• Validates JWT tokens.
• Generates STS credentials and an IAM policy for tenants.
• Returns the policy and credentials to API Gateway.

• User role management with distinct permissions for System Admins, Tenant Admins, and Users.
• Dynamic IAM policy generation based on user roles and tenant IDs.
• Integration with AWS services like DynamoDB and STS for access control and session management.
• Customizable for different regions and service identifiers.

Saas Identity and Isolation Patterns

The serverless.yml file defines the AWS services and resources required for the shared-service-authorizer service. Key components of this file are:

• Authorizer: A Lambda function written in Go that serves as the authorizer for the API Gateway. It validates incoming requests based on the provided JWT tokens.

• CreateHelloItem: Another Lambda function in Go. This function is triggered via an HTTP POST request to /v1/hello and is responsible for creating items in a DynamoDB table.

• ApiGatewayRestApi: Defines the API Gateway REST API for the shared services.

• ApiGatewayAuthorizer: Configures a custom authorizer for the API Gateway. It specifies the authorizer URI, identity source, and TTL settings.

• LambdaApiGatewayInvoke: Grants the API Gateway permission to invoke the Authorizer function.

• AuthorizerLambdaRole and CreateHelloItemLambdaRole: IAM roles for the respective Lambda functions, granting them necessary permissions like interacting with DynamoDB, logging, and assuming other roles.

• SharedServices DynamoDB Table: Defines the DynamoDB table used by the application. It follows a Single Table Design with specified attribute definitions, key schema, and global secondary indexes.

• serverless-go-plugin: Facilitates the building of Go-based Lambda functions.

• serverless-plugin-datadog: Integrates Datadog monitoring with the Serverless setup.

• Configuration for Datadog integration, including API key setup.

• References to resources like the DynamoDB table ARN and IAM roles, which can be used elsewhere in the serverless setup.

This configuration file is essential for deploying and managing your Lambda functions and related AWS resources using the Serverless Framework.

• Ensure you have Go installed on your machine.
• Set up and configure your AWS credentials for Pulumi deployments.

The application and its infrastructure are managed and deployed using Serverless Framework.

• Make sure you have the Serverless CLI installed. If not, install it using:

  npm install -g serverless

1. Deploy the service using the following command:

   sls deploy --stage dev

2. Deployment: The Serverless Framework is used to deploy the application to the specified stage.

   - name: Deploy Service
     run: sls deploy --stage dev

3. Test: The Serverless Framework is used to invoke the Lambda function and pass in a test event.

   - name: Test Service
     run: sls invoke --stage dev --function authoriser --path test/event.json

4. Cleanup: The Serverless Framework is used to remove the application from AWS.

   - name: Remove Service
     run: sls remove --stage dev

Contributions, issues and feature requests are welcome!

This project is MIT licensed.