我编写了一个python lambda,它使用用户名和密码进行基本的HTTP身份验证。我在S3中创建了一个简单的静态网站,CloudFront查看器请求将调用python auth lambda,从Secrets Manager获取用户名密码以进行授权。我将我的解决方案部署到CloudFront,结果出现503错误。从我的研究来看,我似乎遇到了Python中的多线程限制。我试着使用async,但我遇到了输出作为协程返回的问题。我在NodeJS中看到过类似的例子,我想我会在Python中尝试一下。我正在做的事情是否可能或值得在Python中做,或者应该尝试在我不太熟悉的NodeJS中做同样的解决方案?请参阅下面的代码。谢谢
import requests
import boto3
import base64
from base64 import b64encode
from botocore.exceptions import ClientError
import json
import asyncio
def secrets_manager_client():
return boto3.client('secretsmanager')
async def get_secret(secret_name):
try:
get_secret_value_response = await secrets_manager_client().get_secret_value(SecretId=secret_name)
except ClientError as e:
if await e.response['Error']['Code'] == 'DecryptionFailureException':
raise e from e
elif await e.response['Error']['Code'] == 'InternalServiceErrorException':
raise e from e
elif await e.response['Error']['Code'] == 'InvalidParameterException':
raise e from e
elif await e.response['Error']['Code'] == 'InvalidRequestException':
raise e from e
elif await e.response['Error']['Code'] == 'ResourceNotFoundException':
raise e from e
else:
return get_secret_value_response['SecretString']
await processDataInWorker(v)
def lambda_handler(event, context):
request = event['Records'][0]['cf']['request']
headers = request['headers']
secret = json.loads(get_secret(secret_name="mysecret/location"))
base64credentials = base64.b64encode((secret['username'] + ":" + secret['password']).encode()).decode()
authstring = 'Basic ' + base64credentials
if headers['authorization'] == 'undefined' or headers['authorization'][0] != authstring:
return {
"body": "Unauthorized",
"headers": {
'www-authenticate': [{"key": "WWW-Authenticate", "value": "Basic"}]
},
"status": "401",
"statusDescription": "Unauthorized"
}
else:
return request
在Pyhon中还没有看到这方面的实现,但javascript中有过多的实现,例如这个要点。
您只需要添加带有异步函数的secretmanager检索+await,正如您提到的那样。