Experimental AWS ApiGateway Authorizer Go Lambda with embedded Open Policy Agent
Experiment embedding Open Policy Agent (https://www.openpolicyagent.org/) within a GoLang Api Gateway Authorizer Lambda function, deployed via Serverless framework. See this for info on AWS Api Gateway Authorizer Lambdas: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
chmod 755 *.sh
./slsDeploy.sh
This will compile the go files, and then deploy 3 Lambdas and associated API gateway.
Tail logs as below in one shell, and then use some of the following:
curl -H Authorization:allow https://[apiId].execute-api.ap-southeast-2.amazonaws.com/dev/gold?role=gold
curl -H Authorization:allow https://[apiId].execute-api.ap-southeast-2.amazonaws.com/dev/silver?role=gold
curl -H Authorization:allow https://[apiId].execute-api.ap-southeast-2.amazonaws.com/dev/gold?role=silver
The OPA policy in summary is:
./slsLogs opacheck