# Simple Authorizer for Amazon API Gateway
This is a simple Lambda authorizer for Amazon API Gateway, designed to protect an HTTP API, placed behind a CloudFront distribution, from direct access. The authorizer checks a secret value from an environment variable against a value received in an HTTP header from the client (CloudFront). If the values match, access is granted.
This authorizer is lightweight and requires minimal resources, making it highly cost-effective for simple use cases. It doesn't use AWS Secrets Manager, make external network calls, or support key rotation, keeping the implementation straightforward.
## Installation
To install the package, run:
```bash
pip install amazon-api-gateway-simple-authorizer
```
## Usage
The Lambda function authorizer can be used to protect API Gateway endpoints by verifying a custom header passed by CloudFront. It compares the header value with a secret API key stored as an environment variable.
### Environment Variables
- `API_KEY`: The secret API key expected from the client (CloudFront).
- `API_KEY_HEADER_NAME`: (Optional) The name of the header that contains the API key. If not set, the default header name `"x-origin-verify"` will be used.
### Lambda Handler
The Lambda function handler is located at:
```plaintext
simple_authorizer.authorizer.handler
```
### Example Event
Here's a sample event that can be passed to the Lambda authorizer:
```json
{
"headers": {
"x-origin-verify": "your-secret-api-key"
}
}
```
If the secret in the `x-origin-verify` header matches the value stored in the `API_KEY` environment variable, the request is authorized.
### Example Usage
To deploy the Lambda authorizer, follow these steps:
1. **Set up Lambda environment variables**:
- `API_KEY`: Your secret key, e.g., `"your-secret-api-key"`.
- `API_KEY_HEADER_NAME`: (Optional) If you want to use a custom header name, e.g., `"x-api-key"`. If not set, the default is `"x-origin-verify"`.
2. **Deploy your Lambda function** using the AWS Management Console or AWS CLI and ensure the handler is set to `simple_authorizer.authorizer.handler`.
3. **Configure API Gateway**:
- In your API Gateway, set up a custom authorizer and select the Lambda function as the authorizer.
- Use the matching header (default: `"x-origin-verify"`, or your custom value set by `API_KEY_HEADER_NAME`) in your CloudFront configuration to pass the API key.
### Performance and Cost Recommendations
- **Memory**: Allocate 128MB of memory to the Lambda function for optimal cost efficiency.
- **Timeout**: Set the timeout to 3 seconds, as the function is lightweight and doesn't require more time even with the cold start.
- **Caching**: Cache the authorization result for the maximum allowed time (1 hour) for both performance and cost savings.
## Limitations
- This solution does **not support key rotation**.
- It does **not integrate with AWS Secrets Manager** or any external key storage service.
- It requires manual updates for key changes.
## License
This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
## Disclaimer
This software product is not affiliated with, endorsed by, or sponsored by Amazon Web Services (AWS) or Amazon.com, Inc. The use of the term "AWS" is solely for descriptive purposes to indicate that the software is compatible with AWS services. Amazon Web Services and AWS are trademarks of Amazon.com, Inc. or its affiliates.
Raw data
{
"_id": null,
"home_page": "https://github.com/efficient-solutions/amazon-api-gateway-simple-authorizer",
"name": "amazon-api-gateway-simple-authorizer",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "Amazon API Gateway, Amazon CloudFront, AWS Lambda",
"author": "Efficient Solutions LLC",
"author_email": "contact@efficient.solutions",
"download_url": "https://files.pythonhosted.org/packages/21/4f/bb1af4e9e38270991700c516c3d4b4834ed73116cbc4810ad2279ac7319f/amazon-api-gateway-simple-authorizer-0.1.0.tar.gz",
"platform": null,
"description": "# Simple Authorizer for Amazon API Gateway\n\nThis is a simple Lambda authorizer for Amazon API Gateway, designed to protect an HTTP API, placed behind a CloudFront distribution, from direct access. The authorizer checks a secret value from an environment variable against a value received in an HTTP header from the client (CloudFront). If the values match, access is granted.\n\nThis authorizer is lightweight and requires minimal resources, making it highly cost-effective for simple use cases. It doesn't use AWS Secrets Manager, make external network calls, or support key rotation, keeping the implementation straightforward.\n\n## Installation\n\nTo install the package, run:\n\n```bash\npip install amazon-api-gateway-simple-authorizer\n```\n\n## Usage\n\nThe Lambda function authorizer can be used to protect API Gateway endpoints by verifying a custom header passed by CloudFront. It compares the header value with a secret API key stored as an environment variable.