[英]Google OAuth from AWS lambda
How do I securely authenticate with google service account from an AWS lambda function? 如何通过AWS lambda函数安全地使用Google服务帐户进行身份验证? I want to call some google api from AWS lambda.
我想从AWS lambda调用一些google api。
You can store the credentials encrypted in Lambda environment variables too. 您也可以存储在Lambda环境变量中加密的凭据。 You can either programmatically store or configure it in the aws console.
您可以在aws控制台中以编程方式存储或配置它。
More details: 更多细节:
http://docs.aws.amazon.com/lambda/latest/dg/env_variables.html http://docs.aws.amazon.com/lambda/latest/dg/env_variables.html
CLI: CLI:
aws lambda create-function \
--region us-east-1
--function-name myTestFunction
--zip-file fileb://path/package.zip
--role role-arn
--environment Variables="{LD_LIBRARY_PATH=/usr/bin/test/lib64}"
--handler index.handler
--runtime nodejs6.10
--profile default
Nodejs: 的NodeJS:
http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Lambda.html http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Lambda.html
check on 检查
Variables: {
变量:{
in the below code. 在下面的代码中。
To Encrypt, check on KMSKeyArn and provide your KMS Arn Value. 要加密,请检查KMSKeyArn并提供您的KMS Arn值。
var params = {
FunctionName: 'STRING_VALUE', /* required */
DeadLetterConfig: {
TargetArn: 'STRING_VALUE'
},
Description: 'STRING_VALUE',
Environment: {
Variables: {
'<EnvironmentVariableName>': 'STRING_VALUE',
/* '<EnvironmentVariableName>': ... */
}
},
Handler: 'STRING_VALUE',
KMSKeyArn: 'STRING_VALUE',
MemorySize: 0,
Role: 'STRING_VALUE',
Runtime: nodejs | nodejs4.3 | nodejs6.10 | java8 | python2.7 | python3.6 | dotnetcore1.0 | nodejs4.3-edge,
Timeout: 0,
TracingConfig: {
Mode: Active | PassThrough
},
VpcConfig: {
SecurityGroupIds: [
'STRING_VALUE',
/* more items */
],
SubnetIds: [
'STRING_VALUE',
/* more items */
]
}
};
lambda.updateFunctionConfiguration(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
Hope it helps. 希望能帮助到你。
You can store the credentials in a JSON file, and add the file to your Deployment Package, you will be able to import your credentials similar to reading file from your local directory. 您可以将凭据存储在JSON文件中,并将该文件添加到部署包中,您将能够导入类似于从本地目录中读取文件的凭据。
ex: CLIENT_SECRETS_FILE = "client_secrets_web.json" SCOPES = ["https://www.googleapis.com/auth/yt-analytics-monetary.readonly"] flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file( CLIENT_SECRETS_FILE, scopes=SCOPES)
例如:
CLIENT_SECRETS_FILE = "client_secrets_web.json" SCOPES = ["https://www.googleapis.com/auth/yt-analytics-monetary.readonly"] flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file( CLIENT_SECRETS_FILE, scopes=SCOPES)
Your Deployment Package (.zip) should contain your lambda function code, any-other dependencies and your JSON file 您的部署包(.zip)应包含您的lambda函数代码,任何其他依赖项和您的JSON文件
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.