readytheory · June 7, 2020 17:21
diff --git a/lambda2.py b/lambda2.py
 """ Step 2 -- grant permission
 Date: June 7, 2020, python 3.8 AWS lambda function

 First, we have store the bearer token in an string.  demo setParameter function below does that.  You can run it on your laptop, getting and setting key
 is for a separate gist.

 Before we can call it from lambda, have to Attach a policy to the lambda's role.
 In Lambda GUI, you go to "Permissions" tab; add inline policy; choose a service.

 For parameters you want "Systems Manager".  grant read access to GetParameters.  You should also limit it to a specific parameter.

 You will wind up with an inline permission like below (probably "GetParameters" is all you need

 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ssm:GetParameters",
            "Resource": "arn:aws:ssm:us-east-1:91xxxxxxx:parameter/precise/traffic/here_api_bearer"
        }
    ]
 }

 Finally, here is the lambda function:

 """

 import boto3
 import urllib.request as UR
 import json

 def getParameter(param_name):
    ssm = boto3.client('ssm', region_name='us-east-1')

    response = ssm.get_parameters(
        Names=[
            param_name,
        ],
        WithDecryption=True
    )

    return response['Parameters'][0]['Value']


 def lambda_handler(event, context):

    bearer_token = getParameter("/precise/traffic/here_api_bearer")
    url = "https://traffic.ls.hereapi.com/traffic/6.2/flow.xml?bbox=38.93036,-77.17164;38.93154,-77.16965"

    headers = {'Authorization': 'Bearer ' + bearer_token}
    req = UR.Request(url=url, data=None, headers=headers)


    flow_result = UR.urlopen(req)

    if flow_result.status != 200:
        raise RuntimeError("Status code for headers != 200")


    return {
        'statusCode': 200,
        'body': json.dumps(flow_result.read().decode(encoding='UTF-8'))
    }
 #---------End of AWS Lambda -----------------

 #---------------
 # Function below is to set the parameter.
 # You don't needitin the lambda funcion
 #


 def set_parameter():
 # thisdoesn't relly need to be a function for this gist, just gt teh value encrypted in amazon somehow.  

 def setParameter()
    auth_info = {"access_token":"nd[...some 800 chars....]Xe_qbJoJydw","token_type":"bearer","expires_in":86399}
    
    ssm = boto3.client('ssm', region_name='us-east-1')

    response = ssm.put_parameter(
        Name='/precise/traffic/here_api_bearer',
        Value=auth_info["access_token"],
        Description='Bearer token for here_api',
        Type='SecureString'
    )

    return response
	""" Step 2 -- grant permission
	Date: June 7, 2020, python 3.8 AWS lambda function

	First, we have store the bearer token in an string. demo setParameter function below does that. You can run it on your laptop, getting and setting key
	is for a separate gist.

	Before we can call it from lambda, have to Attach a policy to the lambda's role.
	In Lambda GUI, you go to "Permissions" tab; add inline policy; choose a service.

	For parameters you want "Systems Manager". grant read access to GetParameters. You should also limit it to a specific parameter.

	You will wind up with an inline permission like below (probably "GetParameters" is all you need

	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "VisualEditor0",
	"Effect": "Allow",
	"Action": "ssm:GetParameters",
	"Resource": "arn:aws:ssm:us-east-1:91xxxxxxx:parameter/precise/traffic/here_api_bearer"
	}
	]
	}

	Finally, here is the lambda function:

	"""

	import boto3
	import urllib.request as UR
	import json

	def getParameter(param_name):
	ssm = boto3.client('ssm', region_name='us-east-1')

	response = ssm.get_parameters(
	Names=[
	param_name,
	],
	WithDecryption=True
	)

	return response['Parameters'][0]['Value']


	def lambda_handler(event, context):

	bearer_token = getParameter("/precise/traffic/here_api_bearer")
	url = "https://traffic.ls.hereapi.com/traffic/6.2/flow.xml?bbox=38.93036,-77.17164;38.93154,-77.16965"

	headers = {'Authorization': 'Bearer ' + bearer_token}
	req = UR.Request(url=url, data=None, headers=headers)


	flow_result = UR.urlopen(req)

	if flow_result.status != 200:
	raise RuntimeError("Status code for headers != 200")


	return {
	'statusCode': 200,
	'body': json.dumps(flow_result.read().decode(encoding='UTF-8'))
	}
	#---------End of AWS Lambda -----------------

	#---------------
	# Function below is to set the parameter.
	# You don't needitin the lambda funcion
	#


	def set_parameter():
	# thisdoesn't relly need to be a function for this gist, just gt teh value encrypted in amazon somehow.

	def setParameter()
	auth_info = {"access_token":"nd[...some 800 chars....]Xe_qbJoJydw","token_type":"bearer","expires_in":86399}

	ssm = boto3.client('ssm', region_name='us-east-1')

	response = ssm.put_parameter(
	Name='/precise/traffic/here_api_bearer',
	Value=auth_info["access_token"],
	Description='Bearer token for here_api',
	Type='SecureString'
	)

	return response