Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- def lambda_handler(event, context):
- principalId = 'me'
- tmp = event['methodArn'].split(':')
- apiGatewayArnTmp = tmp[5].split('/')
- awsAccountId = tmp[4]
- headers = event['headers']
- queryStringParameters = event['queryStringParameters']
- pathParameters = event['pathParameters']
- stageVariables = event['stageVariables']
- region = tmp[3];
- restApiId = apiGatewayArnTmp[0]
- stage = apiGatewayArnTmp[1]
- method = apiGatewayArnTmp[2]
- resource = '/' # root resource
- if apiGatewayArnTmp[3]:
- resource += apiGatewayArnTmp[3]
- authResponse = {}
- if (headers['HeaderAuth1'] == "1" and queryStringParameters['QueryString1'] == "2" and stageVariables['StageVar1'] == "3"):
- return generateAllow(principalId, event['methodArn'])
- else:
- raise Exception("Unauthorized")
- def generatePolicy(principalId, effect, resource):
- authResponse = {}
- authResponse['principalId'] = principalId
- if (effect and resource):
- policyDocument = {}
- policyDocument['Version'] = '2012-10-17'
- policyDocument['Statement'] = []
- statementOne = {}
- statementOne['Action'] = 'execute-api:Invoke';
- statementOne['Effect'] = effect
- statementOne['Resource'] = resource
- policyDocument['Statement'].append(statementOne)
- authResponse['policyDocument'] = policyDocument
- context = {
- 'key': 'value', # $context.authorizer.key -> value
- 'number': 1,
- 'bool': True
- }
- authResponse['context'] = context
- return authResponse
- def generateAllow(principalId, resource):
- return generatePolicy(principalId, 'Allow', resource)
- def generateDeny(principalId, resource):
- return generatePolicy(principalId, 'Deny', resource)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
