caching and oauth client credentials layer for lambda
- the extension will start a http server in
initphase at port8081 - in invoke phase, function can send request to
localhost:8081with headerHost: example.com, the request will automatically authenticated then proxy toexample.com - extension turns off the server when receiving
shutdownevent
example: add extension to a Python image
FROM public.ecr.aws/lambda/python:3.8
# Copy and install the app
COPY /app /app
WORKDIR /app
RUN pip install -r requirements.txt
# extract the extension into root folder
ADD extension.tar.gz /
CMD python ./index.py
config can be add as file or inline through environment variables ALOE_CONFIG
- Add config file to image
...
# app config into image
ADD config.dhall /opt/extensions/
# extract the extension into root folder
ADD extension.tar.gz /
...
- add env to lambda
ALOE_CONFIG=/opt/extensions/config.dhall
use ./examples/template.dhall
dhall-to-yaml <<< './examples/template.dhall {
, name = "test"
, imageUri = "ecr.my.image:version"
, aloeConfig = ./config.dhall as Text
}'
curl https://nixos.org/nix/install | sh
nix-env -i stack
stack build
nix-build
binary will be generated in ./result/bin/aws-lambda-oauth-extension-exe
- on Linux
docker load < $(nix-build docker.nix)
docker image is tagged ghcr.io/myob-technology/aws-lambda-oauth-extension:latest
- on macOS
docker-compose run --rm build-image
docker load < image.gz
nix-shell --run 'bats test'