\n\n### Environment Variables\n\n- `API_KEY`: The secret API key expected from the client (CloudFront).\n- `API_KEY_HEADER_NAME`: (Optional) The name of the header that contains the API key. If not set, the default header name `\"x-origin-verify\"` will be used.\n\n### Lambda Handler\n\nThe Lambda function handler is located at:\n\n```plaintext\nsimple_authorizer.authorizer.handler\n```\n\n### Example Event\n\nHere's a sample event that can be passed to the Lambda authorizer:\n\n```json\n{\n \"headers\": {\n \"x-origin-verify\": \"your-secret-api-key\"\n }\n}\n```\n\nIf the secret in the `x-origin-verify` header matches the value stored in the `API_KEY` environment variable, the request is authorized.\n\n### Example Usage\n\nTo deploy the Lambda authorizer, follow these steps:\n\n1. **Set up Lambda environment variables**:\n - `API_KEY`: Your secret key, e.g., `\"your-secret-api-key\"`.\n - `API_KEY_HEADER_NAME`: (Optional) If you want to use a custom header name, e.g., `\"x-api-key\"`. If not set, the default is `\"x-origin-verify\"`.\n\n2. **Deploy your Lambda function** using the AWS Management Console or AWS CLI and ensure the handler is set to `simple_authorizer.authorizer.handler`.\n\n3. **Configure API Gateway**:\n - In your API Gateway, set up a custom authorizer and select the Lambda function as the authorizer.\n - Use the matching header (default: `\"x-origin-verify\"`, or your custom value set by `API_KEY_HEADER_NAME`) in your CloudFront configuration to pass the API key.\n\n### Performance and Cost Recommendations\n\n- **Memory**: Allocate 128MB of memory to the Lambda function for optimal cost efficiency.\n- **Timeout**: Set the timeout to 3 seconds, as the function is lightweight and doesn't require more time even with the cold start.\n- **Caching**: Cache the authorization result for the maximum allowed time (1 hour) for both performance and cost savings.\n\n## Limitations\n\n- This solution does **not support key rotation**.\n- It does **not integrate with AWS Secrets Manager** or any external key storage service.\n- It requires manual updates for key changes.\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.\n\n## Disclaimer\n\nThis software product is not affiliated with, endorsed by, or sponsored by Amazon Web Services (AWS) or Amazon.com, Inc. The use of the term \"AWS\" is solely for descriptive purposes to indicate that the software is compatible with AWS services. Amazon Web Services and AWS are trademarks of Amazon.com, Inc. or its affiliates.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Simple Lambda authorizer for HTTP API behind CloudFront",
"version": "0.1.0",
"project_urls": {
"Homepage": "https://github.com/efficient-solutions/amazon-api-gateway-simple-authorizer"
},
"split_keywords": [
"amazon api gateway",
" amazon cloudfront",
" aws lambda"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "d2033212515ef9dd2d2c1f19db1f5f3733f6f14fc6a98a5752ce58f4dd6f4403",
"md5": "3637527e24336015b9c26544c460ba2f",
"sha256": "a41271e9b195fa8df70a2cb32e20ba0a2f170e7fa9d5490ff8452d8f18ff6249"
},
"downloads": -1,
"filename": "amazon_api_gateway_simple_authorizer-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "3637527e24336015b9c26544c460ba2f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 5274,
"upload_time": "2024-09-13T01:08:56",
"upload_time_iso_8601": "2024-09-13T01:08:56.512033Z",
"url": "https://files.pythonhosted.org/packages/d2/03/3212515ef9dd2d2c1f19db1f5f3733f6f14fc6a98a5752ce58f4dd6f4403/amazon_api_gateway_simple_authorizer-0.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "214fbb1af4e9e38270991700c516c3d4b4834ed73116cbc4810ad2279ac7319f",
"md5": "4f45ebcd2dce3c4a4d7771c66f3a117e",
"sha256": "ed53dde3b5c872633002fd3825ad48137b3bdc47d4aa443d0653e4a5b4a3eeee"
},
"downloads": -1,
"filename": "amazon-api-gateway-simple-authorizer-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "4f45ebcd2dce3c4a4d7771c66f3a117e",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 6316,
"upload_time": "2024-09-13T01:08:58",
"upload_time_iso_8601": "2024-09-13T01:08:58.472591Z",
"url": "https://files.pythonhosted.org/packages/21/4f/bb1af4e9e38270991700c516c3d4b4834ed73116cbc4810ad2279ac7319f/amazon-api-gateway-simple-authorizer-0.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-13 01:08:58",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "efficient-solutions",
"github_project": "amazon-api-gateway-simple-authorizer",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "pytest",
"specs": [
[
"<",
"8.4"
],
[
">=",
"8.3"
]
]
},
{
"name": "twine",
"specs": [
[
"<",
"5.2"
],
[
">=",
"5.1"
]
]
}
],
"lcname": "amazon-api-gateway-simple-authorizer"
}
JSON
