AWS Custom Lambda

AWS Lambda enables you to build and connect cloud services and internal web apps by writing single-purpose functions that are attached to events emitted from your cloud infrastructure and services.

Its serverless architecture frees you to write, test, and deploy functions quickly without having to manage infrastructure setup.

With this integration, you can connect your internal applications to AWS Lambda functions and manage access to those applications with Apono.

Prerequisites

Before starting this integration, create the items listed in the following table.

Item Description

Apono Connector On-prem connection serving as a bridge between your AWS Lambda functions and Apono

Minimum Required Version: 1.4.1

Use the following steps to update an existing connector.

Item	Description
Apono Connector	On-prem connection serving as a bridge between your AWS Lambda functions and Apono Minimum Required Version: 1.4.1 Use the following steps to update an existing connector.
Lambda Function	Named function set up within AWS Lambda 💡 When creating the Lambda function, apply the tag `apono-connector-access: "true"`. Sample Function function listResources(params) { return { resources: [ { 'id': 'resource1', 'name': 'Resource 1', 'type': params.resource_type }, { 'id': 'resource2', 'name': 'Resource 2', 'type': params.resource_type }, { 'id': 'resource3', 'name': 'Resource 3', 'type': params.resource_type }, ], permissions: [ { 'id': 'admin', 'name': 'Admin' }, { 'id': 'reader', 'name': 'Reader' } ] }; } function grantAccess(params) { const username = params.username; const grantId = params.grant_id; const resources = params.resources; const permission = params.permission; const param1 = params.custom_parameters.param1 const param2 = params.custom_parameters.param2 console.log(param1) console.log(param2) return { status: 'ok' }; } function revokeAccess(params) { const username = params.username; const grantId = params.grant_id; const resources = params.resources; const permission = params.permission; const param1 = params.custom_parameters.param1 const param2 = params.custom_parameters.param2 return { status: 'ok' }; } export const handler = async (event) => { const params = event.params; switch (event.event_type) { case 'list-resources': return listResources(params); case 'grant-access': return grantAccess(params); case 'revoke-access': return revokeAccess(params); case 'create-credentials': return { status: 'ok', secret: 'created-credentials-secret' } case 'reset-credentials': return { status: 'ok', secret: 'reset-credentials-secret' } default: return 'ok'; } };

Lambda Function

Named function set up within AWS Lambda

💡
When creating the Lambda function, apply the tag
apono-connector-access: "true".

Sample Function

function
 listResources(params) {
  return {
    resources: [
      {
        'id': 'resource1',
        'name': 'Resource 1',
        'type': params.resource_type
      },
      {
        'id': 'resource2',
        'name': 'Resource 2',
        'type': params.resource_type
      },
      {
        'id': 'resource3',
        'name': 'Resource 3',
        'type': params.resource_type
      },
    ],
    permissions: [
      {
        'id': 'admin',
        'name': 'Admin'
      },
      {
        'id': 'reader',
        'name': 'Reader'
      }
    ]
  };
}
function grantAccess(params) {
  const username = params.username;
  const grantId = params.grant_id;
  const resources = params.resources;
  const permission = params.permission;
  
  const param1 = params.custom_parameters.param1
  const param2 = params.custom_parameters.param2
  console.log(param1)
  console.log(param2)
  
  return {
    status: 'ok'
  };
}
function revokeAccess(params) {
  const username = params.username;
  const grantId = params.grant_id;
  const resources = params.resources;
  const permission = params.permission;
  const param1 = params.custom_parameters.param1
  const param2 = params.custom_parameters.param2
  
  return {
    status: 'ok'
  };
}
export const handler = async (event) => {
  const params = event.params;
  
  switch (event.event_type) {
    case 'list-resources':
      return listResources(params);
    case 'grant-access':
      return grantAccess(params);
    case 'revoke-access':
      return revokeAccess(params);
    case 'create-credentials':
      return {
        status: 'ok',
        secret: 'created-credentials-secret'
      }
    case 'reset-credentials':
      return {
        status: 'ok',
        secret: 'reset-credentials-secret'
      }
    default:
      return 'ok';
  }
};

Integrate AWS Custom Lambda

Use the following steps to complete the integration:

On the Catalog tab, click AWS Custom Lambda. The Connect AWS Custom Lambda page appears.
From the dropdown menu, select a connector.

💡
If the desired connector is not listed, click + Add new connector and follow the instructions for creating an AWS connector.
Click Next. The Complete setup page appears.
Enter a unique, alphanumeric, user-friendly Integration Name. This name is used to identify this integration when constructing an Access Flow.
Enter an Access Details message that explains how to access the function, such as To access GoodPortal, go to https://good-portal.example.com.
In the Custom Parameters field, add key-value pairs to send to the lambda function. For example, you can provide a lambda function with a redirect URL that is used for internal provisioning access and passed as part of the action requests.
From the Region dropdown menu, select the region of the AWS Lambda instance.
Enter the Function Name of the named AWS Lambda function.
Click Connect.

Now that you have completed this integration, you can create access flows that grant permission to your AWS Lambda function.