api-gateway-auth-policy
TypeScript icon, indicating that this package has built-in type declarations

1.0.1 • Public • Published

api-gateway-auth-policy

CircleCI semantic-release npm package

This package aims to solve the problem of generating AWS auth policies for API gateways lambda authorizers. Authorizers an easy and combinient way to secure your aws lambda invokations, to find more about it consult aws docs.

Being written in typescript, this package aims to be 100% type safe, avoiding common mistakes and being self documented.

Install

yarn add api-gateway-auth-policy

Usage example

The public methods exposed by the api are all chainable.

const optionalConfig = {
  region: 'eu-west-1',
  stage: 'production',
  apiId: 'xxxxxxxxxx',
};
 
const accountId = '12345';
 
new ApiGatewayAuthPolicy(accountId, optionalConfig)
  .allowMethod(HttpVerb.GET, '/media', {
    StringEquals: {'aws:username': 'johndoe'},
  })
  .allowMethod(HttpVerb.PATCH, '/media')
  .allowMethod(HttpVerb.POST, '/media')
  .denyMethod(HttpVerb.DELETE, '/media')
  .denyMethod(HttpVerb.PUT, '/media', {
    IpAddress: {
      'aws:SourceIp': ['203.0.113.0/24', '2001:DB8:1234:5678::/64'],
    },
  })
  .render('principalId');

Generated policy example

{
  "context": {
    "isSecured": true,
    "name": "diogo"
  },
  "policyDocument": {
    "Statement": [
      {
        "Action": "execute-api:Invoke",
        "Condition": {
          "StringEquals": {
            "aws:username": "johndoe"
          }
        },
        "Effect": "Allow",
        "Resource": ["arn:aws:execute-api:*:12345:*:*:GET:/media"]
      },
      {
        "Action": "execute-api:Invoke",
        "Effect": "Allow",
        "Resource": ["arn:aws:execute-api:*:12345:*:*:PATCH:/media", "arn:aws:execute-api:*:12345:*:*:POST:/media"]
      },
      {
        "Action": "execute-api:Invoke",
        "Condition": {
          "IpAddress": {
            "aws:SourceIp": ["203.0.113.0/24", "2001:DB8:1234:5678::/64"]
          }
        },
        "Effect": "Deny",
        "Resource": ["arn:aws:execute-api:*:12345:*:*:PUT:/media"]
      },
      {
        "Action": "execute-api:Invoke",
        "Effect": "Deny",
        "Resource": ["arn:aws:execute-api:*:12345:*:*:DELETE:/media"]
      }
    ],
    "Version": "2012-10-17"
  },
  "principalId": "*"
}

Package Sidebar

Install

npm i api-gateway-auth-policy

Weekly Downloads

806

Version

1.0.1

License

MIT

Unpacked Size

108 kB

Total Files

7

Last publish

Collaborators

  • diogofcunha