来自AWS lambda的Google OAuth
[英]Google OAuth from AWS lambda
问题描述
How do I securely authenticate with google service account from an AWS lambda function? 
如何通过AWS lambda函数安全地使用Google服务帐户进行身份验证? I want to call some google api from AWS lambda. 我想从AWS lambda调用一些google api。
2 个解决方案
解决方案1
1 已采纳 2017-12-21 18:37:34
You can store the credentials encrypted in Lambda environment variables too. 您也可以存储在Lambda环境变量中加密的凭据。 You can either programmatically store or configure it in the aws console. 您可以在aws控制台中以编程方式存储或配置它。
More details: 更多细节:
http://docs.aws.amazon.com/lambda/latest/dg/env_variables.html http://docs.aws.amazon.com/lambda/latest/dg/env_variables.html
CLI: CLI:
aws lambda create-function \
--region us-east-1
--function-name myTestFunction
--zip-file fileb://path/package.zip
--role role-arn
--environment Variables="{LD_LIBRARY_PATH=/usr/bin/test/lib64}"
--handler index.handler
--runtime nodejs6.10
--profile default
Nodejs: 的NodeJS:
http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Lambda.html http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Lambda.html
check on 检查
Variables: {
in the below code. 在下面的代码中。
To Encrypt, check on KMSKeyArn and provide your KMS Arn Value. 要加密,请检查KMSKeyArn并提供您的KMS Arn值。
var params = {
FunctionName: 'STRING_VALUE', /* required */
DeadLetterConfig: {
TargetArn: 'STRING_VALUE'
},
Description: 'STRING_VALUE',
Environment: {
Variables: {
'<EnvironmentVariableName>': 'STRING_VALUE',
/* '<EnvironmentVariableName>': ... */
}
},
Handler: 'STRING_VALUE',
KMSKeyArn: 'STRING_VALUE',
MemorySize: 0,
Role: 'STRING_VALUE',
Runtime: nodejs | nodejs4.3 | nodejs6.10 | java8 | python2.7 | python3.6 | dotnetcore1.0 | nodejs4.3-edge,
Timeout: 0,
TracingConfig: {
Mode: Active | PassThrough
},
VpcConfig: {
SecurityGroupIds: [
'STRING_VALUE',
/* more items */
],
SubnetIds: [
'STRING_VALUE',
/* more items */
]
}
};
lambda.updateFunctionConfiguration(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
Hope it helps. 希望能帮助到你。
解决方案2
0 2018-03-19 15:30:00
You can store the credentials in a JSON file, and add the file to your Deployment Package, you will be able to import your credentials similar to reading file from your local directory. 您可以将凭据存储在JSON文件中,并将该文件添加到部署包中,您将能够导入类似于从本地目录中读取文件的凭据。
ex: CLIENT_SECRETS_FILE = "client_secrets_web.json" SCOPES = ["https://www.googleapis.com/auth/yt-analytics-monetary.readonly"] flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file( CLIENT_SECRETS_FILE, scopes=SCOPES) 例如: CLIENT_SECRETS_FILE = "client_secrets_web.json" SCOPES = ["https://www.googleapis.com/auth/yt-analytics-monetary.readonly"] flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file( CLIENT_SECRETS_FILE, scopes=SCOPES)
Your Deployment Package (.zip) should contain your lambda function code, any-other dependencies and your JSON file 您的部署包(.zip)应包含您的lambda函数代码,任何其他依赖项和您的JSON文件
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.