rename lambda name

umccr · Nov 7, 2024 · 52d0282 · 52d0282
1 parent 72a5bf5
commit 52d0282
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 32 deletions.
diff --git a/config/constants.ts b/config/constants.ts
@@ -37,10 +37,10 @@ export const vpcProps: VpcLookupOptions = {
 };
 
 /**
- * The SSM Parameter Name for HTTP Lambda Authorizer ARN (admin user pool group)
+ * The SSM Parameter Name for HTTP Lambda Authorizer ARN defined in authorization stack manager
  */
-export const adminHttpLambdaAuthorizerParameterName =
-  '/orcabus/authorization-stack/admin-http-lambda-authorization-arn';
+export const authStackHttpLambdaAuthorizerParameterName =
+  '/orcabus/authorization-stack/http-lambda-authorization-arn';
 
 // upstream infra: cognito
 export const cognitoPortalAppClientIdParameterName =

diff --git a/config/stacks/authorizationManager.ts b/config/stacks/authorizationManager.ts
@@ -4,7 +4,7 @@ import {
   region,
   accountIdAlias,
   AppStage,
-  adminHttpLambdaAuthorizerParameterName,
+  authStackHttpLambdaAuthorizerParameterName,
 } from '../constants';
 
 export const getAuthorizationManagerStackProps = (
@@ -16,6 +16,6 @@ export const getAuthorizationManagerStackProps = (
       region: region,
       accountNumber: accountIdAlias[stage],
     },
-    adminHttpLambdaAuthorizerParameterName: adminHttpLambdaAuthorizerParameterName,
+    authStackHttpLambdaAuthorizerParameterName: authStackHttpLambdaAuthorizerParameterName,
   };
 };
diff --git a/lib/workload/components/api-gateway/README.md b/lib/workload/components/api-gateway/README.md
@@ -20,7 +20,7 @@ new HttpRoute(this, 'GetHttpRoute', {
 new HttpRoute(this, 'PostHttpRoute', {
   httpApi: httpApi,
   integration: apiIntegration,
-  authorizer: apiGateway.cognitoAdminGroupAuthorizer,
+  authorizer: apiGateway.authStackHttpLambdaAuthorizer,
   routeKey: HttpRouteKey.with('/{proxy+}', HttpMethod.POST),
 });
 ```
diff --git a/lib/workload/components/api-gateway/index.ts b/lib/workload/components/api-gateway/index.ts
@@ -13,7 +13,7 @@ import { ARecord, HostedZone, RecordTarget } from 'aws-cdk-lib/aws-route53';
 import { Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
 import { Function } from 'aws-cdk-lib/aws-lambda';
 import { ApiGatewayv2DomainProperties } from 'aws-cdk-lib/aws-route53-targets';
-import { adminHttpLambdaAuthorizerParameterName } from '../../../../config/constants';
+import { authStackHttpLambdaAuthorizerParameterName } from '../../../../config/constants';
 
 export interface ApiGwLogsConfig {
   /**
@@ -62,7 +62,7 @@ export interface ApiGatewayConstructProps {
 export class ApiGatewayConstruct extends Construct {
   private readonly _httpApi: HttpApi;
   private readonly _domainName: string;
-  readonly cognitoAdminGroupAuthorizer: HttpLambdaAuthorizer;
+  readonly authStackHttpLambdaAuthorizer: HttpLambdaAuthorizer;
 
   constructor(scope: Construct, id: string, props: ApiGatewayConstructProps) {
     super(scope, id);
@@ -109,8 +109,8 @@ export class ApiGatewayConstruct extends Construct {
       },
     });
 
-    this.cognitoAdminGroupAuthorizer = this.getCognitoAdminGroupHTTPAuthorizer(
-      adminHttpLambdaAuthorizerParameterName
+    this.authStackHttpLambdaAuthorizer = this.getAuthStackHTTPLambdaAuthorizer(
+      authStackHttpLambdaAuthorizerParameterName
     );
 
     new ARecord(this, 'CustomDomainARecord', {
@@ -202,28 +202,28 @@ export class ApiGatewayConstruct extends Construct {
   }
 
   /**
-   * Get the Cognito Admin Group HTTP Lambda Authorizer
-   * @param adminHttpLambdaAuthorizerParameterName The SSM Parameter Name that stores the ARN of the lambda authorizer
+   * Get the HTTP Lambda Authorizer defined in the authorization stack manager
+   * @param authStackHttpLambdaAuthorizerParameterName The SSM Parameter Name that stores the ARN of the lambda authorizer
    * @returns
    */
-  private getCognitoAdminGroupHTTPAuthorizer(adminHttpLambdaAuthorizerParameterName: string) {
+  private getAuthStackHTTPLambdaAuthorizer(authStackHttpLambdaAuthorizerParameterName: string) {
     const lambdaArn = StringParameter.valueForStringParameter(
       this,
-      adminHttpLambdaAuthorizerParameterName
+      authStackHttpLambdaAuthorizerParameterName
     );
 
     // Get the lambda HTTP authorizer defined in the authorization stack manager
     const lambdaAuthorizer = Function.fromFunctionAttributes(
       this,
-      'AdminGroupHTTPAuthorizerLambda',
+      'AuthStackHTTPLambdaAuthorizer',
       {
         functionArn: lambdaArn,
         sameEnvironment: true,
       }
     );
 
-    return new HttpLambdaAuthorizer('AdminGroupLambdaAuthorizer', lambdaAuthorizer, {
-      authorizerName: 'CognitoAdminGroupLambdaAuthorizer',
+    return new HttpLambdaAuthorizer('AuthStackLambdaHttpAuthorizer', lambdaAuthorizer, {
+      authorizerName: 'AuthStackHTTPLambdaAuthorizer',
