UNPKG

api-gateway-auth-policy

Version:

A policy generator for an api gateway authorizer

github.com/diogofcunha/api-gateway-auth-policy

diogofcunha/api-gateway-auth-policy

95 lines (81 loc) 2.81 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# api-gateway-auth-policy [![CircleCI](https://circleci.com/gh/diogofcunha/api-gateway-auth-policy.svg?style=svg)](https://circleci.com/gh/diogofcunha/api-gateway-auth-policy) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release) [![npm package][npm-badge]][npm] [npm-badge]: https://img.shields.io/npm/v/api-gateway-auth-policy.png?style=flat-square [npm]: https://www.npmjs.com/package/api-gateway-auth-policy This package aims to solve the problem of generating AWS auth policies for API gateways lambda authorizers. Authorizers an easy and combinient way to secure your aws lambda invokations, to find more about it consult [aws docs](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html). Being written in typescript, this package aims to be 100% type safe, avoiding common mistakes and being self documented. ## Install ```shell yarn add api-gateway-auth-policy ``` ## Usage example The public methods exposed by the api are all chainable. ```typescript const optionalConfig = { region: 'eu-west-1', stage: 'production', apiId: 'xxxxxxxxxx', }; const accountId = '12345'; new ApiGatewayAuthPolicy(accountId, optionalConfig) .allowMethod(HttpVerb.GET, '/media', { StringEquals: {'aws:username': 'johndoe'}, }) .allowMethod(HttpVerb.PATCH, '/media') .allowMethod(HttpVerb.POST, '/media') .denyMethod(HttpVerb.DELETE, '/media') .denyMethod(HttpVerb.PUT, '/media', { IpAddress: { 'aws:SourceIp': ['203.0.113.0/24', '2001:DB8:1234:5678::/64'], }, }) .render('principalId'); ``` ## Generated policy example ```json { "context": { "isSecured": true, "name": "diogo" }, "policyDocument": { "Statement": [ { "Action": "execute-api:Invoke", "Condition": { "StringEquals": { "aws:username": "johndoe" } }, "Effect": "Allow", "Resource": ["arn:aws:execute-api:*:12345:*:*:GET:/media"] }, { "Action": "execute-api:Invoke", "Effect": "Allow", "Resource": ["arn:aws:execute-api:*:12345:*:*:PATCH:/media", "arn:aws:execute-api:*:12345:*:*:POST:/media"] }, { "Action": "execute-api:Invoke", "Condition": { "IpAddress": { "aws:SourceIp": ["203.0.113.0/24", "2001:DB8:1234:5678::/64"] } }, "Effect": "Deny", "Resource": ["arn:aws:execute-api:*:12345:*:*:PUT:/media"] }, { "Action": "execute-api:Invoke", "Effect": "Deny", "Resource": ["arn:aws:execute-api:*:12345:*:*:DELETE:/media"] } ], "Version": "2012-10-17" }, "principalId": "*" } ```