You will need to ensure that the AWS Serverless Application Model (SAM) Command Line Interface (CLI) is installed.
python3 -m venv samcli-venv
source samcli-venv/bin/activate
pip3 install --upgrade pip
pip3 install aws-sam-cli
sam --version
Create a AWS KMS key administrator role. Be sure that the key policy that you create allows the current user to administer the CMK.
For example, create a role named 'KeyAdministratorRole' with the following IAM Policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"kms:Create*",
"kms:Describe*",
"kms:Enable*",
"kms:List*",
"kms:Put*",
"kms:Update*",
"kms:Revoke*",
"kms:Disable*",
"kms:Get*",
"kms:Delete*",
"kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion",
"kms:TagResource",
"kms:UntagResource"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
You can also run
key-admin.sh
You will need to create an AWS CodeCommit repository named 'django-webapp' in the primary region in order for the AWS CodePipeline to build the Docker image. You can clone this repo and push to CodeCommit in the region.
If you are familiar with editing the .git/config file, you can use these as examples and substitute the corresponding region for REGION-HERE. Install git-remote-codecommit
[remote "aws"]
url = codecommit::REGION-HERE://django-webapp
fetch = +refs/heads/*:refs/remotes/aws/*
Then execute
git push aws main
Deploy using the provided script.
Update the Bucket name for the deployed resources.
The script will build the Lambda source code and generate deployment artifacts that target Lambda's execution environment.
cd cloudformation/scripts
./secretsmanager-multipleuser.sh
After successfully deploying, you will need to run the Lambda to create the application user. This will create the scoped down database application user with the main database credentials. This application user is then used by the Django web app, so that the application doesn't obtain database administrator privileges.
This sample code is made available under the MIT-0 license. See the LICENSE file.