       responseTypes: [HttpLambdaResponseType.SIMPLE],
     });
   }

diff --git a/lib/workload/stateful/stacks/authorization-manager/README.md b/lib/workload/stateful/stacks/authorization-manager/README.md
@@ -4,7 +4,7 @@ This stack contains resources that handle authorization requests.
 
 ## AWS Verified Permissions
 
-The current stack deploys AWS Verified Permissions, defining an identity source and policies as described below. A HTTP Lambda Authorizer is also included for use with other stacks.
+The current stack deploys AWS Verified Permissions, defining an identity source and policies as described below. An HTTP Lambda Authorizer is included for use in stacks where routes/methods need to comply with this policy. The Lambda ARN is stored in an SSM Parameter String defined in `config/constants.ts` as the `authStackHttpLambdaAuthorizerParameterName` constant.
 
 ### Identity Source
 
@@ -21,6 +21,3 @@ The current stack deploys AWS Verified Permissions, defining an identity source
 
   A static policy defined in the stack that allows anyone in the `admin` group of the Cognito user pool to perform any
   action. This essentially checks if a user is in the `admin` group, integrated with the Cognito setup.
-
-  The HTTP Lambda Authorizer is also defined for use in stacks where routes/methods need to comply with this policy. The
-  Lambda ARN is stored in SSM Parameter String defined in `config/constants.ts` as the `adminHttpLambdaAuthorizerParameterName` constant.
diff --git a/...bda-authorizer/admin_access_authorizer.py → ...http-lambda-authorizer/http_authorizer.py b/...bda-authorizer/admin_access_authorizer.py → ...http-lambda-authorizer/http_authorizer.py
diff --git a/lib/workload/stateful/stacks/authorization-manager/stack.ts b/lib/workload/stateful/stacks/authorization-manager/stack.ts
@@ -11,7 +11,7 @@ import { PolicyStatement } from 'aws-cdk-lib/aws-iam';
 
 export interface AuthorizationManagerStackProps {
   cognito: CognitoConfig;
-  adminHttpLambdaAuthorizerParameterName: string;
+  authStackHttpLambdaAuthorizerParameterName: string;
 }
 
 interface CognitoConfig {
@@ -50,7 +50,7 @@ export class AuthorizationManagerStack extends Stack {
     this.setupTokenLambdaAuthorization({
       policyStoreARN: policyStore.attrArn,
       policyStoreId: policyStore.attrPolicyStoreId,
-      adminHttpLambdaAuthorizerParameterName: props.adminHttpLambdaAuthorizerParameterName,
+      authStackHttpLambdaAuthorizerParameterName: props.authStackHttpLambdaAuthorizerParameterName,
     });
   }
 
@@ -108,13 +108,13 @@ export class AuthorizationManagerStack extends Stack {
   private setupTokenLambdaAuthorization(props: {
     policyStoreId: string;
     policyStoreARN: string;
-    adminHttpLambdaAuthorizerParameterName: string;
+    authStackHttpLambdaAuthorizerParameterName: string;
   }) {
-    const adminLambdaAuth = new PythonFunction(this, 'AdminHTTPAuthorizerLambda', {
+    const lambdaAuth = new PythonFunction(this, 'HTTPAuthorizerLambda', {
       entry: path.join(__dirname, 'http-lambda-authorizer'),
       architecture: Architecture.ARM_64,
       runtime: Runtime.PYTHON_3_12,
-      index: 'admin_access_authorizer.py',
+      index: 'http_authorizer.py',
       retryAttempts: 0,
       environment: { POLICY_STORE_ID: props.policyStoreId },
       initialPolicy: [
@@ -125,11 +125,11 @@ export class AuthorizationManagerStack extends Stack {
       ],
     });
 
-    new StringParameter(this, 'AdminHTTPAuthorizerLambdaARNParameter', {
-      parameterName: props.adminHttpLambdaAuthorizerParameterName,
+    new StringParameter(this, 'HTTPAuthorizerLambdaARNParameter', {
+      parameterName: props.authStackHttpLambdaAuthorizerParameterName,
       description:
-        'ARN of the HTTP lambda authorizer that allow access for admin in the cognito user pool group',
-      stringValue: adminLambdaAuth.functionArn,
+        'ARN of the HTTP lambda authorizer that allow access defined in Amazon Verified Permission',
+      stringValue: lambdaAuth.functionArn,
     });
   }
 }
diff --git a/lib/workload/stateless/stacks/filemanager/deploy/stack.ts b/lib/workload/stateless/stacks/filemanager/deploy/stack.ts
@@ -153,14 +153,14 @@ export class Filemanager extends Stack {
     new HttpRoute(this, 'PatchHttpRoute', {
       httpApi: httpApi,
       integration: apiIntegration,
-      authorizer: apiGateway.cognitoAdminGroupAuthorizer,
+      authorizer: apiGateway.authStackHttpLambdaAuthorizer,
       routeKey: HttpRouteKey.with('/{proxy+}', HttpMethod.PATCH),
     });
 
     new HttpRoute(this, 'PostHttpRoute', {
       httpApi: httpApi,
       integration: apiIntegration,
-      authorizer: apiGateway.cognitoAdminGroupAuthorizer,
+      authorizer: apiGateway.authStackHttpLambdaAuthorizer,
       routeKey: HttpRouteKey.with('/{proxy+}', HttpMethod.POST),
     });