Skip to content

EpiJunkie/mitm-demo-aws-api-gw-lambda-terraform

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.envrc.default
 
 
.gitattributes
 
 
.gitignore
 
 
LICENSE
 
 
README.md
 
 
api-gw-dns.tf
 
 
api-gw-lambda.tf
 
 
api-gw.tf
 
 
iam-role.tf
 
 
lambda-function.py
 
 
output.tf
 
 
prebuild.sh
 
 
provider.tf
 
 
variables.tf.default
 
 
mitm-demo-aws-api-gw-lambda-terraform Prerequisites Local Other Setup Deploy Delete Example

README.md

mitm-demo-aws-api-gw-lambda-terraform

This is a 'hello world'-like demonstration to manipulate (API) requests/responses utilizing AWS API Gateway with Lambda running Python 3.6 and deployed via Terraform.

Prerequisites

Local

Other

  • AWS account

  • Route 53 registered and configured domain

  • X.509 certificates for the domain. Let's Encrypt is recommended.

Setup

First there needs to be X.509 certificates placed in this project's directory. There is a provided script (prebuild.sh) that copies Let's Encrypt certificates from the default ~/.acme.sh/ location to the default filename locations after modifying the "domain" variable within the script.

Then a zip file needs to be created with the Lambda function code. This can be done on OSX by running zip lambda.zip lambda-function.py.

Then move .envrc.default to .envrc and edit the .envrc file to include the AWS credentials.

Then move variables.tf.default to variables.tf and edit the variables.tf file to fit your environment. At a minimum route53_zoneid and route53_domain need to be changed. If your certificate names are different from example.key/example.crt/ca.crt, they need to be changed here.

At this point, running terraform init will download the AWS provider package and otherwise initialize terraform locally.

Deploy

terraform apply and type 'yes' when prompted if you are sure you want to continue.

After about 120 seconds the infrastructure will be setup and you will be able to make API calls against the invoke URL. The CloudFront endpoints can take up to 40 minutes to setup. As an alternative to the CloudFront A records, you can (temporarily) setup a CNAME to hit the invoke URL domain while CloudFront sets up. An example is provided in api-gw-dns.tf, comment out the A record portion and uncomment the CNAME record portion and run terraform apply again.

Delete

terraform destroy and type 'yes' when prompted if you are sure you want to continue. About 60 seconds later, everything has been deleted except for any logs that may have been generated in CloudWatch.

Example

See my blog post here.

About

'Hello World' for using AWS API gateway + Lambda as a MITM, deployed via Terraform.

Resources

Readme

License

BSD-2-Clause license

Stars

5 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages