JoinColony · rdig · Nov 5, 2024 · Nov 5, 2024
@@ -3,5 +3,8 @@
   "DynamoDBBillingMode": "PAY_PER_REQUEST",
   "DynamoDBEnableServerSideEncryption": false,
   "DynamoDBEnablePointInTimeRecovery": "true",
-  "CreateApiKey": 0
-}
+  "CreateApiKey": 0,
+  "AppSyncAuthorizerFunctionArn": {
+    "Ref": "functionauthorizerArn"
+  }
+}
@@ -0,0 +1,10 @@
+type PrivateProfile @model @aws_lambda {
+  """
+  Unique identifier for the user's profile
+  """
+  id: ID!
+  email: AWSEmail
+  preferredCurrency: SupportedCurrencies
+  isAutoOfframpEnabled: Boolean
+  hasCompletedKYCFlow: Boolean
+}
@@ -25,6 +25,11 @@
     }
   },
   "function": {
+    "authorizer": {
+      "build": true,
+      "providerPlugin": "awscloudformation",
+      "service": "Lambda"
+    },
     "bridgeXYZMutation": {
       "build": true,
       "dependsOn": [],

@@ -0,0 +1,224 @@
+{
+    "AWSTemplateFormatVersion": "2010-09-09",
+    "Description": "Lambda Function resource stack creation using Amplify CLI",
+    "Parameters": {
+      "CloudWatchRule": {
+        "Type": "String",
+        "Default": "NONE",
+        "Description": " Schedule Expression"
+      },
+      "deploymentBucketName": {
+        "Type": "String"
+      },
+      "env": {
+        "Type": "String"
+      },
+      "s3Key": {
+        "Type": "String"
+      },
+      "functioncolonycdappSSMAccessArn": {
+        "Type": "String",
+        "Default": "functioncolonycdappSSMAccessArn"
+      }
+    },
+    "Conditions": {
+      "ShouldNotCreateEnvResources": {
+        "Fn::Equals": [
+          {
+            "Ref": "env"
+          },
+          "NONE"
+        ]
+      }
+    },
+    "Resources": {
+      "LambdaFunction": {
+        "Type": "AWS::Lambda::Function",
+        "Metadata": {
+          "aws:asset:path": "./src",
+          "aws:asset:property": "Code"
+        },
+        "Properties": {
+          "Code": {
+            "S3Bucket": {
+              "Ref": "deploymentBucketName"
+            },
+            "S3Key": {
+              "Ref": "s3Key"
+            }
+          },
+          "Handler": "index.handler",
+          "FunctionName": {
+            "Fn::If": [
+              "ShouldNotCreateEnvResources",
+              "authorizer",
+              {
+                "Fn::Join": [
+                  "",
+                  [
+                    "authorizer",
+                    "-",
+                    {
+                      "Ref": "env"
+                    }
+                  ]
+                ]
+              }
+            ]
+          },
+          "Environment": {
+            "Variables": {
+              "ENV": {
+                "Ref": "env"
+              },
+              "REGION": {
+                "Ref": "AWS::Region"
+              }
+            }
+          },
+          "Role": {
+            "Fn::GetAtt": [
+              "LambdaExecutionRole",
+              "Arn"
+            ]
+          },
+          "Runtime": "nodejs20.x",
+          "Layers": [
+            {
+              "Ref": "functioncolonycdappSSMAccessArn"
+            },
+            "arn:aws:lambda:eu-west-2:133256977650:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4"
+          ],
+          "Timeout": 300,
+          "MemorySize": 256
+        }
+      },
+      "LambdaExecutionRole": {
+        "Type": "AWS::IAM::Role",
+        "Properties": {
+          "RoleName": {
+            "Fn::If": [
+              "ShouldNotCreateEnvResources",
+              "colonycdappLambdaRolebf2733c7",
+              {
+                "Fn::Join": [
+                  "",
+                  [
+                    "colonycdappLambdaRolebf2733c7",
+                    "-",
+                    {
+                      "Ref": "env"
+                    }
+                  ]
+                ]
+              }
+            ]
+          },
+          "AssumeRolePolicyDocument": {
