AWS API Gateway and Client

[stefanhk31]

Thinking APIM/Lambda that Flutter accesses thru client, then talks to secrets manager/Cloud front to handle API key and req routing to Butter.

Need to set up IAM role in AWS to allow access to secrets manager.

https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints

[stefanhk31]

Butter API key (stored in secrets) should be a dependency of Butter CMS Client (but AWS secrets client should NOT be dependency of butter).

...or should API key not be necessary at all, because it is handled in API management???

[stefanhk31]

Start this by setting up API gateway in AWS, finish with AWS client package in app.

[stefanhk31]

Some resources:

Calling AWS from Dart:

https://docs.amplify.aws/flutter/start/project-setup/escape-hatch/

Will need to configure AWS creds in either env (not ideal) or in a config file. Config file will need to be accessible via GitHub actions:

https://github.com/marketplace/actions/configure-aws-credentials-action-for-github-actions

First step to this is probably to figure out IAM creds for the app.

[stefanhk31]

**Can I use anonymous auth (via Cognito) to grant access to hit a lambda that has access to ASM?

[stefanhk31]

• API gateway endpoint integrated with lambda fn
• lambda fn has permission to read ASM (can we do just read instead of read write?)
• lambda fn needs code to get butter key
• API gateway endpoint needs to be accessible by Cognito id pool

[stefanhk31]

AWS client should get secret and asynchronously initialize butter client in Middleware provider.

Potentially can avoid Cognito pool w DF as only allowed AWS clue

[stefanhk31]

Can I access env vars on dart frog in app center? Might not be feasible but something to consider.

IF deployed DF container can see env vars that I set via app center, we may not need an API gateway at all....

See https://dartfrog.vgv.dev/docs/basics/environments

[stefanhk31]

As of most recent testing, env vars are accessible via app runner.