/aws-services-federation

API Gateway and Lambda Function to manage AWS Account Federation

Primary LanguageJavaScript

Account Federation

API Gateway and Lambda Function to manage AWS Account Federation

aws-services

How to Execute API Gateway Interface

Path

/federation?federateAccount=<federate_account_num>&federateRoleName=<federate_role_name>&account=<target_account_num>&roleName=<target_account_role_name>

Headers

Authorization:<refresh_token_to_validate_by_custom_authroizer>
roleExternalId:<externl_id_of_target_account_to_federate>

Return Value

{"statusCode":200,"body":{"ResponseMetadata":{"RequestId":""},"Credentials":{"AccessKeyId":"","SecretAccessKey":"","SessionToken":"","Expiration":""},"AssumedRoleUser":{"AssumedRoleId":"","Arn":""}}}

How To Setup a CodePipeline

Launch Stack

Input Parameter Values

  • CloudformationLambdaExecutionRoleArn:

    Enter ARN of IAM Role for Cloudformation to create changesets and target stack. If you already created one or more CodePipeline that uses Cloudformation, this role should have been created already, so you can use the same role, 'cloudformation-lambda-execution-role'. If not, please create a role with the same name with Trust Relationships and Policy Document defined here.

  • CodePipelineServiceRoleArn:

    Enter ARN of IAM Role for CodePipeline to be executed. If you already created one or more CodePipeline, this role should have been created already, so you can use the same role, 'AWS-CodePipeline-Service'. If not, please create a role with the same name with Trust Relationships and Policy Document defined here.

  • CustomAuthorizerIAMRoleName:

    Enter the NAME (not ARN) of IAM Role that has the permission for API Gateway to invoke custom authorizer Lambda Function. (See here for Trust Relationships and Policy Document).

  • CustomAuthorizerLambdaName:

    Enter the NAME (not ARN) of custom authorizer Lambda Function. (See here for the Lambda Function Project for Custom Authorizer using SSO Server).

  • EncryptionLambdaName:

  • GitHubPersonalAccessToken:

    Access Token for CodeBuild to access to the this Github repository. (See here to find how to generate the access token).

  • GitHubSourceRepositoryBranch: master

  • GitHubSourceRepositoryName: aws-services-federation

  • GitHubSourceRepositoryOwner: SungardAS

  • ParameterOverrides:

  • ProjectImage: aws/codebuild/nodejs:8.11.0

How To Test Lambda Function

After populating the const variables in test.js, run below command

$ node tests/test.js

Sungard Availability Services | Labs

This project is maintained by the Labs group at Sungard Availability Services

GitHub: https://sungardas.github.io

Blog: http://blog.sungardas.com/CTOLabs/