README
¶
ssm-sign-proxy
A proxy which signs requests using AWS System Manager Parameter Store.
Motivation
There is a lot of HTTP APIs in the world, and some APIs require API tokens. The aim of ssm-sign-proxy is to manage these API tokens intensively and centralizedly with AWS Systems Manager Parameter Store.
Usage
Deploy the AWS Serverless Application
Deploy the AWS Serverless Application from AWS Serverless Application Repository.
Add API tokens to AWS System Manager Parameter Store
Add API tokens to AWS System Manager Parameter Store. Here is an example for using GitHub REST API v3.
aws ssm put-parameter \
--name "/api.github.com/headers/Authorization" \
--value "token $YOUR_OAUTH_TOKEN_HERE" \
--type SecureString
For more detail of parameters, see Supported Signing Methods section.
Run the Proxy Server
Download from the binary from Releases, or run go get.
$ go get github.com/shogo82148/ssm-sign-proxy/cmd/ssm-sign-proxy
Start the proxy with the ssm-sign-proxy command.
$ ssm-sign-proxy -function-name=ssm-sign-proxy-Proxy-XXXXXXXXXXXXX -addr=localhost:8000
Now, you can access the APIs registered in the Parameter Store without any authorize tokens.
http_proxy=localhost:8000 curl api.github.com/user/repos
Supported Signing Methods
Generic HTTP Headers
Use the following parameter names.
/{hostname}/headers/{header-name}
Here is an example for GitHub API.
aws ssm put-parameter \
--name "/api.github.com/headers/Authorization" \
--value "token $YOUR_OAUTH_TOKEN_HERE" \
--type SecureString
Basic Authorization
Use the following parameter names.
/{hostname}/basic/username/{hostname}/basic/password
Here is an example for GitHub API.
aws ssm put-parameter \
--name "/api.github.com/basic/username" \
--value "$YOUR_USER_NAME" \
--type SecureString
aws ssm put-parameter \
--name "/api.github.com/basic/password" \
--value "$YOUR_PASSWORD" \
--type SecureString
Rewriting the Path of URL
Use the following parameter names.
/{hostname}/rewite/path
Here is an example for Slack Incoming Webhook.
aws ssm put-parameter \
--name "/hooks.slack.com/rewite/path" \
--value "/service/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX" \
--type SecureString
HTTP Queries
Use the following parameter names.
/{hostname}/queries/{name}
Here is an example for GitHub API.
aws ssm put-parameter \
--name "/api.github.com/queries/access_token" \
--value "$YOUR_OAUTH_TOKEN_HERE" \
--type SecureString
License
MIT License
Copyright (c) 2019 Ichinose Shogo
Related Works
- HTTP Proxy for Slack Incomming Webhook cubicdaiya/slackboard
- Local Proxy for IRC App::Ikachan
See Also
Documentation
¶
Index ¶
Constants ¶
const Version = "0.0.3"
Version is the version of ssm-sign-proxy.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type InstanceContext ¶
type InstanceContext struct {
InstanceID string `json:"instance_id"`
Hostname string `json:"hostname"`
}
InstanceContext contains the information to identify the ARN invoking the lambda
type Lambda ¶
type Lambda struct {
Config aws.Config
Prefix string
Client *http.Client
// contains filtered or unexported fields
}
Lambda is a lambda function.
type Parameter ¶
type Parameter struct {
// general http headers
Headers http.Header
// basic authorization
User string
Password string
// rewrite url
Path string
// general queries
Queries url.Values
}
Parameter is parameter for signing.
type Proxy ¶
type Proxy struct {
Config aws.Config
FunctionName string
ErrorHandler func(http.ResponseWriter, *http.Request, error)
// contains filtered or unexported fields
}
Proxy is a proxy which signs requests using AWS System Manager Parameter Store.
type Request ¶
type Request struct {
HTTPMethod string `json:"httpMethod"`
Path string `json:"path"`
QueryStringParameters map[string]string `json:"queryStringParameters,omitempty"`
MultiValueQueryStringParameters map[string][]string `json:"multiValueQueryStringParameters,omitempty"`
Headers map[string]string `json:"headers,omitempty"`
MultiValueHeaders map[string][]string `json:"multiValueHeaders,omitempty"`
RequestContext RequestContext `json:"requestContext"`
IsBase64Encoded bool `json:"isBase64Encoded"`
Body string `json:"body"`
}
Request contains data originating from the proxy.
func NewRequest ¶
NewRequest converts the request to AWS Lambda event.
type RequestContext ¶
type RequestContext struct {
Instance InstanceContext `json:"instance"`
}
RequestContext contains the information to identify the instance invoking the lambda
type Response ¶
type Response struct {
StatusCode int `json:"statusCode"`
StatusDescription string `json:"statusDescription"`
Headers map[string]string `json:"headers"`
MultiValueHeaders map[string][]string `json:"multiValueHeaders"`
Body string `json:"body"`
IsBase64Encoded bool `json:"isBase64Encoded"`
}
Response configures the response to be returned by the ALB Lambda target group for the request
func NewResponse ¶
NewResponse returns new Response.
Source Files
Directories