JSPM

api-gateway-auth-policy

1.0.1
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 980
  • Score
    100M100P100Q99568F
  • License MIT

A policy generator for an api gateway authorizer

Package Exports

  • api-gateway-auth-policy

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (api-gateway-auth-policy) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

api-gateway-auth-policy

CircleCI semantic-release npm package

This package aims to solve the problem of generating AWS auth policies for API gateways lambda authorizers. Authorizers an easy and combinient way to secure your aws lambda invokations, to find more about it consult aws docs.

Being written in typescript, this package aims to be 100% type safe, avoiding common mistakes and being self documented.

Install

yarn add api-gateway-auth-policy

Usage example

The public methods exposed by the api are all chainable.

const optionalConfig = {
  region: 'eu-west-1',
  stage: 'production',
  apiId: 'xxxxxxxxxx',
};

const accountId = '12345';

new ApiGatewayAuthPolicy(accountId, optionalConfig)
  .allowMethod(HttpVerb.GET, '/media', {
    StringEquals: {'aws:username': 'johndoe'},
  })
  .allowMethod(HttpVerb.PATCH, '/media')
  .allowMethod(HttpVerb.POST, '/media')
  .denyMethod(HttpVerb.DELETE, '/media')
  .denyMethod(HttpVerb.PUT, '/media', {
    IpAddress: {
      'aws:SourceIp': ['203.0.113.0/24', '2001:DB8:1234:5678::/64'],
    },
  })
  .render('principalId');

Generated policy example

{
  "context": {
    "isSecured": true,
    "name": "diogo"
  },
  "policyDocument": {
    "Statement": [
      {
        "Action": "execute-api:Invoke",
        "Condition": {
          "StringEquals": {
            "aws:username": "johndoe"
          }
        },
        "Effect": "Allow",
        "Resource": ["arn:aws:execute-api:*:12345:*:*:GET:/media"]
      },
      {
        "Action": "execute-api:Invoke",
        "Effect": "Allow",
        "Resource": ["arn:aws:execute-api:*:12345:*:*:PATCH:/media", "arn:aws:execute-api:*:12345:*:*:POST:/media"]
      },
      {
        "Action": "execute-api:Invoke",
        "Condition": {
          "IpAddress": {
            "aws:SourceIp": ["203.0.113.0/24", "2001:DB8:1234:5678::/64"]
          }
        },
        "Effect": "Deny",
        "Resource": ["arn:aws:execute-api:*:12345:*:*:PUT:/media"]
      },
      {
        "Action": "execute-api:Invoke",
        "Effect": "Deny",
        "Resource": ["arn:aws:execute-api:*:12345:*:*:DELETE:/media"]
      }
    ],
    "Version": "2012-10-17"
  },
  "principalId": "*"
}