApiKeyCustomAuthorizer".
authorizer_name = 'MyCoolAuthorizer'
# Created generator lambda function name.
function_name = 'GeneratorFunction'
# Full function name is a combination of both.
function_name = authorizer_name + function_name

response = boto3.client('lambda').invoke(
    FunctionName=function_name,
    InvocationType='RequestResponse',
)

response = json.loads(response['Payload'].read())
api_key = response['ApiKey']
api_secret = response['ApiSecret']

Now try calling the same api with api keys:

import urllib3

response = urllib3.PoolManager().request(
    method='GET',
    url='https://your-api-url/dummy/endpoint',
    headers={
        'ApiKey': api_key,
        'ApiSecret': api_secret
    },
)

>>> response.status
>>> 200

Testing

This package has integration tests based on pytest. To run tests simply run:


pytest b_cfn_custom_api_key_authorizer_test/integration/tests

Contribution

Found a bug? Want to add or suggest a new feature? Contributions of any kind are gladly welcome. You may contact us directly, create a pull-request or an issue in github platform. Lets modernize the world together.

Release history

1.1.0

  • Create a dedicated lambda function to generate api keys. You should not interact with the database directly.

1.0.0

  • Prod-ready version.
  • Added documentation.
  • Added more tests.
  • Some code improvements.

0.1.0

  • Initial testing done. Authorizer works.
  • Need more tests and edge case handling before promoting to 1.0.0.

0.0.1

  • Initial build.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

b_cfn_custom_api_key_authorizer-1.1.0.tar.gz (17.4 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file b_cfn_custom_api_key_authorizer-1.1.0.tar.gz.

File metadata

  • Download URL: b_cfn_custom_api_key_authorizer-1.1.0.tar.gz
  • Upload date:
  • Size: 17.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.22.0 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.11.1 keyring/18.0.1 rfc3986/2.0.0 colorama/0.4.3 CPython/3.8.10

File hashes

Hashes for b_cfn_custom_api_key_authorizer-1.1.0.tar.gz
Algorithm Hash digest
SHA256 23af724a6477ca346170e66ffc41a4c8915c8feb83d885862101469650b11546
MD5 2f4c355d47d153e709f0a9873685a34a
BLAKE2b-256 cf49e0eb587898a0c44776a4b91e6239180f889301c0a579bfca865b6ec2adb5

See more details on using hashes here.

File details

Details for the file b_cfn_custom_api_key_authorizer-1.1.0-py3-none-any.whl.

File metadata

  • Download URL: b_cfn_custom_api_key_authorizer-1.1.0-py3-none-any.whl
  • Upload date:
  • Size: 21.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.22.0 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.11.1 keyring/18.0.1 rfc3986/2.0.0 colorama/0.4.3 CPython/3.8.10

File hashes

Hashes for b_cfn_custom_api_key_authorizer-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 549f386ebbe57809a910a057063f8ee6ae3bad1f635ff32754d36ab674bcaadf
MD5 fd1c1d5a2a00ae59201139fc7adbf24d
BLAKE2b-256 89c1c3929d33205e87ed613434c49945f0e6fad7c84dbfb575edb66ea6d8a2d6

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page