+            "Version": "2012-10-17",
+            "Statement": [
+              {
+                "Effect": "Allow",
+                "Principal": {
+                  "Service": [
+                    "lambda.amazonaws.com"
+                  ]
+                },
+                "Action": [
+                  "sts:AssumeRole"
+                ]
+              }
+            ]
+          }
+        }
+      },
+      "lambdaexecutionpolicy": {
+        "DependsOn": [
+          "LambdaExecutionRole"
+        ],
+        "Type": "AWS::IAM::Policy",
+        "Properties": {
+          "PolicyName": "lambda-execution-policy",
+          "Roles": [
+            {
+              "Ref": "LambdaExecutionRole"
+            }
+          ],
+          "PolicyDocument": {
+            "Version": "2012-10-17",
+            "Statement": [
+              {
+                "Effect": "Allow",
+                "Action": [
+                  "logs:CreateLogGroup",
+                  "logs:CreateLogStream",
+                  "logs:PutLogEvents"
+                ],
+                "Resource": {
+                  "Fn::Sub": [
+                    "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
+                    {
+                      "region": {
+                        "Ref": "AWS::Region"
+                      },
+                      "account": {
+                        "Ref": "AWS::AccountId"
+                      },
+                      "lambda": {
+                        "Ref": "LambdaFunction"
+                      }
+                    }
+                  ]
+                }
+              },
+              {
+                "Effect": "Allow",
+                "Action": [
+                  "ssm:GetParameter",
+                  "kms:Decrypt"
+                ],
+                "Resource": {
+                  "Fn::Sub": [
+                    "arn:aws:ssm:${region}:${account}:parameter/*",
+                    {
+                      "region": {
+                        "Ref": "AWS::Region"
+                      },
+                      "account": {
+                        "Ref": "AWS::AccountId"
+                      }
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      }
+    },
+    "Outputs": {
+      "Name": {
+        "Value": {
+          "Ref": "LambdaFunction"
+        }
+      },
+      "Arn": {
+        "Value": {
+          "Fn::GetAtt": [
+            "LambdaFunction",
+            "Arn"
+          ]
+        }
+      },
+      "Region": {
+        "Value": {
+          "Ref": "AWS::Region"
+        }
+      },
+      "LambdaExecutionRole": {
+        "Value": {
+          "Ref": "LambdaExecutionRole"
+        }
+      }
+    }
+  }
@@ -0,0 +1,6 @@
+[
+  {
+    "Action": [],
+    "Resource": []
+  }
+]
@@ -0,0 +1,15 @@
+{
+  "lambdaLayers": [
+    {
+      "type": "ProjectLayer",
+      "resourceName": "colonycdappSSMAccess",
+      "env": "qa",
+      "version": "Always choose latest version",
+      "isLatestVersionSelected": true
+    },
+    {
+      "type": "ExternalLayer",
+      "arn": "arn:aws:lambda:eu-west-2:133256977650:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4"
+    }
+  ]
+}
@@ -0,0 +1,32 @@
+/**
+ */
+exports.handler = async (event) => {
+  console.log('Authorizer Lambda called:', JSON.stringify(event, null, 2));
+
+  try {
+    const authorizationHeader = event.request.headers.authorization || '';
+
+    console.log('Authorization header:', authorizationHeader);
+
+    // if (!authorizationHeader) {
+    //   throw new Error('Missing header');
+    // }
+
+    // /**
+    //  * @TODO Add actual SIWE logic in here
+    //  */
+
+    return {
+      isAuthorized: true,
+      deniedFields: [],
+      resolverContext: {
+        context: true,
+      },
+    };
+  } catch (error) {
+    console.error(error);
+    return {
+      isAuthorized: false,
+    };
+  }
+};