feat(python): add amazon-verified-permissions-rest-api example #1215
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
satyatulasijalandharch
force-pushed
the
amazon-verified-permissions-rest-api
branch
from
b6314f0 to
e05d52d
Compare
satyatulasijalandharch
changed the title
satyatulasijalandharch
force-pushed
the
amazon-verified-permissions-rest-api
branch
from
e05d52d to
be031b2
Compare
satyatulasijalandharch
force-pushed
the
amazon-verified-permissions-rest-api
branch
from
be031b2 to
c76b806
Compare
satyatulasijalandharch
force-pushed
the
amazon-verified-permissions-rest-api
branch
from
c76b806 to
092526e
Compare
There was a problem hiding this comment.
Pull request overview
This pull request adds a comprehensive example demonstrating how to create a REST API Gateway secured with Amazon Verified Permissions (AVP) and Amazon Cognito for fine-grained authorization using Cedar policies.
Key changes:
- Implements a complete CDK Python stack with nested stacks for Cognito, Verified Permissions, and API Gateway
- Provides a Node.js Lambda authorizer that integrates with AVP's
isAuthorizedWithTokenAPI - Includes demo Python Lambda handlers for protected endpoints
- Adds comprehensive documentation covering architecture, deployment, and operations
Reviewed changes
Copilot reviewed 23 out of 26 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
app.py |
CDK application entry point |
stack/main.py |
Root stack orchestrating nested stacks |
stack/verified_permissions/ |
Cedar schema and policy definitions |
stack/cognito/main.py |
Cognito user pool with admin/user groups |
stack/apigw/ |
REST API configuration with custom authorizer |
stack/lambdas/authorizer/main.js |
Node.js authorizer calling AVP |
stack/lambdas/{user,admin}/main.py |
Demo business logic handlers |
docs/ |
Architecture diagrams and implementation guides |
README.md |
Quick start and project overview |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
python/amazon-verified-permissions-rest-api/stack/lambdas/authorizer/main.js
Show resolved
Hide resolved
python/amazon-verified-permissions-rest-api/stack/verified_permissions/policy/admin.py
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Creating a REST API Gateway with Amazon Verified Permissions for fine-grained authorization
This example deploys a REST API secured by Amazon Verified Permissions (AVP) and Amazon Cognito. The stack demonstrates how to combine a Cedar policy store with an API Gateway Request Authorizer so that only members of the appropriate Cognito group can invoke protected routes.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.