Deploying Authorizer with AWS

Published: at 03:22 PM

Hello people, on 3rd November 2022 I had amazing opportunity to speak at AWS community (Vadodara) event happening in my city. In presented on using Authorizer with DynamoDB and EKS.

Authorizer is database independent open source auth solution. It supports 12+ databases including all the major SQL, NoSQL and Graph databases.

So, as a part of demo I created a Task Manager (TODO) application, which will allow authenticated user to

The tech stack we will be using is:

Here is a small architecture diagram demonstrating how the overall application will look like

https://res.cloudinary.com/dcfpom7fo/image/upload/v1668775963/Authorizer/authorizer-dynamo-eks_mq9p8g.png

Code Repository

Github Repository: This repository contains code for TODO API, Frontend Application, EKS Cluster Creation, Ingress / Domain Setup

Let’s Get Started

Prerequisite

Step 1: Clone the Repository

git clone <https://github.com/lakhansamani/authorizer-aws-demo.git>

cd authorizer-aws-demo

Step 2: Create EKS Cluster

Note: You can update machine configuration in eks.yaml file.

eksctl create cluster -f eks.yaml

Step 3: Install Nginx Ingress

helm repo add ingress-nginx <https://kubernetes.github.io/ingress-nginx>

helm repo update

helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \\
 --namespace ingress-nginx \\
 --create-namespace \\
 --timeout 600s \\
 --debug \\
 --set controller.publishService.enabled=true

Step 4: Install Cert Manager

Cert manager is used to generate TLS certificate

helm repo add jetstack <https://charts.jetstack.io>

helm repo update

kubectl apply -f <https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.crds.yaml>

helm install \\
 cert-manager jetstack/cert-manager \\
 --namespace cert-manager \\
 --create-namespace \\
 --version v1.8.2

Step 5: Install Authorizer

Note: Please change authorizer.authorizer_url as per your domain and URL.

helm repo add authorizer <https://helm-charts.authorizer.dev>

helm repo update

helm install \\
 --set authorizer.database_type=dynamodb \\
 --set authorizer.aws_access_key_id=${AWS_ACCESS_KEY_ID} \\
 --set authorizer.aws_secret_access_key=${AWS_SECRET_ACCESS_KEY} \\
 --set authorizer.aws_region=us-east-1 \\
 --set authorizer.authorizer_url=https://auth.aws-demo.authorizer.dev \\
 --set redis.install=true \\
 --set redis.storage=5Gi \\
 --set redis.storageClassName=gp2 \\
 --set securityContext.readOnlyRootFilesystem=false \\
authorizer authorizer/authorizer

Step 6: Create Route53 Hosted Zone

Example: auth.aws-demo.authorizer.dev in below screenshot

https://res.cloudinary.com/dcfpom7fo/image/upload/v1668775970/Authorizer/aws-route-53_jzijgx.png

Step 7: Create Cluster Issuer with dns01 challenge

Note: Change email & hostzoneID as per step5 in cluster_issuer.yaml

Cert manager will add txt record and will verify the domain details using this issuer.

kubectl apply -f cluster_issuer.yaml

Step 8: Create Ingress for authorizer

Note: Change authorizer domain as per your auth domain in authorizer_ingress.yaml

kubectl apply -f authorizer_ingress.yaml

Open your authorizer dashboard, configure admin password and get client ID.

Step 9: Deploy API resources

Note: Change authorizer_client_id to based64 encoded value authorizer client_id value obtained in step 7 in api.yaml L:8. Also change domain name in ingress section.

kubectl apply -f api.yaml

Step 10: Deploy frontend

You can deploy frontend to provider of your choice OR on the same stack. For demo purpose I have deployed it on Netlify and connected subdomain there.

Thats all you need. Hope it makes your life easier to deploy authorizer + any other service on AWS

For more information check