AWS Custom Lambda

AWS Lambda is a powerful, serverless compute service that runs your code in response to events and automatically manages the compute resources for you.

Through this integration, Apono helps you securely manage access to an AWS Lambda function.

Prerequisites

Before starting this integration, create the items listed in the following table.

Item Description

Item	Description
Apono Connector	On-prem connection serving as a bridge between your AWS Lambda functions and Apono Minimum Required Version: 1.4.1 Use the following steps to update an existing connector: On the Connector page, click ⋮ > Edit. The Edit the Connector page appears. Click Update Connector.
Secret	Value generated through AWS Secrets Manager Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security.
Lambda Function	Named function set up within AWS Lambda Sample Function function listResources(params) { return { resources: [ { 'id': 'resource1', 'name': 'Resource 1', 'type': params.resource_type }, { 'id': 'resource2', 'name': 'Resource 2', 'type': params.resource_type }, { 'id': 'resource3', 'name': 'Resource 3', 'type': params.resource_type }, ], permissions: [ { 'id': 'admin', 'name': 'Admin' }, { 'id': 'reader', 'name': 'Reader' } ] }; } function grantAccess(params) { const username = params.username; const grantId = params.grant_id; const resources = params.resources; const permission = params.permission; const param1 = params.custom_parameters.param1 const param2 = params.custom_parameters.param2 console.log(param1) console.log(param2) return { status: 'ok' }; } function revokeAccess(params) { const username = params.username; const grantId = params.grant_id; const resources = params.resources; const permission = params.permission; const param1 = params.custom_parameters.param1 const param2 = params.custom_parameters.param2 return { status: 'ok' }; } export const handler = async (event) => { const params = event.params; switch (event.event_type) { case 'list-resources': return listResources(params); case 'grant-access': return grantAccess(params); case 'revoke-access': return revokeAccess(params); case 'create-credentials': return { status: 'ok', secret: 'created-credentials-secret' } case 'reset-credentials': return { status: 'ok', secret: 'reset-credentials-secret' } default: return 'ok'; } };

Apono Connector

On-prem connection serving as a bridge between your AWS Lambda functions and Apono

Minimum Required Version: 1.4.1

Use the following steps to update an existing connector:

On the Connector page, click ⋮ > Edit. The Edit the Connector page appears.
Click Update Connector.

Secret Value generated through AWS Secrets Manager

Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security.

Lambda Function

Named function set up within AWS Lambda

Sample Function

function
 listResources(params) {
  return {
    resources: [
      {
        'id': 'resource1',
        'name': 'Resource 1',
        'type': params.resource_type
      },
      {
        'id': 'resource2',
        'name': 'Resource 2',
        'type': params.resource_type
      },
      {
        'id': 'resource3',
        'name': 'Resource 3',
        'type': params.resource_type
      },
    ],
    permissions: [
      {
        'id': 'admin',
        'name': 'Admin'
      },
      {
        'id': 'reader',
        'name': 'Reader'
      }
    ]
  };
}
function grantAccess(params) {
  const username = params.username;
  const grantId = params.grant_id;
  const resources = params.resources;
  const permission = params.permission;
  
  const param1 = params.custom_parameters.param1
  const param2 = params.custom_parameters.param2
  console.log(param1)
  console.log(param2)
  
  return {
    status: 'ok'
  };
}
function revokeAccess(params) {
  const username = params.username;
  const grantId = params.grant_id;
  const resources = params.resources;
  const permission = params.permission;
  const param1 = params.custom_parameters.param1
  const param2 = params.custom_parameters.param2
  
  return {
    status: 'ok'
  };
}
export const handler = async (event) => {
  const params = event.params;
  
  switch (event.event_type) {
    case 'list-resources':
      return listResources(params);
    case 'grant-access':
      return grantAccess(params);
    case 'revoke-access':
      return revokeAccess(params);
    case 'create-credentials':
      return {
        status: 'ok',
        secret: 'created-credentials-secret'
      }
    case 'reset-credentials':
      return {
        status: 'ok',
        secret: 'reset-credentials-secret'
      }
    default:
      return 'ok';
  }
};

Integrate AWS Custom Lambda

Use the following steps to complete the integration:

On the Catalog tab, click AWS Custom Lambda. The Connect AWS Custom Lambda page appears.
From the dropdown menu, select a connector.
💡
If the desired connector is not listed, click + Add new connector and follow the instructions for creating an AWS connector.

Click Next. The Complete setup page appears.
Enter a unique, alphanumeric, user-friendly Integration Name. This name is used to identify this integration when constructing an Access Flow.
(Optional) Enter an Access Details message that explains how to access the function, such as To access GoodPortal, go to https://good-portal.example.com.
(Optional) In the Custom Parameters field, add key-value pairs to send to the lambda function. For example, you can provide a lambda function with a redirect URL that is used for internal provisioning access and passed as part of the action requests.
From the Region dropdown menu, select the region of the AWS Lambda instance.
Enter the Function Name of the named AWS Lambda function.
Click Connect.

Now that you have completed this integration, you can create access flows that grant permission to your AWS Lambda function.