Serverless lambda function for a Golang, user authentication, REST API service deployed to AWS Lambda based on IaC (Infrastructure as Code) using CDK and CloudFormation.
This is an overview of the minimal setup needed to get started.
- Git
- Latest version of Docker Desktop
- IDE/Code editor or service with Dev Container support (VS Code, GitHub Codespaces, IntelliJ IDEA, etc)
ℹ I'd recommend Microsoft's documentation to set up Docker on WSL2 if you're on Windows.
If you already have VS Code and Docker installed, you can click the badge above or here to get started. Clicking these links will cause VS Code to automatically install the Dev Containers extension if needed, clone the source code into a container volume, and spin up a dev container for use.
Brief guide to set up and authenticate AWS SDK tools required for this project.
The AWS-specific, Dev Container features install the AWS toolkit extension for Vs Code. This provides a secure and easy way to authenticate the CLI and CDK tools to connect to AWS using Single-Sign-On (SSO) from inside your Dev Container. This section references guides to help you set up an AWS user account, IAM Identity Center administrative user (recommended), IAM Identity Center developer user, and the required configuration to authenticate the local SDK dev tools.
An AWS account if you don't already have one.
Before we can use our SDKs/tools, we need to configure programmatic access to AWS service APIs from our local environment. Since we are working in an isolated environment (devcontainer) we can leverage shared config and credential files associated with an unnamed profile, [default], which applies to all AWS project tools.
- Configure IAM Identity Center permissions for SDKs/tools
ℹ Ideally, you want to follow up by creating a new, non-administrative user (ie.
user-local-devcontainer-golambda) in IAM Identity Center and provision this user access and permissions scoped to the AWS resources required for this project.
- Configure temporary credentials that automatically refresh
Before we can connect to AWS with the AWS Toolkit, we need to provide minimal configuration to ensure that the AWS CLI and any other SDK/tool is authenticated and assigned automatically refreshing temporary credentials during the SSO process. This can be done interactively using the AWS CLI or manually using aconfigfile (see sample file./config.sample).
ℹ If the required files do not already exist and an attempt is made to connect to AWS, then a basic file is automatically created by the SDK or tool in a folder named
.awsplaced in yourhome/userdirectory.
ℹ Note: You need to sign in to your AWS access portal for your non-administrative user to retrieve values required as input during configuration, specifically for the sso-session section. Follow this guide for more details.
- [Interactive] Configure your profile with the AWS CLI.
# confirm the aws-cli installation.
➜ aws --version
# start the interactive wizard to generate a config file.
➜ aws configure sso- Connect to AWS with the AWS Toolkit Vs Code extension.
- Verify your
configfile from the above step, [4].
➜ cat ~/.aws/config- Sign in using the Vs Code command pallete.
To log in, launch the command paletteShift+Command+P (Ctrl+Shift+P Windows)then run theAWS: Add a New Connectioncommand or from the AWS Explorer menu and choose the profile you configured. Your default browser will launch and bring you to the AWS access portal you assigned in thesso_start_urlproperty.
ℹ If you previously signed in, for example, using the AWS CLI directly -
aws sso login --profile default, you still need to add a new connection for Vs Code, after authentication you can select the profiledefaultif it reads "Expired or invalid, select to authenticate" to authenticate your SDK tools under that existing session.