Uses HTTP Basic Authentication against two dynamodb tables to authorize API Gateway users.
The first table is the "users" table. This table contains the Username, a SHA256 hashed Password, and a GroupId.
If the user is found in the "users" table and the hash of the password matches, then the group IS is looked up in the "groups" table.
The "groups" table contains the GroupId and a Policy JSON document representing the IAM policy document for that user. It is this document that is returned to API Gateway for further processing.
This function supports the following environment variables:
- USERS_TABLE_NAME - The DynamoDB table that contains the user data, as listed above.
- GROUPS_TABLE_NAME - The DynamoDB table that contains the groups data, as listed above.
Easy implementation of this function via Terraform may be found in the following module:
https://github.com/QuiNovas/terraform-modules/tree/master/aws/basic-authentication-authenticator