From b7b635d68b9ad6a4d16f7767f491111d564d91f0 Mon Sep 17 00:00:00 2001 From: Andrew Patterson Date: Tue, 11 Jan 2022 15:22:57 +1100 Subject: [PATCH] Added iam/ prefix mirror of API Added iam/ prefix to routes --- data_portal/urls.py | 3 +++ serverless.yml | 15 +++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/data_portal/urls.py b/data_portal/urls.py index f9cfa99a..5d3da1ef 100644 --- a/data_portal/urls.py +++ b/data_portal/urls.py @@ -61,6 +61,9 @@ path('files', views.search_file, name='file-search'), path('file-signed-url', views.sign_s3_file, name='file-signed-url'), path('storage-stats', views.storage_stats, name='storage-stats'), + # we mirror the API surface at /iam/ - and set that path up in sls with an IAM authorizer as opposed to a JWT one + path('iam/', include(router.urls)), + # the main API surface authenticated using JWTs path('', include(router.urls)), ] diff --git a/serverless.yml b/serverless.yml index f29bf836..5dbcb124 100644 --- a/serverless.yml +++ b/serverless.yml @@ -21,6 +21,8 @@ provider: iam: role: ${ssm:/data_portal/backend/lambda_iam_role_arn} endpointType: regional + logs: + httpApi: true httpApi: disableDefaultEndpoint: true payload: '2.0' @@ -89,6 +91,17 @@ functions: path: /{proxy+} method: POST authorizer: cognitoJwtAuthorizer + # we mirror the API onto /iam/* and allow IAM access + - httpApi: + path: /iam/{proxy+} + method: GET + authorizer: + type: aws_iam + - httpApi: + path: /iam/{proxy+} + method: POST + authorizer: + type: aws_iam timeout: 28 migrate: @@ -300,6 +313,8 @@ custom: app: data_portal.wsgi.application packRequirements: false pythonRequirements: + # lambci don't seem to be updating their images so there is currently no python 3.9 without using custom + dockerImage: mlupin/docker-lambda:python3.9-build dockerizePip: non-linux layer: true zip: false